for my primary software product i created a 'keygen' which is obviously able to generate keys and to validate too. It's a 'logic' keygen and i don't want to use it as web service (i don't want to force users to have an internet connection to reg the software..). Fot those reasons i need to obfuscate it with something like Dotfuscator but if obfuscated my project lose some cool stuff like the auto-update bundled with .Net products (ClickOnce).
Then my first question is: It's possible to create the keygen as .dll, obfuscate it and use it in a non-obfuscated software?
If YES:
If NO:
Definitively, what's your raccomendations? Thnaks a lot for any help and please forgive my bad english :-)
The problem with .NET obfuscation is that anyone who has a fairly intermediate understanding of CIL, which C# is compiled into, will find any obfuscation to be fairly easy to get through, even if they can't get through the obfuscation if the memory isn't properly secured they can just monitor the change in memory throughout the operation of your program.
Anyone who really wants to get into your program, will. It's the same for native applications as well.
That being said if you want to protect yourself from the average script kiddie with a reflector then compiling the keygen to a dll and obfuscating the dll alone is enough for protecting against someone discovering your key generation algorithm and using it to create a keygen, however that still leaves them with the possibility of patching your application which obfuscating that would to some degree prevent.
To summerize: If you want to prevent the average person from creating a keygen compile and obfuscate your keygen to a dll, if you want to prevent both a keygen and people patching your program obfuscate keep the keygen in the solution and obfuscate that.