Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso
9  8505 
Hi Saso,
You should be aware that the code you create is also easily accessible not
just the odd string constant. There are tools available to disassemble
assemblies that can reconstruct the code quite nicely.
I havent dug into this deeply and so cannot comment on the viability of
obfuscators but I have tried a disassembler and see that it can do the job
very well.
Cheers
-jr-
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:8b******** *************** **@posting.goog le.com... Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso
You may be interested in dotfuscator: http://www.preemptive.com/
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:8b******** *************** **@posting.goog le.com... Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso
so an obfuscator is basicly software which "moves things around" in your
assemblies?
As I mentioned before I use SQL Server in my application and if I left the
connection
strings in the program anyone with a hex editor could see them.
What I did is I encrypted a text file (using .NET security and cryptography
classes) and I derypt and read the file during install.
It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my
application. How can I get obfuscated files into the .msi file? I have
VS.NET 2003 and DOTFuscator is included
with vs.net.
Thanks a lot for your answers,
Saso
"Edward Yang" <ne***********@ msn.com> wrote in message
news:Oy******** ******@TK2MSFTN GP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:8b******** *************** **@posting.goog le.com... Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso
Why you said the obscufator that comes with VS.NET is next to useless? I am
wondering because I am planning to use it. Is it really next to useless??
Tony
"Duncan McNutt" <mu*******@127. 0.0.22> wrote in message
news:u8******** ******@TK2MSFTN GP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is
next to useless, same for theyre resource editor.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:bh******** **@planja.arnes .si... so an obfuscator is basicly software which "moves things around" in your
assemblies?
As I mentioned before I use SQL Server in my application and if I left
the connection
strings in the program anyone with a hex editor could see them.
What I did is I encrypted a text file (using .NET security and
cryptography classes) and I derypt and read the file during install.
It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my
application. How can I get obfuscated files into the .msi file? I have
VS.NET 2003 and DOTFuscator is included
with vs.net.
Thanks a lot for your answers,
Saso
"Edward Yang" <ne***********@ msn.com> wrote in message
news:Oy******** ******@TK2MSFTN GP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:8b******** *************** **@posting.goog le.com...
> Hi!
>
> I have recently completed an application, written in C#.
> When I opened one of the files with a hex editor I was amazed by the
> lack
> of protection for the assemblies.
> My application uses SQL Server and during install it sets up tables
> needed in the application. I also use a simple protection system,
> which stores a string (an initialization password) in the database,
> needed for the application to unlock after a few days have passed.
> The thing is, that all of the strings that I use in my assembly are
> clearly visible when using a hex editor.
> Is there a way of "hiding" that string? Or does anyone have any
better > suggestions?
>
> thanks,
> Saso
Doesnt take much to reverse it :D check online (google) for tools to do that
:D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:ey******** ******@TK2MSFTN GP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I
am wondering because I am planning to use it. Is it really next to useless??
Tony
"Duncan McNutt" <mu*******@127. 0.0.22> wrote in message
news:u8******** ******@TK2MSFTN GP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is
next to useless, same for theyre resource editor.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:bh******** **@planja.arnes .si... so an obfuscator is basicly software which "moves things around" in
your assemblies?
As I mentioned before I use SQL Server in my application and if I left the connection
strings in the program anyone with a hex editor could see them.
What I did is I encrypted a text file (using .NET security and
cryptography classes) and I derypt and read the file during install.
It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my
application. How can I get obfuscated files into the .msi file? I have
VS.NET 2003 and DOTFuscator is included
with vs.net.
Thanks a lot for your answers,
Saso
"Edward Yang" <ne***********@ msn.com> wrote in message
news:Oy******** ******@TK2MSFTN GP10.phx.gbl...
> You may be interested in dotfuscator:
>
> http://www.preemptive.com/
>
> "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
> news:8b******** *************** **@posting.goog le.com...
> > Hi!
> >
> > I have recently completed an application, written in C#.
> > When I opened one of the files with a hex editor I was amazed by
the > > lack
> > of protection for the assemblies.
> > My application uses SQL Server and during install it sets up
tables > > needed in the application. I also use a simple protection system,
> > which stores a string (an initialization password) in the
database, > > needed for the application to unlock after a few days have passed.
> > The thing is, that all of the strings that I use in my assembly
are > > clearly visible when using a hex editor.
> > Is there a way of "hiding" that string? Or does anyone have any better > > suggestions?
> >
> > thanks,
> > Saso
>
>
Oh my god, so do you have a suggested obscufator that works as expected?
Actually, the entire world is investing money on data security, but MS made
it so easy for people to view the logic of a .NET software, which in the end
will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127. 0.0.99> wrote in message
news:#B******** ******@TK2MSFTN GP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do
that :D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:ey******** ******@TK2MSFTN GP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless?
I am wondering because I am planning to use it. Is it really next to
useless??
Tony
"Duncan McNutt" <mu*******@127. 0.0.22> wrote in message
news:u8******** ******@TK2MSFTN GP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003
is next to useless, same for theyre resource editor.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
news:bh******** **@planja.arnes .si...
