Hi,
how can i protect a assembly against disassembling with ILDASM and
other products like that. i have a dll with some encryption methods
implemented and i dont want them to be exposed, to the outside of
the world. of cource there are restrictions like modifiers and misc.
but i dont want the assembly "disassembl ed" from someone with
"bad intentions"...
How can i protect it efficiently...?
Thanks in advance
Kerem Gümrükcü
5  3073 
I've got two ideas in my mind.
1. There is a product out there that converts .NET IL into native IL, which
is a lot more difficult to disassemble. I don't remember the exact name of
the software, but I will do some research and post the result if I have
success.
2. I've once seen a cool thing. The actual implementation was stored as a
resource and this .resources file was encrypted. Then he wrote some kind of
starter Application that decrypts the resources file and launches the
resulting Type.
Hope I could give you some new ideas.
Regards Alexander
"Kerem Gümrükcü" wrote: Hi,
how can i protect a assembly against disassembling with ILDASM and
other products like that. i have a dll with some encryption methods
implemented and i dont want them to be exposed, to the outside of
the world. of cource there are restrictions like modifiers and misc.
but i dont want the assembly "disassembl ed" from someone with
"bad intentions"...
How can i protect it efficiently...?
Thanks in advance
Kerem Gümrükcü
- If your code have some secret (such as a proprietary algorithm), you
should put it in a native Win32 DLL. x86 instructions can be disassembled
too, but it is much more difficult to understand.
- For the rest of purposes, obfuscation (renaming identifiers) should be
enough, since it makes the code difficult to read.
--
Carlos J. Quintero
MZ-Tools 4.0: Productivity add-ins for Visual Studio .NET
You can code, design and document much faster. http://www.mztools.com
"Kerem Gümrükcü" <ka*******@hotm ail.com> escribió en el mensaje
news:up******** ******@TK2MSFTN GP09.phx.gbl... Hi,
how can i protect a assembly against disassembling with ILDASM and
other products like that. i have a dll with some encryption methods
implemented and i dont want them to be exposed, to the outside of
the world. of cource there are restrictions like modifiers and misc.
but i dont want the assembly "disassembl ed" from someone with
"bad intentions"...
How can i protect it efficiently...?
Thanks in advance
Kerem Gümrükcü
Try Spices.Net Obfuscator ( http://spices.9rays.net ) with antiILDASM=true or
antiILDASM=Comp lete , stops some of the decompilers and full dissassembling
with ILDASM. Also you can use Naming scheme with non-printable chars to
prevent correct displaying of names in the ILDASM.
--
Best regards,
Al Ponomarev
9Rays.Net
The only approach that is currently available is obfuscation. There
are many .NET Obfuscation products currently available, and for the
most part, they tend to integrate directly into Visual Studio, so it's
not hard to use them as a part of your build process.
While obfuscation is hardly bulletproof, it is the only real
alternative. There are some serious limitations. For instance, an
obfuscator cannot change the names of calls to .NEt Framework classes,
so if your encryption methods use the System.Security .Cryptography
namesapce, a hacker using a disassembler could easily see where your
code calls those classes.
If you are trying to write security to a "serious" application, I'd
advise that you take a look at the incomperable and essential book,
"Writing Secure Code" by Michael Howard and David LeBlanc. It covers
all of the issues more completely than any other source of information.
Regards,
Adam
Thank you for the hints.
But i still do rewrite the Code to C++ and i think this
is the only way to protect the critical parts due the code
is native, and the best thing is, that i can (easily) port it
to any other platform using a cpp compiler. the code is
widely written on the ansi standards, thats why i say portable...
i think some core parts will be written in assembler, but this
makes the thing incompatiple with other platforms. my
colleague insisted...
I already know the book, it is one of the best available...
i can recommend it to anyone who wants to know more
about security internals....an d how to break up a application...
Thank you...
Best Regards
Kerem Gümrükcü
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Alan Sheehan |
last post by:
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files but they can easily be
reverse engineered I am told.
Is it possible to load the scripts from zip files where the zip files
are password protected ?
|
by: Nate A |
last post by:
I am at the beginning stages of writing a massive database-connected business
management application using the .NET framework and am becoming worried
about the security of the application upon completion.
I have recently become aware of the ease at which a .NET assembly can be
disassembled into its easily readable, underlying CLI code. I can see that it
would not be difficult for a malicious user to disassemble, modify, and then...
|
by: Kerem Gümrükcü |
last post by:
Hi,
how can i protect a assembly against disassembling with ILDASM and
other products like that. i have a dll with some encryption methods
implemented and i dont want them to be exposed, to the outside of
the world. of cource there are restrictions like modifiers and misc.
but i dont want the assembly "disassembled" from someone with
"bad intentions"...
|
by: John |
last post by:
Dear all,
I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not...
|
by: Reinhold Schalk |
last post by:
Hello,
somewhere i've read that using strong names does assure two things:
1. Assure that the content of the assembly is not modified (that's ok in my
opinion)
2. Assure that the assembly is really from the "fabricator" (?)
If these two point are correct (i'm not sure), i have a problem with point
2.
To assure the authentity of the fabricator, the public key (which is a part
of the manifest) has to be checked against a certificate.
| | |
by: Gaz |
last post by:
....and recompiling it again
Hi all,
I've got an Assembly DLL and associated .NetModules and want to amend
a function in one of the .NetModules
I've used ILDASM to decompile the .NetModules into IL so I can modify
the code but am having trouble trying to compile up the .NetModule and
effectively renew the Assembly.
|
by: RossettoeCioccolato |
last post by:
The version of dumpbin that ships with VC8 will disassemble x86 code. Is
there a version of dumpbin that ships with VC8 that is able to disassemble
AMD64 object code? Or is there some other solution. I have compiled both
x86 and x64 versions of a binary using VC8 and I need to see, in both cases,
whether the resulting object code is what I expected.
Regards,
George.
|
by: Anthony Bouch |
last post by:
I'm building an n-tier application with data access, application and UI
layers in separate projects and hence separate assemblies.
MyProjectUI.dll
MyProjectApp.dll
MyProjectDataAccess.dll
etc...
The application will eventually be publicly available for download and
installed on end-users machines.
|
by: priyanka |
last post by:
Hi,
I was wondering if we could parse or do something in the executable(
whose source language was C). How can I use some scripting language
like perl/python to find out the information about the executable ? Is
it possible ?
Also, how does the compiler add inling to the program ? I know that
whenever it sees"inline" in front of the procedure name, it inlines it.
But if we give the -finline options, it inline all the procedures ? How
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad education, bad police
and a lot of taxes and bills to pay, and yes I live in a democratic
"state" (corrupt, but democratic).
So please, don't try to convince me about the social / economical /
open source / give to all / be open / all people are...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
