Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso 9 8489
Hi Saso,
You should be aware that the code you create is also easily accessible not
just the odd string constant. There are tools available to disassemble
assemblies that can reconstruct the code quite nicely.
I havent dug into this deeply and so cannot comment on the viability of
obfuscators but I have tried a disassembler and see that it can do the job
very well.
Cheers
-jr-
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message
news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
You may be interested in dotfuscator: http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message
news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
so an obfuscator is basicly software which "moves things around" in your
assemblies?
As I mentioned before I use SQL Server in my application and if I left the
connection
strings in the program anyone with a hex editor could see them.
What I did is I encrypted a text file (using .NET security and cryptography
classes) and I derypt and read the file during install.
It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my
application. How can I get obfuscated files into the .msi file? I have
VS.NET 2003 and DOTFuscator is included
with vs.net.
Thanks a lot for your answers,
Saso
"Edward Yang" <ne***********@msn.com> wrote in message
news:Oy**************@TK2MSFTNGP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
Why you said the obscufator that comes with VS.NET is next to useless? I am
wondering because I am planning to use it. Is it really next to useless??
Tony
"Duncan McNutt" <mu*******@127.0.0.22> wrote in message
news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is
next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... so an obfuscator is basicly software which "moves things around" in your assemblies?
As I mentioned before I use SQL Server in my application and if I left
the connection strings in the program anyone with a hex editor could see them. What I did is I encrypted a text file (using .NET security and cryptography classes) and I derypt and read the file during install. It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my application. How can I get obfuscated files into the .msi file? I have VS.NET 2003 and DOTFuscator is included with vs.net.
Thanks a lot for your answers, Saso
"Edward Yang" <ne***********@msn.com> wrote in message news:Oy**************@TK2MSFTNGP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:8b*************************@posting.google.co m... > Hi! > > I have recently completed an application, written in C#. > When I opened one of the files with a hex editor I was amazed by the > lack > of protection for the assemblies. > My application uses SQL Server and during install it sets up tables > needed in the application. I also use a simple protection system, > which stores a string (an initialization password) in the database, > needed for the application to unlock after a few days have passed. > The thing is, that all of the strings that I use in my assembly are > clearly visible when using a hex editor. > Is there a way of "hiding" that string? Or does anyone have any
better > suggestions? > > thanks, > Saso
Doesnt take much to reverse it :D check online (google) for tools to do that
:D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotmail.com> wrote in message
news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I
am wondering because I am planning to use it. Is it really next to useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... so an obfuscator is basicly software which "moves things around" in
your assemblies?
As I mentioned before I use SQL Server in my application and if I left the connection strings in the program anyone with a hex editor could see them. What I did is I encrypted a text file (using .NET security and cryptography classes) and I derypt and read the file during install. It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my application. How can I get obfuscated files into the .msi file? I have VS.NET 2003 and DOTFuscator is included with vs.net.
Thanks a lot for your answers, Saso
"Edward Yang" <ne***********@msn.com> wrote in message news:Oy**************@TK2MSFTNGP10.phx.gbl... > You may be interested in dotfuscator: > > http://www.preemptive.com/ > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > news:8b*************************@posting.google.co m... > > Hi! > > > > I have recently completed an application, written in C#. > > When I opened one of the files with a hex editor I was amazed by
the > > lack > > of protection for the assemblies. > > My application uses SQL Server and during install it sets up
tables > > needed in the application. I also use a simple protection system, > > which stores a string (an initialization password) in the
database, > > needed for the application to unlock after a few days have passed. > > The thing is, that all of the strings that I use in my assembly
are > > clearly visible when using a hex editor. > > Is there a way of "hiding" that string? Or does anyone have any better > > suggestions? > > > > thanks, > > Saso > >
Oh my god, so do you have a suggested obscufator that works as expected?
Actually, the entire world is investing money on data security, but MS made
it so easy for people to view the logic of a .NET software, which in the end
will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message
news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do
that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless?
