Is it really worth it? Every protection mechanism can be broken with sufficient determination. Consider your market, price of the product, amount of customers, etc.

是不是真的值得吗？只要有足够的决心，就可以打破每一种保护机制。考虑您的市场、产品价格、客户数量等。

If you want something more reliable then go down the path of hardware keys, but that's rather troublesome (for the user) and more expensive. Software solutions would be probably a waste of time and resources, and the only thing they would give you is the false sense of 'security'.

如果你想要更可靠的东西，那么就走硬件密钥的道路，但这相当麻烦（对用户来说）而且更贵。软件解决方案可能会浪费时间和资源，而且它们唯一会给您的是“安全”的错觉。

Few more ideas (none is perfect, as there is no perfect one).

更多的想法（没有一个是完美的，因为没有完美的）。

• AntiDuplicate
• Change the language, use the nice tricks that the authors of Skypeused
• License server

• 反重复
• 更改语言，用好的技巧，的作者Skype的使用
• 许可证服务器

And don't waste too much time on it, because the crackers have a lot of experience with the typical techniques and are few steps ahead of you. Unless you want to use a lot of resources, probably change the programming language (do it the Skype way).

并且不要在这上面浪费太多时间，因为饼干在典型技术方面拥有丰富的经验，并且比您领先几步。除非您想使用大量资源，否则可能会更改编程语言（使用 Skype 方式）。

If it's written in .NET and compiled to CIL, it can be reflected. If security is a concern and obfuscation is to be avoided, then I recommend writing your application using a non-managed language, which is, by nature, harder to reverse engineer.

如果是用.NET写的，编译成CIL，就可以体现出来。如果安全是一个问题并且要避免混淆，那么我建议使用非托管语言编写您的应用程序，这在本质上更难逆向工程。

You can't.

你不能。

There are steps you can take to make it a littlemore difficult, but ultimately any executable on the local machine is crackable. Eventually, that code has to be converted into native machine code and every application that is runnable is vulnerable.

还有你可以采取措施，使之成为一点比较困难，但最终还是在本地计算机上的任何可执行文件是攻破。最终，该代码必须转换为本地机器代码，并且每个可运行的应用程序都容易受到攻击。

What you want to do is just make it difficult enough to crack to make it not worth peoples' trouble.

你想要做的只是让它变得足够难以破解，让它不值得人们为之烦恼。

Some suggestions I have for you to help protect your application:

我有一些建议可以帮助保护您的应用程序：

• Obfuscateyour code. Dotfuscatorhas a free edition and comes with Visual Studio.
• Use public/private keyor asymmetric encryptionto generate your product licenses. This ensures that only youcan generate your license codes. Even if your application iscracked, you can be sure that they won't be releasing a key generator for your application, because it is impossible to reverse the key generating algorithm.
• Use a third-party packerto pack your .NET executable into an encrypted Win32 wrapper application. Themidais one of the better ones. This stops people from reflecting your application in .NET Reflectorand makes it a pain to unpack for reversing.
• Write your own custom packer. If the third-party packers are too expensive, consider writing your own. Sometimes custom packers can be very effective, because there aren't well published methods on how to unpack them. The tutorial How to write your own packergives a ton of good information on writing your own Win32 packer.

• 混淆你的代码。Dotfuscator有一个免费版本，并随 Visual Studio 一起提供。
• 使用公钥/私钥或非对称加密来生成您的产品许可证。这确保只有您可以生成您的许可证代码。即使您的应用程序被破解，您也可以确定他们不会为您的应用程序发布密钥生成器，因为无法逆转密钥生成算法。
• 使用第三方打包程序将 .NET 可执行文件打包到加密的 Win32 包装器应用程序中。Themida是最好的之一。这会阻止人们在.NET Reflector 中反射您的应用程序，并使解压进行逆向变得很痛苦。
• 编写您自己的自定义打包程序。如果第三方打包程序太贵，请考虑编写自己的打包程序。有时自定义打包程序可能非常有效，因为没有关于如何解包它们的良好发布方法。如何编写自己的打包程序教程提供了大量有关编写自己的 Win32 打包程序的好信息。

Ultimately though, if people want your application cracked they will. Look at all the commercial software out there that has a vast amount of resources to protect their applications and yet they are cracked before the applications are even released to the public.

