That's right, I'm talking about a license verification code in a desktop application, for example. method bool ValidateLicense(string licenseCode). Of course, any protection scheme can be reconstructed by a skilled and determined cracker. However, I would like to prevent anyone with basic programming knowledge from using Reflector to create keygen in a couple of minutes.
Possible approaches
Blackout. My understanding is that obfuscation incurs overhead and can impede (legal) debugging. So, are there any tools that allow obfuscation of only selected methods?
Move the method to the ngen'ed assembly or unmanaged DLL. But is this not an invitation to simply replace the DLL? Any ideas how to prevent this (read: make it a little harder for an attacker)?
Other?
PS: The question is obviously related to Protect .NET code from reverse engineering? trying to divert thoughts from there into practice
UPDATE
To 1. The first stage of obfuscation, of course, would be to rename the verification method. (Thanks, Jonathan)
To 2. Assuming the application uses the Win32 API methods, you can redirect calls through an unmanaged DLL, thereby making it an integral part of the application. Merging with method signatures (e.g. change name, swap options) would make this less obvious. Do you think that birth defects are justified?
To 3. . , .. - (, )