Last post Sep 28, 2015 04:17 AM by Weibo Zhang
Sep 26, 2015 06:32 PM|SynLabs|LINK
Let me begin by saying THANK YOU SO MUCH FOR READING MY THREAD! It means a ton that you are willing to take time out of your day to see if you can help me. I truly mean that. So again, thank you!
I have recently started a company and I want my products to be available to everyone on any device or platform, right? So I've been looking through the options, and currently the most appealing setup to me is using HTML5, with ASP.NET. However, I currently
have an extremely poor understanding of both ASP.NET and HTML5. So I am currently learning everything I can about it. I have a few weeks where my entire days will literally be consumed with nothing but learning those.
I chose ASP.NET because I've been coding in C/C++ for a GREAT number of years (I started about 15 years ago), and I've heard it isn't too difficult to make the leap to C# with ASP.NET (though not to be underestimated). PHP just doesn't really strike my fancy.
I haven't messed with the .NET library that much before (I've mainly been a native app developer -- and this is me finally making the move and recognizing .NET has a TON to offer).
I already have the ACTUAL processing/execution/etc for the software coded up in C++. This is because I was originally going to use RAD Studio and develop an app per device... Then I realized it would be a massive project and would consume far more time and
resources than me just making my products web apps. So they're pretty much completely finished (a few tiny tweaks, but that's about it), but in C++.
I want to actually keep them as C++, because I was involved in software protection for almost my entire time as a C/C++/Assembly programmer (that is why I originally got into it -- then my interests branched off and became far more wide). I KNOW I can lock
the native Dll’s down and ensure the apps won't be able to be stolen/hacked/leaked or whatever the case, unless they put forth a ridiculous amount of effort (which it seems someone is always willing to do such. Ugh. But I refuse to just lay down and make it
easy). I already have all of my software protection in order and what not.
So I have the Dll’s in C++ and I want to lock them down on the server, so they can execute the actual code and keep it safe -- far away from any sort of clients or individuals that would be happy to send it to their friends if they had the ability to do
as such.... Or an even bigger fear... Someone taking it, reversing it, and then coming out with a competitive product (as there are currently no other products in this market I am going into -- and for a good reason. ITS EXTREMELY INVOLVED AND COMPLEX). That
would seriously crush me as a person if my work was stolen and then others started profiting. I have ZERO issue giving to the community, but there are some things that just aren't for that! This is what I am doing to pay for my children I will have soon, and
for my future!
Since the actual functionality is handled in native C++ binaries, I am thinking the best way to go about this is have the ASP.NET end load up the C++ Dll’s. This way, the clients enter any information they need to into the HTML5 frontend, and then the proper
functions are called from the C++ Dll’s, which then process it, and then return whatever they need to return.
Do you all feel this is the best way to go about it? Or is this a bit ridiculous and not worth it? Do you think I should even bother with ASP.NET? I'm curious to hear of your opinions on this!
And just a note. It has occurred to me I could just take the code and make it C# .NET code and have it run that way, rather than loading the Dll’s. But I'm absolutely terrified of the thought of someone being able to access and steal it. If anyone managed
to get their hands on the code, I’m sure everyone knows .NET is a joke when it comes to any sort of software security (anti-cracking/piracy/etc)! Its decompiled in absolutely no time. Even the best software protection solutions for .NET are pretty weak (ESPECIALLY
compared to what is possible for native software protection).
Whereas with my software protection, I have a number of benefits. For one thing, it takes the original code and then scrambles it (aka metamorphism), and then utilizes "virtualization" (to turn the code into some BS new random language, with an interpreter
in the binary that is required to execute it -- that way if they attempted to disassemble it, it wouldn't show anything – they’d have to completely figure the random language it was changed to, and so on). The virtualization even takes the code and completely
replaces certain instructions with others (such as replacing math instructions with NAND -- that way even if someone was successful in breaking the software protection and reversing it, they'd never be able to get the actual original code).
Do you all think this is a good way to go about it? Or is my lack of webdev/server dev/etc making me out to sound like a complete and utter fool?
Sep 28, 2015 04:17 AM|Weibo Zhang|LINK
Welcome to the ASP.NET Forums.
Using the "virtualization" is a good method to protect your source code. Beside, you could also take a look at the following similar threads that are about how to protect the source code and provide some other methods that may be helpful to you. The second
article is about the .NET Native Preview that is a new feature of .net, you’d better have a look.
I hope it’s useful to you.