但最终，如果人们希望您的应用程序被破解，他们会的。看看所有拥有大量资源来保护其应用程序的商业软件，但它们甚至在应用程序向公众发布之前就被破解了。

A skilled reverse engineer can fire up IDA-Proand slice through your application like butter no matter what you do. A packed application can be unpacked and obfuscation only prevents it from making it a walk in the park. All your hard work with your complex license code can be undone with a single byte patch.

无论您做什么，熟练的逆向工程师都可以启动IDA-Pro并像黄油一样切开您的应用程序。打包的应用程序可以解包，混淆只会阻止它在公园里散步。您对复杂许可证代码的所有辛勤工作都可以通过一个字节补丁来完成。

You just need to accept that there is a very real chance people are going to pirate your software. There are some people who are nevergoing to pay for your application no matter what and these are the people you don't need to worry about.

您只需要接受人们很可能会盗版您的软件。有些人无论如何都不会为您的申请付费，而这些人是您无需担心的。

There are however, many businesses out there who would never risk a lawsuit and happily buy software licenses and many computer users who either don't want to risk it, find it wrong or are not tech savvy enough to pirate. These are your true customers, and you should focus your efforts on providing them with a good user experience and ignore the people cracking your software.

然而，有许多企业永远不会冒着诉讼的风险并乐于购买软件许可证，而许多计算机用户要么不想冒险，要么发现错误，要么技术水平不够，无法进行盗版。这些是您的真正客户，您应该集中精力为他们提供良好的用户体验，而忽略破解您软件的人。

I've had my application pirated before, and I took it as a personal affront. Here I was, a small-time developer, pouring my heart and soul into an application and these people had the gall to pirate from me?! They were taking money directly from my pocket!

我的应用程序以前被盗版过，我认为这是对我个人的侮辱。在这里，我是一个小型开发人员，将我的全心全意投入到一个应用程序中，而这些人竟然敢从我这里盗版？！他们直接从我的口袋里拿钱！

I immediately added in a bunch of draconian DRM code and attempted to sabotage any person using an illegitimate or cracked copy. I should of course have been working on making my application better instead of trying to stop the inevitable. Not only that, but I was hurting my truecustomers will all these extra protections I was putting in.

我立即添加了一堆严酷的 DRM 代码，并试图使用非法或破解的副本来破坏任何人。我当然应该一直致力于使我的应用程序更好，而不是试图阻止不可避免的事情。不仅如此，我正在使用所有这些额外的保护措施伤害了我的真正客户。

After a long battle I realized I was fighting the tides and all this time wasted was for naught. I took out all the phone-home code except for the barebones license functions and never looked back.

经过长时间的战斗，我意识到我正在与潮汐作斗争，所有这些浪费的时间都是徒劳的。除了准系统许可证功能外，我取出了所有电话首页代码，再也没有回头。

Unfortunately, you are not going to run away from this. Your best bet is to write your code in C and P/Invokeit.

不幸的是，你不会逃避这一点。最好的办法是用 C 编写代码并P/Invoke它。

There is a small catch-22, someone could just decompile your application to CILand kill any verification/activation code (for example, the call to your C library). Remember that applications that are written in C are also reverse-engineered by the more persistent hackers (just look at how fast games are cracked these days). Nothing will protect your application.

有一个小的 catch-22，有人可以将您的应用程序反编译为CIL并杀死任何验证/激活代码（例如，对您的 C 库的调用）。请记住，用 C 编写的应用程序也被更顽固的黑客逆向工程（看看现在破解游戏的速度有多快）。没有什么可以保护您的应用程序。

In the end it works a lot like your home, protect it well enough so that it is too much effort (spaghetti code would help here) and so that the assailant just moves onto your next door neighbor (competition :) ). Look at Windows Vista, there must be 10 different ways to crack it.

最后它和你的家很像，保护它足够好，所以它太费力了（意大利面条代码在这里会有所帮助），这样攻击者就会转移到你的隔壁邻居身上（竞争:)）。看看 Windows Vista，一定有 10 种不同的破解方法。

There are packages out there that will encrypt your EXE file and decrypt it when the user is allowed to use it, but once again, that is using a generic solution that has no doubt been cracked.

