Re: Code protection

Dear Ignacio, dear all,

of course the dll is obfuscated before encryption. But just obfuscation is
in my case definitely not enougth protection (and it is the point, where for
me the decision is already done and will not be changed!!!). Please don't
misunderstand me, I don't want to discuss if it is worth to encrypt, but HOW
to encrypt so that the dll can't be decompiled.

Please could anybody comment on the strength of my approach or suggest how
to improve it?

Thanks so much,

Boni



"Ignacio Machin ( .NET/ C# MVP )" <ignacio.machin AT dot.state.fl.us>
schrieb im Newsbeitrag news:OMmhprtOFHA.3380@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> Did you try to obfuscate it first?
>
> I would suggest you to use the tools accesible to the framework. In your
> solution you encrypt the dll, meaning that the file in the HDD is not
> longer a DLL, it's a data file. hence the framework cannot do nothing
> with it, you cannot register it in the GAC, not using versionsing.
>
> I would give a try to obfuscation first. Take a look at the community
> version shipped with .NET
>
>
> cheers,
>
> --
> Ignacio Machin,
> ignacio.machin AT dot.state.fl.us
> Florida Department Of Transportation
>
>
> "Boni" <oilia@nospam> wrote in message
> news:OSuiEWtOFHA.576@xxxxxxxxxxxxxxxxxxxxxxx
>> Dear all,
>>
>> in order to protect my assembly component from decompilation I
>> implemented following schema:
>>
>> I created mixed mode C++ project wich has managed cProxy class and
>> unmanaged cMemLoader. In the cMemLoader I load encrypted assembly,
>> decrypt it into memory buffer and then marshal this buffer into managed
>> memory and load the assembly from memory.
>>
>> Although I am not sure if this approach is good enough and how easy is it
>> to break.
>>
>> Can anybody comment on this? Improvements are welcome too.
>>
>> Thanks in advance,
>>
>> Boni
>>
>>
>>
>> void cProxy::Load(void){
>>
>> m_pLoader=new cMemLoader(C:\\edit\\MyEncriptedManaged.dll
>>
>> m_pLoader->DecriptLoad();
>>
>>
>> unsigned char _pManagedBuff __gc[]=__gc new unsigned char __gc
>> [m_pLoader->m_file_size] ;
>>
>> Marshal::Copy(m_pLoader->m_pBuff,_pManagedBuff,0,m_pLoader->m_file_size);
>>
>> delete m_pLoader;
>>
>> m_Asm= Assembly::Load(_pManagedBuff);
>>
>> System::Type *_Types __gc[]= m_Asm->GetTypes();
>>
>> Object *_Instance = 0;
>>
>> MethodInfo *_Methods __gc[]= _Types[0]->GetMethods();
>>
>> _Instance = System::Activator::CreateInstance(_Types[0]);
>>
>> _Methods[0]->Invoke(_Instance,0);
>>
>> }
>>
>>
>>
>>
>
>


.

Relevant Pages

  • Re: ASP.Net 2.0: Pros and cons of putting connection string in a D
    ... Did you use obfuscation for your DLL? ... I'll probably just encrypt the connection string in the web.config for now. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: ASP.NET 2005 hack-proof?
    ... Obfuscation is not fool-proof once the DLL is obtained. ... So, the amount of trouble, time, and expense to protect intellectual ... >> It will deter the casual decompiler, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Managed EXE DLL Injection
    ... encryption is one of the most inefficient forms of code obfuscation? ... Wang are two most active obfuscation researchers, ... > way that the encrypted DLL will stay independent. ... > loader do the same verification done by 'peverifier.exe' I have tried the ...
    (microsoft.public.dotnet.framework.clr)
  • Re: if I encrypt key data why do I want or need SSL?
    ... I could encrypt the ... name DLL responsible for all security aspects, ... Its trivial to decompile ANY .net ... For someone to send your web service they have to know the key? ...
    (microsoft.public.dotnet.security)
  • Re: Urgent: Securing a .net 1.1 application
    ... code will only load if the public key is the same, ... You could encrypt some functionality into a dll and load it at ...
    (microsoft.public.dotnet.security)