> so an obfuscator is basicly software which "moves things around" in your > assemblies?
>
> As I mentioned before I use SQL Server in my application and if I
left the > connection
> strings in the program anyone with a hex editor could see them.
> What I did is I encrypted a text file (using .NET security and
cryptography
> classes) and I derypt and read the file during install.
> It's probably not the best solution but it's something :)
>
> One other thing... I also use a "Setup and deployment project" in my
> application. How can I get obfuscated files into the .msi file? I
have > VS.NET 2003 and DOTFuscator is included
> with vs.net.
>
> Thanks a lot for your answers,
> Saso
>
> "Edward Yang" <ne***********@ msn.com> wrote in message
> news:Oy******** ******@TK2MSFTN GP10.phx.gbl...
> > You may be interested in dotfuscator:
> >
> > http://www.preemptive.com/
> >
> > "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in
message > > news:8b******** *************** **@posting.goog le.com...
> > > Hi!
> > >
> > > I have recently completed an application, written in C#.
> > > When I opened one of the files with a hex editor I was amazed by
the > > > lack
> > > of protection for the assemblies.
> > > My application uses SQL Server and during install it sets up tables > > > needed in the application. I also use a simple protection
system, > > > which stores a string (an initialization password) in the database, > > > needed for the application to unlock after a few days have
passed. > > > The thing is, that all of the strings that I use in my assembly are > > > clearly visible when using a hex editor.
> > > Is there a way of "hiding" that string? Or does anyone have any
better > > > suggestions?
> > >
> > > thanks,
> > > Saso
> >
> >
>
>
unless you are encrypting the payload and have a loader somehow, (and where
is the decrypt key stored?? :D) its always going to be possible to reverse
it.
If a code obscufator works by replacing variable names with crappy names or
other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other attempts
at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:#s******** ******@TK2MSFTN GP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected?
Actually, the entire world is investing money on data security, but MS
made it so easy for people to view the logic of a .NET software, which in the
end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127. 0.0.99> wrote in message
news:#B******** ******@TK2MSFTN GP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do
that :D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:ey******** ******@TK2MSFTN GP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I am wondering because I am planning to use it. Is it really next to useless??
Tony
"Duncan McNutt" <mu*******@127. 0.0.22> wrote in message
news:u8******** ******@TK2MSFTN GP09.phx.gbl...
> This is a big problem with managed code, the obscufator in .NET 2003 is next
> to useless, same for theyre resource editor.
>
>
>
> --
>
> Duncan McNutt
> Microsoft Product Deactivation Team
> --
>
>
> "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message
> news:bh******** **@planja.arnes .si...
> > so an obfuscator is basicly software which "moves things around"
in your > > assemblies?
> >
> > As I mentioned before I use SQL Server in my application and if I left the
> > connection
> > strings in the program anyone with a hex editor could see them.
> > What I did is I encrypted a text file (using .NET security and
> cryptography
> > classes) and I derypt and read the file during install.
> > It's probably not the best solution but it's something :)
> >
> > One other thing... I also use a "Setup and deployment project" in
my > > application. How can I get obfuscated files into the .msi file? I have > > VS.NET 2003 and DOTFuscator is included
> > with vs.net.
> >
> > Thanks a lot for your answers,
> > Saso
> >
> > "Edward Yang" <ne***********@ msn.com> wrote in message
> > news:Oy******** ******@TK2MSFTN GP10.phx.gbl...
> > > You may be interested in dotfuscator:
> > >
> > > http://www.preemptive.com/
> > >
> > > "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message > > > news:8b******** *************** **@posting.goog le.com...
> > > > Hi!
> > > >
> > > > I have recently completed an application, written in C#.
> > > > When I opened one of the files with a hex editor I was amazed
by the > > > > lack
> > > > of protection for the assemblies.
> > > > My application uses SQL Server and during install it sets up
tables > > > > needed in the application. I also use a simple protection system, > > > > which stores a string (an initialization password) in the
database, > > > > needed for the application to unlock after a few days have passed. > > > > The thing is, that all of the strings that I use in my
assembly are > > > > clearly visible when using a hex editor.
> > > > Is there a way of "hiding" that string? Or does anyone have
any better
> > > > suggestions?
> > > >
> > > > thanks,
> > > > Saso
> > >
> > >
> >
> >
>
>
If something is encrytped by a loader, whats to stop me loading up a ram
editor, like winhex and viewing ram with it in its decrypted form?
I suppose something is better than nothing.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Duncan .McNutt" <fu*******@127. 0.0.99> wrote in message
news:#N******** *****@TK2MSFTNG P10.phx.gbl... unless you are encrypting the payload and have a loader somehow, (and
where is the decrypt key stored?? :D) its always going to be possible to reverse
it.
If a code obscufator works by replacing variable names with crappy names
or other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other
attempts at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:#s******** ******@TK2MSFTN GP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected?
