Page 1 of 2

Best Practices when using custom dialogs

Posted: Sat Nov 11, 2017 2:32 pm
by catalin00
Hello! I am a .NET C# developer, and I would like to start using Enigma to protect my software and to generate license keys for my apps.I don't know anything about software protection, so I would need some help and guidance to get started. I decided to post my questions here because I thought that maybe there are more developers like me, who don't have any experience with software protection, and this post might help them too.
  • So, first, from what I see, I can use my own forms as registration dialogs and messages, using the methods in the SDK. What I would like to know is what is the best way to implement a registration dialog. Should I use the standard dialog available in Enigma, under REGISTRATION FEATURES/Registration dialog, or should I make a new form inside my C# project, or should I use a separate DLL or executable and make the registration form inside this external file?
  • How should we use the methods from the SDK? From what I see in the examples, it should be enough to just call EP_RegLoadAndCheckKey(), and if the result is false, show the registration dialog (calling the custom form I guess, and not using EP_RegShowDialog). But this makes me feel uncomfortable, knowing that this way I am relying on a simple boolean evaluation to decide whether or not the user should be granted access to the app. Wouldn't it be possible for a hacker to find this evaluation and remove it so that the app would run without showing the dialog?
  • How should I add a reference to the SDK? I know this should be obvious from the examples, but I don't understand how will the program know not to try open the empty enigma_ide.dll after it is protected.
  • Is it recommended to use custom forms and message boxes for the other dialogs like the trial expired message? Or should we use the standard messages available from Enigma options?
  • What are other best practices when protecting files with enigma? What other options should we enable/disable before clicking Protect? I know there is an excellent documentation for each option, but I am just afraid that I might miss something and make my apps vulnerable without even knowing.
Thank you in advance for any help. I hope I haven't asked questions that already have answers, but I checked before, and couldn't find a clear answer to any of them. If there are other posts/topics that answer my questions, I would appreciate any links to them. Thanks again!

PS: I placed an order a few hours ago, and I haven't received anything. I know it might take a while. I just wanted to let you know. I used Paypal, but the strange thing is that even though I completed the payment, it doesn't appear on my PayPal activity, and my balance is the same as if there was no transaction at all.

Re: Best Practices when using custom dialogs

Posted: Sun Nov 12, 2017 4:44 pm
by Ilya
Hello!
I am not a developer, but i try to answer to your questions.
All order are handled manually by developer, so you should to wait your copy.

Answers to your questions in order.
1. Best way is using standart reg dialog with constant encryption option enabled. So your application cannot be decoded and executed untill user entered valid information.
2. Yes, this is very easy to change boolean result and remove it, so you should't hope for this api. Especially in c # code.
3. You can use dllimport from enigma_ide.dll
After protection this library is virtualized by protector and you can not think about it.
4. Does not affect the protection. What do you like best?
5. First of all, the enigma can not use the majority features in applications based on .net technology, you MUST use another obfuscator and then pack application inside enigma. Enigma has very good api. I recommend to you use crypto api functions.

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 6:02 am
by catalin00
Hi, thank you for replying. I have received my copy of enigma and my license. I have also realised meanwhile that enigma won't help me much if I don't switch to another native programming language. This is pretty unfortunate. However, I will try to rewrite the most important parts of my code to C++. Here is what I thought I would try: I will keep using C# for designing the interface and for some basic tasks, and the main components will be in a separate C++ dll, protected using markers and other features available only for native languages.

I still don't understand your first two points. Aren't we supposed to be able to use your API to create custom registration forms, and to check if license is valid? Can you suggest a secure way to do so? I checked the examples,(mainly the HardwareID example in c#), and I found just that: a simple boolean evaluation deciding whether or not the license is valid, and a custom form.

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 9:08 am
by Ilya
If you really want to use custom reg form and do not want to use standart form, then you need to use crypto markers and place ALL sensitive code inside this markers!
Of cource you will need to use native language for creation this form.
Why are you do not want to use standart form?

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 9:44 am
by catalin00
I think I would have more options, and I am more familiar with the .net form designer. Here is what I would like to do: Make a c++ dll with all the important methods, and protect it using markers and other options from enigma. Then, for the interface, I would use c#. I think I could make the registration form in c# too. After all, even if the hacker tries to modify my registration form, they still can't use my protected DLL unless they register the product properly. Am I right? Let me know if there are any security flaws in this implementation. The protected dll, which would be the core of the app, containing most of the important code, would then be embedded in the final executable using Enigma's virtual box. What do you think? Would this be a proper way to build and protect my app using enigma?

