Protect .exe from crack/decompile

[Todor Atanasov]

Hi guys.
I want to know, is there a way to protect the "logic" used in a program from being "stolen"? I can live with the authorization been cracked and the program run by anyone, but I want to preserve the logic/algorithm inside from being stolen and used in other product.

Is there a way, or if everything can be disassembled there is no way to prevent this.

[Richard Norman]

Look up "software obfuscation" or "source code obfuscators" or the
like. You can make it extremely difficult to reconstruct the logic or
algorithm but you cannot make it impossible.

[Geoff]

Obfuscation of the source only makes maintenance expensive and
painful. The resulting machine code is what you need to protect since
that is what will be available to anyone trying to reverse engineer
your logic. This is true whether you encrypt your binary or not. It
only adds one easily bypassed step to reversing your program at the
cost to you of size and speed of your program. Once your protection
program has decrypted your code, it can be inspected and examined in
memory.

The problem with code protection mechanisms, and there are many, is
that most of them are used by and have characteristics of malware.
This often results in your protected legitimate program being detected
and flagged by A-V products as suspicious. This means you will spend
your time explaining and defending your product against false
positives to people who are not qualified to even understand your
explanations. Customers who might otherwise use your product will
become dissatisfied and disparage your product to other users.

A far more worthwhile use of your time is to spend it creating a
desirable and worthwhile product at an appropriate price point that
makes your product more desirable than a knock-off. Part of that
pricing must include your costs of development and maintenance and you
can control that by making them easier and faster. Remember, a product
has a life cycle: introduction, sales growth, peak, decline,
obsolescence. You must plan for this and make the peak as high and as
long in duration as possible, making it hard to use is not part of
this.

Even unprotected, your algorithm has no protection in law, other than
copyright of the expression of it in source code, and most competitors
will develop it independently rather than go to the expense of
reversing your binary. This way they keep their costs of development
and maintenance low since they control and understand their own
development and maintenance and may even discover better logic than
yours in the process.

[Todor Atanasov]

Thanks for the replies guys. Much appreciated. I know it is impossible, but at least to make it harder for the non professionals.

[Stuart]

It depends on how much money we are talking about. In my previous
company we had soem ultra-secret algorithm that was only shipped
together with its own black box (mostly an ordinary PC inside an
reinforced case that only provided a power plug and a network plug).
There was a pre-defined network protocol how the parameters had to be
transmitted to that box and how the results would come back. Note that
this was even a concession to the customer because he did not have a
good internet connection and could not use our server. If you are really
paranoid, you could as well configure the black box in such a way that
it only works as long as it is not being disassembled: keep the
algorithm in RAM, so when the box is disconnected from the power
network, they will only find an ordinary PC inside (we didn't do this,
though).

That scheme works only well if you have few customers (<20 in our case)
and your algorithm is really important (>500K $). In all other cases you
might be ok with encryption software that uses a dongle (costs about
2K$, and less than 10$ per dongle).

Regards,
Stuart

[Todor Atanasov]

Thanks,
Yeah it is all about cost and benefits :D