有一些软件包可以加密您的 EXE 文件并在允许用户使用它时对其进行解密，但同样，这是使用毫无疑问已被破解的通用解决方案。

Activation and registration mechanisms are aimed at the 'average Joe:' people who don't have enough tech savvy to bypass it (or for that matter know that they can bypass it). Don't bother with crackers, they have far too much time on their hands.

激活和注册机制针对的是“普通人”：没有足够的技术知识来绕过它（或者就此而言，他们知道他们可以绕过它）的人。不要理会饼干，他们手头上的时间太多了。

How to make sure that the application is not tampered with, and how to make sure that the registration mechanism can't be reverse engineered.

如何确保应用程序不被篡改，以及如何确保注册机制不能被逆向工程。

Both have the same very simple answer: don't hand out object code to untrusted parties, such as (apparently) your customers. Whether it's feasible to host the application on your machines only depends on what it does.

两者都有相同的非常简单的答案：不要将目标代码分发给不受信任的方，例如（显然）您的客户。在您的机器上托管应用程序是否可行仅取决于它的作用。

If it isn't a web application, maybe you can allow for SSHlogin with X forwarding to an application server (or Remote Desktop Connection, I guess, for Windows).

如果它不是Web 应用程序，也许您可​​以允许使用 X 转发到应用程序服务器（或远程桌面连接，我猜，对于 Windows）的SSH登录。

If you give object code to nerdy type persons, and they think your program might be fun to crack, it willget cracked. No way around it.

如果您将目标代码提供给书呆子类型的人，并且他们认为您的程序可能很有趣，那么它就会被破解。没办法。

If you don't believe me, point out a high-profile application that hasn't been cracked and pirated.

如果你不相信我，请指出一个没有被破解和盗版的高配置应用程序。

If you go with the hardware keys, it'll make production more expensive and your users are going to hate you for it. It's a real bitch to crawl around on the floor plugging and unplugging your 27 different USB thingies because software makers don't trust you (I imagine).

如果您使用硬件密钥，它会使生产成本更高，您的用户会因此而讨厌您。在地板上爬来爬去插入和拔出 27 个不同的 USB 东西真是太糟糕了，因为软件制造商不信任你（我想）。

There are packages out there that will encrypt your EXE and decrypt it when the user is allowed to use it

有一些软件包可以加密您的 EXE 并在允许用户使用它时解密它

Of course, the way around it is to crack the "can-I-use-it" test so that it always returns true.

当然，绕过它的方法是破解“can-I-use-it”测试，使其始终返回true。

A nasty trick might be to use the byte values of the opcodes that perform the test somewhere else in the program in a dirty way that'll make the program crash with high probability unless the value is just right. It makes you linked to a particular architecture, though :-(

一个讨厌的技巧可能是使用在程序中其他地方执行测试的操作码的字节值以一种肮脏的方式使程序崩溃的可能性很高，除非值恰到好处。它让你链接到一个特定的架构，虽然:-(

Broadly speaking, there are three groups of people out there.

广义上讲，有三类人。

• Those who will not buy your software and resort to cracks, or if they don't find any, not use your software at all. Don't expect to make any money from this group. They rely either on their own skills or on crackers (who tend to prioritize their time depending on your useful and how big your audience is. The more useful, the sooner a crack will be available).

• The group of legitimate users who will buy (pay for) your software, irrespective of what protection mechanism you use. Don't make life hard for your legitimate users by using an elaborate protection mechanism since they are going to pay for it in any case. A complex protection mechanism can easily spoil the user experience and you don't want this happening to this group. Personally, I'd vote against any hardware solution, which adds to the cost of your software.

• A minority who will resort to "unethical" cracking and will only payfor your software becauseits features are protected by a licensing mechanism. You probably don't want to make it exceedingly easy for this group to circumvent your protection. However, all that effort you spend on protecting your software will pay back, depending on how big this group of people is. This entirely depends on the type of software you're building.