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 9:49 am
by catalin00
Also, here is another reason why I would like to use custom registration form: Here is a quote from this post:
viewtopic.php?f=6&t=37
- Also, this tutor bypass only standard registration dialog of Enigma, use your own dialog by means of Enigma API, by this you will avoid cracking by standard tools
This is a bit confusing for me. What is actually the best way to implement a registration dialog? Should I use the standard dialog, or make my own?

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 10:03 am
by Ilya
I can't see any reason for using custom forms, except advanced design/custom registration.
You cannot bypass standart form, if application is encrypted, using encryption constant option.
Otherwise, you must understand what you are doing. Your application will be completely or partially unpacked in memory, which can help bypass protection. You can prevent this by using crypto functions.
Please read documentation.

Re: Best Practices when using custom dialogs

Posted: Mon Nov 13, 2017 10:11 am
by catalin00
Ok, thank you for the reply. However, that quote was from Enigma, and he said that the standard registration form is weaker than a custom one. Isn't that true? Now I really don't know if I should make a custom form or use the standard one. I could customise the design of the standard form if this is the most secure way, but I want to make sure which is the best option first. Sorry if I get annoying, but I really want to use enigma in the most efficient way.

Re: Best Practices when using custom dialogs

Posted: Tue Nov 14, 2017 4:06 pm
by Enigma
Hi Catalin,

Based on your questions and thoughts, I will try to explain things that are not much clear for you.
catalin00 wrote:How should I add a reference to the SDK? I know this should be obvious from the examples, but I don't understand how will the program know not to try open the empty enigma_ide.dll after it is protected.
You just add Enigma_IDE class to your application and use it. After file is protected, the protection will hook all calls to enigma_ide.dll in memory and emulate them using internal functions. So it works, I'm not sure you need to know specifics of this process)
catalin00 wrote:So, first, from what I see, I can use my own forms as registration dialogs and messages, using the methods in the SDK. What I would like to know is what is the best way to implement a registration dialog. Should I use the standard dialog available in Enigma, under REGISTRATION FEATURES/Registration dialog, or should I make a new form inside my C# project, or should I use a separate DLL or executable and make the registration form inside this external file?
You may use any kind of registration dialog, is it standard or custom. There are some advantages in standard registration dialog provided by protection, but this is very specific, I'm not sure it may be helpful in your case.
If you do not like the design of standard registration dialog, or you have specific requirements you could use custom one.
Keep in mind, registration dialog itself does not provide nor safery, nor security, it just allows user to enter license key.

For C# programs, using 3rd obfuscator is mandatory! You can use any simple free .net obfuscator just to hide methods names.

And back to protection, how it would be possible to protect .NET application with maximum strength? You need to move a part of your code to unmanaged dll, C++ is great! Please note, you do not need to put a registration dialog into dll, this is useless, you need to move just some logic, even simple one. For example, this could be some mathematic calculations, encryption/decryption routine, any algorithm that, so that C# application may send some data to this dll and get calculated or encrypted data back to use it. Purpose of this - imagine, if dll get removed, .NET application should not work. And also, dll should do some job (like I said, it should calculate something, encrypt/decrypt) it should not just return true or false which could be easy emulated by cracker.

Inside the dll you could also use Enigma API functions to check the license and so on. But please protect dll and exe with the same project file, so they both will accept same license keys.

Then, once you create a dll, protect the functions it exports with RISC virtual machine using vm_risc_begin/vm_risc_end markers or Virtual Machine - Functions Selecting feature. .NET exe should also be protected. And when protect a .net exe you may include protected dll into Virtual Box feature to hide it from users.

Protection of .NET application is rather specific, but if you implement the protection like I said, the protection strength would be same as for unmanaged programs!

Re: Best Practices when using custom dialogs

Posted: Wed Nov 15, 2017 1:15 pm
by catalin00
Thank you very much for your reply. Now I understand better how I should implement the protection. I will look for a good obfuscator. Do you have any recommendation? Eazfuscator's virtualization looks very interesting, but unfortunately, it is a bit too expensive for me.