How to protect your software intellectual property
You have invested a significant amount of time and creativity in writing your killer application but you are worried about a competitor or hacker reverse-engineering your software and stealing your intellectual property. What is the best way to protect it?
Your software intellectual property (IP) can include your coding algorithms and proprietary data. First we need to understand how your IP can be stolen. There are a number of techniques that a competitor or hacker can use to reverse-engineer your code.
Decompiling and Disassembling
Many popular languages such as C#, VB.NET, Python and Java compile to an intermediate form of machine code known as byte code which is then executed by a platform-specific virtual machine. The advantage of this is that the same binaries can be executed on many different platforms. However, the disadvantage is that your application can be easily decompiled to readable source code. There are many freely available tools that can achieve this.
Other more traditional languages such as C, C++ and Delphi are compiled to native binaries. Reverse engineering these programs is much more difficult but still possible for experienced hackers using the right tools and techniques.
Debugging Code
Another method of reverse engineering involves stepping through code using a debugger. This helps a hacker to understand the program flow and can help identify crucial algorithms in your code which can then be analysed or decompiled. Debugging can also enables a hacker to modify your code. For example, it can be used to remove primitive attempts at software protection such as checking the computer date.
Obfuscation
One method to combat decompilation is to use an obfuscator. An obfuscator will not prevent decompilation but makes the decompiled code very difficult to read and understand. Normally an obfuscator will work by modifying your source code to make it less understandable. It is then compiled like normal. However, an obfuscator can also work on byte code and also in rare cases on native binaries.
Software Protection Systems
It is not so well known that software protection systems, in addition to copy-protecting your software, can also offer superior anti reverse-engineering techniques that go beyond the level of obfuscation.
Automatic software protection using shell wrappers can encrypt code and data in your software. This makes decompilation and disassembly impossible and also protects your data. The code encryption can also continue while the program is loaded into memory.
In addition, software protection systems will offer many anti-debug techniques that disrupt the flow of a debugger or make it very difficult to use or even prevent the use of a debugger altogether.
Microcosm offers two software protection systems: Dinkey Pro/FD - a hardware dongle, and CopyMinder - a purely software-based key. Both of these systems provide automatic shell-protection, anti-piracy and anti-debug techniques to prevent reverse engineering, debugging and theft of your IP. In addition, the Dinkey Pro/FD software protection system can also be used to encrypt data files that are accessed by your shell-protected software under Windows.