I am wondering because I am planning to use it. Is it really next to
useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003
is next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... > so an obfuscator is basicly software which "moves things around" in your > assemblies? > > As I mentioned before I use SQL Server in my application and if I
left the > connection > strings in the program anyone with a hex editor could see them. > What I did is I encrypted a text file (using .NET security and cryptography > classes) and I derypt and read the file during install. > It's probably not the best solution but it's something :) > > One other thing... I also use a "Setup and deployment project" in my > application. How can I get obfuscated files into the .msi file? I
have > VS.NET 2003 and DOTFuscator is included > with vs.net. > > Thanks a lot for your answers, > Saso > > "Edward Yang" <ne***********@msn.com> wrote in message > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > You may be interested in dotfuscator: > > > > http://www.preemptive.com/ > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in
message > > news:8b*************************@posting.google.co m... > > > Hi! > > > > > > I have recently completed an application, written in C#. > > > When I opened one of the files with a hex editor I was amazed by the > > > lack > > > of protection for the assemblies. > > > My application uses SQL Server and during install it sets up tables > > > needed in the application. I also use a simple protection
system, > > > which stores a string (an initialization password) in the database, > > > needed for the application to unlock after a few days have
passed. > > > The thing is, that all of the strings that I use in my assembly are > > > clearly visible when using a hex editor. > > > Is there a way of "hiding" that string? Or does anyone have any better > > > suggestions? > > > > > > thanks, > > > Saso > > > > > >
unless you are encrypting the payload and have a loader somehow, (and where
is the decrypt key stored?? :D) its always going to be possible to reverse
it.
If a code obscufator works by replacing variable names with crappy names or
other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other attempts
at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotmail.com> wrote in message
news:#s**************@TK2MSFTNGP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected? Actually, the entire world is investing money on data security, but MS
made it so easy for people to view the logic of a .NET software, which in the
end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I am wondering because I am planning to use it. Is it really next to useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... > This is a big problem with managed code, the obscufator in .NET 2003 is next > to useless, same for theyre resource editor. > > > > -- > > Duncan McNutt > Microsoft Product Deactivation Team > -- > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > news:bh**********@planja.arnes.si... > > so an obfuscator is basicly software which "moves things around"
in your > > assemblies? > > > > As I mentioned before I use SQL Server in my application and if I left the > > connection > > strings in the program anyone with a hex editor could see them. > > What I did is I encrypted a text file (using .NET security and > cryptography > > classes) and I derypt and read the file during install. > > It's probably not the best solution but it's something :) > > > > One other thing... I also use a "Setup and deployment project" in
my > > application. How can I get obfuscated files into the .msi file? I have > > VS.NET 2003 and DOTFuscator is included > > with vs.net. > > > > Thanks a lot for your answers, > > Saso > > > > "Edward Yang" <ne***********@msn.com> wrote in message > > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > > You may be interested in dotfuscator: > > > > > > http://www.preemptive.com/ > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > > > news:8b*************************@posting.google.co m... > > > > Hi! > > > > > > > > I have recently completed an application, written in C#. > > > > When I opened one of the files with a hex editor I was amazed
by the > > > > lack > > > > of protection for the assemblies. > > > > My application uses SQL Server and during install it sets up tables > > > > needed in the application. I also use a simple protection system, > > > > which stores a string (an initialization password) in the database, > > > > needed for the application to unlock after a few days have passed. > > > > The thing is, that all of the strings that I use in my
assembly are > > > > clearly visible when using a hex editor. > > > > Is there a way of "hiding" that string? Or does anyone have
any better > > > > suggestions? > > > > > > > > thanks, > > > > Saso > > > > > > > > > > > >
If something is encrytped by a loader, whats to stop me loading up a ram
editor, like winhex and viewing ram with it in its decrypted form?
