We are developing a Desktop Application (Windows Service) with C#. And we are trying to protect our intellectual property and this is why we decided to .Net Reactor
Initially, it looked like a powerful tool. When obfuscating I've selected all available options except of 'Native exe file'. (Necrobit, Anti ILDASM, Anti Tampering, Control Flow obfuscation, Obfuscation, String Encryption, Compress & Encrypt Resources)
I tried to use DotPeek to check the results and was happy with the results
But it turned out that there is a tool out there that can easily deobfuscates all assemblies (for apparent reasons I'm not going to mention what is it the tool). But I'm curious if anyone has faced similar type of problem. Does anyone know a reliable way to protect C# code that will be running on clients desktops/servers
**Please don't suggest to rewrite the app using C++
Option 1)
Extract out an important part (or several - the more the better) of your program to run remotely on your servers - would mean the user would need to be connected to the internet to run your program. Don't just add a remote key check because a cracker will just NOP that out. Instead, run a non-trivial algorithm there.
Option 2)
Build a hardware dongle & distribute it with your software. Again, implement one or more key algorithms on the dongle rather than just a key check.
Option 3)
After compiling, compress the resulting DLLs as an archive THEN encrypt it. You will then use assembler to write a hand-coded "loader" (which attempts to hide what it's doing). Note that the loader will need to include the decryption key somewhere, however there are things you can do to hide it better. The idea being to hide the fact that it's running on the .NET framework (will certainly beat all the off the shelf decryption tools). It won't however disuade crackers (who will see that the process in memory is .NET & will dump the process).
HTH