• 那些不会购买您的软件并求助于破解的人，或者如果他们找不到任何破解，则根本不要使用您的软件。不要指望从这个群体中赚到钱。他们要么依靠自己的技能，要么依靠破解者（他们倾向于根据您的有用性和受众的规模来优先考虑他们的时间。越有用，破解就越快可用）。

• 无论您使用何种保护机制，都会购买（支付）您的软件的合法用户组。不要通过使用精心设计的保护机制让合法用户的生活变得艰难，因为无论如何他们都会为此付出代价。复杂的保护机制很容易破坏用户体验，您不希望这种情况发生在这个群体身上。就个人而言，我会投票反对任何硬件解决方案，这会增加您的软件成本。

• 少数人会诉诸“不道德”的破解，并且只会为您的软件付费，因为其功能受到许可机制的保护。您可能不想让这个团体非常容易地绕过您的保护。但是，您为保护软件所付出的所有努力都会得到回报，这取决于这群人的规模。这完全取决于您正在构建的软件类型。

Given what you've said, if you think there is a large enough minority who can be pushed into buying your software, go ahead and implement some form of protection. Think about how much money you can make from this minority versus the time you spend working on the protection, or the amount you spend on a third party protection API/tool.

鉴于您所说的，如果您认为有足够多的少数人可以购买您的软件，请继续实施某种形式的保护。想想你可以从这个少数人身上赚多少钱，而不是你花在保护上的时间，或者你花在第三方保护 API/工具上的金额。

If you like to implement a solution of your own, using public-key cryptography is a good way (as opposed to symmetric algorithms) to prevent easy hacks. You could for instance digitally sign your license (serial no, or license file). The only way to get around this would then be to decompile, alter and recompile the code (which you could make harder using techniques such as those suggested in Simucal's answer).

如果您想实现自己的解决方案，使用公钥加密是防止简单黑客攻击的好方法（相对于对称算法）。例如，您可以对您的许可证（序列号或许可证文件）进行数字签名。解决这个问题的唯一方法是反编译、更改和重新编译代码（您可以使用诸如 Simucal 的答案中建议的技术使代码变得更难）。

• Use online update to block those unlicensed copies.

• Verify serial number from different modules of your application and do not use a single function call to do the verification (so that crackers cannot bypass the verification easily).

• Not only check serial number at startup, do the verification while saving data, do it every Friday evening, do it when user is idle ...

• Verify application file check sum, store your security check sum in different places.

• Don't go too far on these kind of tricks, make sure your application never crash/get into malfunction while verifying registration code.

• Build a useful app for users is much more important than make a
  unbreakable binary for crackers.

• 使用在线更新来阻止那些未经许可的副本。

• 验证应用程序不同模块的序列号，不要使用单个函数调用来进行验证（这样破解者就无法轻易绕过验证）。

• 不仅在启动时检查序列号，在保存数据的同时进行验证，每周五晚上进行，用户空闲时进行......

• 验证应用程序文件校验和，将您的安全校验和存储在不同的地方。

• 不要在这些技巧上走得太远，确保您的应用程序在验证注册码时不会崩溃/出现故障。

• 为用户构建一个有用的应用程序比
  为破解者制作一个牢不可破的二进制文件重要得多。

You can't prevent people from cracking your software.

你无法阻止人们破解你的软件。

However, you can make them create cracks that will hurt your sales less. Keygenerators that can issue a valid registration code for your software are much worse than simple patches that remove registration incentives from your software. That's because a crack will work for one software version only, and will cease to work with the next software update you release. The keygenerator will continue to work until you change your registration key algorithm and that's something you don't want to do often because it will put off your honest clients.

但是，您可以让它们产生裂缝，从而减少对您的销售的影响。可以为您的软件发布有效注册码的密钥生成器比从您的软件中删除注册激励的简单补丁要糟糕得多。这是因为破解仅适用于一个软件版本，并且在您发布的下一个软件更新中将停止工作。密钥生成器将继续工作，直到您更改注册密钥算法，这是您不想经常做的事情，因为它会推迟您的诚实客户。

So, if you are looking for a method to fight illegal keygenerators for your software and you do not want to use assymetric encryption because of the long registration codes this generates, you might have a look at Partial Key Verification.

因此，如果您正在寻找一种方法来打击您的软件的非法密钥生成器，并且由于生成的注册码很长而不想使用非对称加密，则可以查看部分密钥验证。

Partial Key Verification makes sure that each illegal keygenerator works only for one particular release of your software. Basically what you do is to make sure that each release of your software only links with the code for checking SOME digits of the registration code. Which digits exactly is random, so crackers would have to reverse engineer many different versions of your software and combine all this into one keygenerator in order to release a keygenerator that works for all versions of your software.

部分密钥验证确保每个非法密钥生成器仅适用于您软件的一个特定版本。基本上，您要做的是确保您的软件的每个版本仅与用于检查注册码某些数字的代码链接。哪些数字完全是随机的，因此破解者必须对您的软件的许多不同版本进行逆向工程，并将所有这些组合到一个密钥生成器中，以便发布适用于您软件所有版本的密钥生成器。

If you release new software versions on a regular basis, this leads to numerous keygenerators spread on all kinds of software piracy archives which are not working anymore. Potential software pirates usually look for a crack or keygen for the latest version, so they will likely try a few of those and give up eventually.

如果您定期发布新的软件版本，这会导致大量密钥生成器散布在各种不再工作的软件盗版档案中。潜在的软件盗版者通常会寻找最新版本的破解或密钥生成器，因此他们可能会尝试其中的一些并最终放弃。

I've used the Partial Key Verification in my (C++) newer shareware games and it has been very effective. Before we had plenty of problems with keygenerators which we could not fight. Afterewards there were lots of cracks and some few keygenerators that worked only for that particular version of the game, but no key generator that would work with all versions. We regularly released very minor updates of the game and to render all previously existing cracks useless.

我在我的 (C++) 较新的共享软件游戏中使用了部分密钥验证，它非常有效。在我们遇到无法解决的密钥生成器问题之前。后来有很多破解和一些仅适用于该特定游戏版本的密钥生成器，但没有适用于所有版本的密钥生成器。我们定期发布游戏的非常小的更新，并使所有先前存在的裂缝变得无用。

There seems to be an open source .NET framework for Partial Key Verification, although I have not tried it.

似乎有一个用于 Partial Key Verification 的开源.NET 框架，尽管我还没有尝试过。

You can..

你可以..

Microsoft SLP ServicesInishTech's Software Potentialoffers the ability to help protect code without affecting the functionality of your applications.

Microsoft SLP 服务InishTech 的软件潜力提供了帮助保护代码而不影响应用程序功能的能力。

UPDATE: (Disclosure: I work on Eazfuscator.NET)What makes Microsoft SLP ServicesSoftware Potentialdifferent is the ability to virtualize the code, so you definitely can. Several years passed since the question was originally asked; today there are more products available that also work on a similar basis such as:

更新：（披露：我在 Eazfuscator.NET 上工作）使Microsoft SLP 服务软件潜力不同的是虚拟化代码的能力，所以你绝对可以。自从最初提出这个问题以来，已经过去了几年。今天有更多的产品可以在类似的基础上工作，例如：

• Agile.NET
• Eazfuscator.NET

• 敏捷网络
• Eazfuscator.NET

.NET Reactor

.NET 反应器

Update

更新

Jared pointed out that de4dotclaims to be able to decompile it.

Jared 指出de4dot声称能够反编译它。

.NET Reactor provides complete protection for your sensitive intellectual property by converting your .NET assemblies into unmanaged processes which cannot be understood as CIL, and which no existing tool can decompile. Hackers have no access to any intelligible form of your source.

Powerful and flexible, the .NET Reactor licensing features allow you to enforce your license conditions and protect your revenue stream by using hardware and software locks. The license manager can build trial or permanent licenses, in a matter of seconds. A fully documented software development kit (SDK), complete with examples, allows you to call the licensing system directly from your code, allowing you to create custom extensions to the licensing system.

.NET Reactor 通过将您的 .NET 程序集转换为无法理解为 CIL 且现有工具无法反编译的非托管进程，为您的敏感知识产权提供全面保护。黑客无法访问您的来源的任何可理解形式。

.NET Reactor 许可功能强大而灵活，允许您通过使用硬件和软件锁来强制执行许可条件并保护您的收入流。许可证管理器可以在几秒钟内构建试用或永久许可证。完整记录的软件开发工具包 (SDK) 和示例，允许您直接从代码调用许可系统，允许您创建许可系统的自定义扩展。