I suppose something is better than nothing.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message
news:#N*************@TK2MSFTNGP10.phx.gbl... unless you are encrypting the payload and have a loader somehow, (and
where is the decrypt key stored?? :D) its always going to be possible to reverse it.
If a code obscufator works by replacing variable names with crappy names
or other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other
attempts at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:#s**************@TK2MSFTNGP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected? Actually, the entire world is investing money on data security, but MS made it so easy for people to view the logic of a .NET software, which in the end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to
do that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... > Why you said the obscufator that comes with VS.NET is next to
useless? I am > wondering because I am planning to use it. Is it really next to useless?? > > > Tony > > > > "Duncan McNutt" <mu*******@127.0.0.22> wrote in message > news:u8**************@TK2MSFTNGP09.phx.gbl... > > This is a big problem with managed code, the obscufator in .NET
2003 is > next > > to useless, same for theyre resource editor. > > > > > > > > -- > > > > Duncan McNutt > > Microsoft Product Deactivation Team > > -- > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in
message > > news:bh**********@planja.arnes.si... > > > so an obfuscator is basicly software which "moves things around"
in your > > > assemblies? > > > > > > As I mentioned before I use SQL Server in my application and if
I left > the > > > connection > > > strings in the program anyone with a hex editor could see them. > > > What I did is I encrypted a text file (using .NET security and > > cryptography > > > classes) and I derypt and read the file during install. > > > It's probably not the best solution but it's something :) > > > > > > One other thing... I also use a "Setup and deployment project"
in my > > > application. How can I get obfuscated files into the .msi file?
I have > > > VS.NET 2003 and DOTFuscator is included > > > with vs.net. > > > > > > Thanks a lot for your answers, > > > Saso > > > > > > "Edward Yang" <ne***********@msn.com> wrote in message > > > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > > > You may be interested in dotfuscator: > > > > > > > > http://www.preemptive.com/ > > > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > > > > news:8b*************************@posting.google.co m... > > > > > Hi! > > > > > > > > > > I have recently completed an application, written in C#. > > > > > When I opened one of the files with a hex editor I was
amazed by the > > > > > lack > > > > > of protection for the assemblies. > > > > > My application uses SQL Server and during install it sets up tables > > > > > needed in the application. I also use a simple protection system, > > > > > which stores a string (an initialization password) in the database, > > > > > needed for the application to unlock after a few days have passed. > > > > > The thing is, that all of the strings that I use in my assembly are > > > > > clearly visible when using a hex editor. > > > > > Is there a way of "hiding" that string? Or does anyone have any > better > > > > > suggestions? > > > > > > > > > > thanks, > > > > > Saso > > > > > > > > > > > > > > > > > > > >
I would advise you to keep away from obfuscating your code.
It has the potential of introducing many bug in case you rely on reflection. Moreover, public methods names are not obfuscated and in case you are relying on a third party library to manage you authorization and authentication need then you are really in de ep trouble. I would recommend using code encryption based utilities, specifically CliSecure by SecureTeam which I find very useful. You can find it at SecureTeam This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: dam |
last post by:
Hi,
since there are tools that can decompile assemblies and
show ENTIRE SOURCE CODE (!?) is there any way for
developers to protect their work ?
Or, is famoues .NET framework just for...
|
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which...
|
by: Enzo |
last post by:
Hi Ng,
It's possible to protect the source code of
a js file? With PHP?
Thanks in advance!
Enzo
|
by: Boni |
last post by:
Dear all,
in order to protect my assembly component from decompilation I implemented
following schema:
I created mixed mode C++ project wich has managed cProxy class and unmanaged
cMemLoader....
|
by: Noone Here |
last post by:
AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is...
|
by: Usman |
last post by:
Hi
I'm working on an application that contains classes for licensing,
authentication etc, including all the algorithms of encryption/decryption
etc. I wanted to secure this code, but after...
|
by: Bayazee |
last post by:
hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |