Help us improve Softanics
We use analytics cookies to understand which pages and downloads are useful. No ads. Privacy Policy
Artem Razin
Artem Razin
Low-level software protection engineer with 20+ years in native and managed code security. Creator of ArmDot, protecting commercial .NET applications since 2014.

.NET Licensing Protection: Obfuscation and Licensing as One System

Obfuscation protects the application's code structure and logic. Licensing controls access to the application's functionality. The two concerns look separate until you consider what happens when they are handled separately.

A license check that can be read and patched in dnSpy is no more secure than an unobfuscated binary, regardless of how sophisticated the licensing scheme is. A hardware fingerprint algorithm, a cryptographic key validation, a trial expiry check - each is a method in the binary, and each can be located and bypassed if the code is readable. Obfuscation without licensing leaves the monetization model undefended. Licensing without obfuscation leaves the license enforcement exposed.

Most developers solve this by combining an obfuscator with a separate licensing library from a different vendor. That works, but it means two integrations, two NuGet packages from different sources, two sets of documentation, and no guarantee that the licensing library's validation code is actually covered by the obfuscator's protection.

ArmDot is the only mid-market .NET obfuscator with a built-in licensing API. Hardware ID locking, serial key generation with RSA asymmetric encryption, trial expiration, and license validation all ship as part of the same ArmDot.Client NuGet package that provides obfuscation. The validation code is protected by the same virtualization and integrity checking that protects everything else. There is no integration gap between the licensing logic and the code protection.

The guides below cover the three licensing mechanisms ArmDot provides, each as a standalone reference for the engineering problem it addresses.

Hardware ID locking

Hardware ID Locking in .NET: Binding a License to a Machine →

How to generate a hardware fingerprint in C# using WMI, the stability problem when customers change hardware, the cross-platform challenge, and how ArmDot provides machine binding as a built-in feature. Useful to any developer implementing HWID locking, whether or not they use ArmDot.

Serial key generation

Serial Key Generation in .NET: From Simple Keys to Cryptographic Licensing →

The progression from checksum-based keys (Windows 95's legendary 111-1111111) through HMAC schemes to RSA asymmetric signatures. What an attacker can do at each level, why obfuscation is the mechanism that makes each scheme resilient against its primary attack, and how ArmDot implements the asymmetric approach with key generators in PHP and C for server-side automation.

Trial version protection

Trial Version Protection in .NET: Stopping the Bypass →

Five specific attacks on trial implementations - clock manipulation, registry deletion, reinstallation, VM snapshot rollback, and binary patching - with the specific defense for each. How ArmDot implements trials as time-limited license keys with RSA-signed expiration dates, and how integrity checking detects binary modification.

Where to start

If you are building a licensing system from scratch: start with the hardware ID guide. Machine binding is the foundational concept the other two guides build on, and the hardware fingerprint implementation is useful regardless of which key scheme you choose.

If you already have hardware ID locking and need key generation or trial enforcement: go directly to the serial key generation guide or the trial protection guide. Both are self-contained.

Why licensing belongs alongside obfuscation

A developer arriving here from the obfuscation techniques or platform guides may wonder why licensing is covered in the same guide. The answer is practical: all three licensing guides above end at the same conclusion from different directions.

The hardware ID page shows that fingerprint validation logic is the first thing an attacker targets in a decompiled binary. The serial key page shows that even RSA-signed keys are defeated if the signature check can be patched out. The trial protection page shows that every storage-hardening technique is irrelevant if the expiry method is readable.

In each case, the licensing mechanism is only as strong as the protection on its validation code. Obfuscation is not adjacent to licensing - it is the layer that makes licensing work.

Back to: .NET Obfuscation: The Complete Developer Guide →

ArmDot licensing and obfuscation

ArmDot provides hardware ID locking, RSA-based serial key generation and validation, trial expiration, and integrity checking alongside its full obfuscation suite - all in a single NuGet package. No separate licensing library required. A single developer license is $499. Free trial available - protected assemblies stop working after two weeks.