Hi all,
Basically right now, i am interested to learn how to break strong names in
..net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies. http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :) 5  2053 
A strong name does not help for preventing reverse engineering, decompiler
retrieves code exactly the same whether or not an assembly is strong-named.
A strong name might help to prevent unauthorized reference of the signed
assembly. However, as you noted, strong names can be removed, or resigned
with a different key. You can download our obfuscator
( http://www.remotesoft.com/salamander/obfuscator.html), which offers an
option: -delsig to delete strong names. You can also use ildasm/ilasm to
delete or resign with a different strong name.
Obfuscators are often used to make reverse engineering more difficult, but
since the nature is renaming symbols, so the underlying code is still
available to hackers as you mentioned, although the code becomes more
difficult for a human to understand due to the presence of large amount of
non-sense class/method/field names.
If you wanted to hide the underlying code completely, so a hacker does not
have access to the logics, you can try our protector product
( http://www.remotesoft.com/salamander/protector.html). It modifies the MSIL
code, instead of the sybol names. Once protected, the MSIL code is no longer
visible.
Thanks,
Huihong
"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:CA******** *************** ***********@mic rosoft.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in .net assemblies. I had researched a lot and found a blog that mention how
to hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most
of them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries,
at least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there?
I tried obfuscation and strong names, it seems to be the same. No
difference. I can still see codes inside void main (example) using .net reflector by
Lutz Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
A strong name does not help for preventing reverse engineering, decompiler
retrieves code exactly the same whether or not an assembly is strong-named.
A strong name might help to prevent unauthorized reference of the signed
assembly. However, as you noted, strong names can be removed, or resigned
with a different key. You can download our obfuscator
( http://www.remotesoft.com/salamander/obfuscator.html), which offers an
option: -delsig to delete strong names. You can also use ildasm/ilasm to
delete or resign with a different strong name.
Obfuscators are often used to make reverse engineering more difficult, but
since the nature is renaming symbols, so the underlying code is still
available to hackers as you mentioned, although the code becomes more
difficult for a human to understand due to the presence of large amount of
non-sense class/method/field names.
If you wanted to hide the underlying code completely, so a hacker does not
have access to the logics, you can try our protector product
( http://www.remotesoft.com/salamander/protector.html). It modifies the MSIL
code, instead of the sybol names. Once protected, the MSIL code is no longer
visible.
Thanks,
Huihong
"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:CA******** *************** ***********@mic rosoft.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in .net assemblies. I had researched a lot and found a blog that mention how
to hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most
of them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries,
at least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there?
I tried obfuscation and strong names, it seems to be the same. No
difference. I can still see codes inside void main (example) using .net reflector by
Lutz Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
Hi Chua,
Strong naming is not a form of encryption. It just guarantees that an
assembly is not tampered and also who signed it (which strong key).
You can delete or change the signature but then the assembly is tampered and
any application using it will notice (if the application was linked or is
linking against original one).
As a form of protection, you should use one of obfuscators out there (just
search for obfuscator - one is included with vs.net, btw).
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com www.rthand.com
"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message
news:CA******** *************** ***********@mic rosoft.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in
.net assemblies. I had researched a lot and found a blog that mention how
to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No
difference. I
can still see codes inside void main (example) using .net reflector by
Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
Hello,
May I suggest that you consider our obfuscator, very easy to use and
reasonably priced: http://www.xenocode.com
Regards
Lionel Lindemann
XenoCode Europe
"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message news:<CA******* *************** ************@mi crosoft.com>... Hi all,
Basically right now, i am interested to learn how to break strong names in
.net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
I see... only obfuscator the only way :(
Yeah, i will evaluate it...
"Lionel Lindemann" wrote: Hello,
May I suggest that you consider our obfuscator, very easy to use and
reasonably priced:
http://www.xenocode.com
Regards
Lionel Lindemann
XenoCode Europe
"Chua Wen Ching" <ch************ @nospam.hotmail .com> wrote in message news:<CA******* *************** ************@mi crosoft.com>... Hi all,
Basically right now, i am interested to learn how to break strong names in
.net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Kelly G. |
last post by:
Hi All
I am developing a web application in .Net technology. Usually, I create a
DLL for all of my modules to protect the logics. And it is possible to
decompile the DLL.
How do I protect DLL created using VISUAL STUDIO.NET 2002. I want to secure
component design. Give me some professional techniques to secure the codes.
Any 3rd party software must not be able to decompile it.
|
by: Tom Dacon |
last post by:
If you're not putting assemblies in the GAC, but are referencing shared code
with copylocal=true into the projects that use them, is there any value to
signing the assemblies?
In the environment I've just begun to work in, there are customer-facing web
sites, internally-accessed maintenance and admin web sites, middle-tier
business logic assemblies, services, and Windows Forms apps that run on the
middle-tier. The policy is to sign the...
|
by: peter |
last post by:
I have taken over the website duties at work. I am still learning PHP
and MySQL. I want to have a form where the user enters some finacial
info and it is stored in a database. It, obviously, needs to be
secure. I know how to make the input form secure. But what about
retrieving the data? I was thinking I would use a password-protected
secure form for that. Is that enough? What if I happen to view the
records using PhpMyAdmin? Does...
|
by: thbst16 |
last post by:
After a number of weeks of fruitless research and experimentation, I
decided to turn to the group with this issue and see if anyone had any
experiences or insights that might help me out. Here's what I'm
facing:
· Deploying Windows Form client using Zero Touch deployment.
· I use a variant of Rocky Lhotka's NetRun utility to bootstrap the
application. This utility is client resident and sets permissions to
"Full Trust" prior to invoking...
|
by: Jack Addington |
last post by:
I have recently spun off a new version of my application for a different
project and plan to do some more shortly. I have essentially split it into
three parts:
1) Common Company Framework (small/very stable) stored in drive/framework
2) Common Application Framework (large/stable) stored in drive/common
3) New Applications / Skins (small/unstable) stored in drive/project
Both my projects are still under some semblance of development...
| | |
by: Jack Addington |
last post by:
This is my setup
Original Solution /w projects/assemblies:
App (Starting Project)
AppFrameWork
SharedAssemblyA
SharedAssemblyB
SharedAssemblyC
SharedAssemblyD
|
by: 6tc1 |
last post by:
Hi all, I'm having a problem where in my solution that contains
multiple projects - I instantiate a singleton class in one assembly and
then if another assembly tries to use that singleton class another
instance of it is created.
Basically:
--Assembly 1 (the executable)--
-Main.cs-
|
by: Arnie |
last post by:
"We use an Authenticode (digital code signing) certificate from Verisign to
digitally sign our .NET assemblies, and to ensure the assemblies in a
calling tree are authentic as each class and public method in secure
assemblies are decorated with this attribute:
|
by: =?Utf-8?B?TWljaGVsQFZvb3JidXJn?= |
last post by:
Hi all,
i've built a C# dll / component with some wonderful services to the clients
Payroll service.
As you might guess, i only want MY pogram to use this DLL.
If some developer get's hold of a reference to my dll, he or she could
easily use all methods to raise his or hers salary....
I tried code access security, bu i can only use that on Class level and not
on Assembly level, and i've read that there are ways to work around this kind
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