Actually, the entire world is investing money on data security, but MS made it so easy for people to view the logic of a .NET software, which in the
end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127. 0.0.99> wrote in message
news:#B******** ******@TK2MSFTN GP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to
do that :D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotm ail.com> wrote in message
news:ey******** ******@TK2MSFTN GP09.phx.gbl...
> Why you said the obscufator that comes with VS.NET is next to
useless? I am
> wondering because I am planning to use it. Is it really next to
useless?? >
>
> Tony
>
>
>
> "Duncan McNutt" <mu*******@127. 0.0.22> wrote in message
> news:u8******** ******@TK2MSFTN GP09.phx.gbl...
> > This is a big problem with managed code, the obscufator in .NET
2003 is > next
> > to useless, same for theyre resource editor.
> >
> >
> >
> > --
> >
> > Duncan McNutt
> > Microsoft Product Deactivation Team
> > --
> >
> >
> > "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in
message > > news:bh******** **@planja.arnes .si...
> > > so an obfuscator is basicly software which "moves things around"
in your
> > > assemblies?
> > >
> > > As I mentioned before I use SQL Server in my application and if
I left > the
> > > connection
> > > strings in the program anyone with a hex editor could see them.
> > > What I did is I encrypted a text file (using .NET security and
> > cryptography
> > > classes) and I derypt and read the file during install.
> > > It's probably not the best solution but it's something :)
> > >
> > > One other thing... I also use a "Setup and deployment project"
in my > > > application. How can I get obfuscated files into the .msi file?
I have > > > VS.NET 2003 and DOTFuscator is included
> > > with vs.net.
> > >
> > > Thanks a lot for your answers,
> > > Saso
> > >
> > > "Edward Yang" <ne***********@ msn.com> wrote in message
> > > news:Oy******** ******@TK2MSFTN GP10.phx.gbl...
> > > > You may be interested in dotfuscator:
> > > >
> > > > http://www.preemptive.com/
> > > >
> > > > "Saso Zagoranski" <sa************ *@guest.arnes.s i> wrote in message > > > > news:8b******** *************** **@posting.goog le.com...
> > > > > Hi!
> > > > >
> > > > > I have recently completed an application, written in C#.
> > > > > When I opened one of the files with a hex editor I was
amazed by the
> > > > > lack
> > > > > of protection for the assemblies.
> > > > > My application uses SQL Server and during install it sets up
tables
> > > > > needed in the application. I also use a simple protection
system, > > > > > which stores a string (an initialization password) in the
database,
> > > > > needed for the application to unlock after a few days have
passed. > > > > > The thing is, that all of the strings that I use in my assembly are
> > > > > clearly visible when using a hex editor.
> > > > > Is there a way of "hiding" that string? Or does anyone have any > better
> > > > > suggestions?
> > > > >
> > > > > thanks,
> > > > > Saso
> > > >
> > > >
> > >
> > >
> >
> >
>
>
I would advise you to keep away from obfuscating your code.
It has the potential of introducing many bug in case you rely on reflection. Moreover, public methods names are not obfuscated and in case you are relying on a third party library to manage you authorization and authentication need then you are really in de ep trouble. I would recommend using code encryption based utilities, specifically CliSecure by SecureTeam which I find very useful. You can find it at SecureTeam This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: dam |
last post by:
Hi,
since there are tools that can decompile assemblies and
show ENTIRE SOURCE CODE (!?) is there any way for
developers to protect their work ?
Or, is famoues .NET framework just for companies who sell
their source code. If this is true - it is unbelievable
childish !
|
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
|
by: Enzo |
last post by:
Hi Ng,
It's possible to protect the source code of
a js file? With PHP?
Thanks in advance!
Enzo
|
by: Boni |
last post by:
Dear all,
in order to protect my assembly component from decompilation I implemented
following schema:
I created mixed mode C++ project wich has managed cProxy class and unmanaged
cMemLoader. In the cMemLoader I load encrypted assembly, decrypt it into
memory buffer and then marshal this buffer into managed memory and load the
assembly from memory.
|
by: Noone Here |
last post by:
AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.
I...
| | |
by: Usman |
last post by:
Hi
I'm working on an application that contains classes for licensing,
authentication etc, including all the algorithms of encryption/decryption
etc. I wanted to secure this code, but after compiling all the code, I just
thought of trying a decompiler on the output file. The decompiler generated
almost 99% of the exact code out of it, exposing all those algorithms that I
need to secure. Even if I try a dotfuscator tool, still it does'nt...
|
by: Bayazee |
last post by:
hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you have any idea about this ...?
---------------------------------------
First Iranian Open Source Community : www.python.ir
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
With clientside Javascript you can't as your code is distributed
in source form and is easily readable. With JScript, there is the
Script Encoder (see MSDN), but this is nothing more than obfuscation.
Disabling the right mouse button also does...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad education, bad police
and a lot of taxes and bills to pay, and yes I live in a democratic
"state" (corrupt, but democratic).
So please, don't try to convince me about the social / economical /
open source / give to all / be open / all people are...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
