Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL Server and during install it sets up tables
needed in the application. I also use a simple protection system,
which stores a string (an initialization password) in the database,
needed for the application to unlock after a few days have passed.
The thing is, that all of the strings that I use in my assembly are
clearly visible when using a hex editor.
Is there a way of "hiding" that string? Or does anyone have any better
suggestions?
thanks,
Saso 9 8491
Hi Saso,
You should be aware that the code you create is also easily accessible not
just the odd string constant. There are tools available to disassemble
assemblies that can reconstruct the code quite nicely.
I havent dug into this deeply and so cannot comment on the viability of
obfuscators but I have tried a disassembler and see that it can do the job
very well.
Cheers
-jr-
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message
news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
You may be interested in dotfuscator: http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message
news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
so an obfuscator is basicly software which "moves things around" in your
assemblies?
As I mentioned before I use SQL Server in my application and if I left the
connection
strings in the program anyone with a hex editor could see them.
What I did is I encrypted a text file (using .NET security and cryptography
classes) and I derypt and read the file during install.
It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my
application. How can I get obfuscated files into the .msi file? I have
VS.NET 2003 and DOTFuscator is included
with vs.net.
Thanks a lot for your answers,
Saso
"Edward Yang" <ne***********@msn.com> wrote in message
news:Oy**************@TK2MSFTNGP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:8b*************************@posting.google.co m... Hi!
I have recently completed an application, written in C#. When I opened one of the files with a hex editor I was amazed by the lack of protection for the assemblies. My application uses SQL Server and during install it sets up tables needed in the application. I also use a simple protection system, which stores a string (an initialization password) in the database, needed for the application to unlock after a few days have passed. The thing is, that all of the strings that I use in my assembly are clearly visible when using a hex editor. Is there a way of "hiding" that string? Or does anyone have any better suggestions?
thanks, Saso
Why you said the obscufator that comes with VS.NET is next to useless? I am
wondering because I am planning to use it. Is it really next to useless??
Tony
"Duncan McNutt" <mu*******@127.0.0.22> wrote in message
news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is
next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... so an obfuscator is basicly software which "moves things around" in your assemblies?
As I mentioned before I use SQL Server in my application and if I left
the connection strings in the program anyone with a hex editor could see them. What I did is I encrypted a text file (using .NET security and cryptography classes) and I derypt and read the file during install. It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my application. How can I get obfuscated files into the .msi file? I have VS.NET 2003 and DOTFuscator is included with vs.net.
Thanks a lot for your answers, Saso
"Edward Yang" <ne***********@msn.com> wrote in message news:Oy**************@TK2MSFTNGP10.phx.gbl... You may be interested in dotfuscator:
http://www.preemptive.com/
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:8b*************************@posting.google.co m... > Hi! > > I have recently completed an application, written in C#. > When I opened one of the files with a hex editor I was amazed by the > lack > of protection for the assemblies. > My application uses SQL Server and during install it sets up tables > needed in the application. I also use a simple protection system, > which stores a string (an initialization password) in the database, > needed for the application to unlock after a few days have passed. > The thing is, that all of the strings that I use in my assembly are > clearly visible when using a hex editor. > Is there a way of "hiding" that string? Or does anyone have any
better > suggestions? > > thanks, > Saso
Doesnt take much to reverse it :D check online (google) for tools to do that
:D
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotmail.com> wrote in message
news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I
am wondering because I am planning to use it. Is it really next to useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003 is next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... so an obfuscator is basicly software which "moves things around" in
your assemblies?
As I mentioned before I use SQL Server in my application and if I left the connection strings in the program anyone with a hex editor could see them. What I did is I encrypted a text file (using .NET security and cryptography classes) and I derypt and read the file during install. It's probably not the best solution but it's something :)
One other thing... I also use a "Setup and deployment project" in my application. How can I get obfuscated files into the .msi file? I have VS.NET 2003 and DOTFuscator is included with vs.net.
Thanks a lot for your answers, Saso
"Edward Yang" <ne***********@msn.com> wrote in message news:Oy**************@TK2MSFTNGP10.phx.gbl... > You may be interested in dotfuscator: > > http://www.preemptive.com/ > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > news:8b*************************@posting.google.co m... > > Hi! > > > > I have recently completed an application, written in C#. > > When I opened one of the files with a hex editor I was amazed by
the > > lack > > of protection for the assemblies. > > My application uses SQL Server and during install it sets up
tables > > needed in the application. I also use a simple protection system, > > which stores a string (an initialization password) in the
database, > > needed for the application to unlock after a few days have passed. > > The thing is, that all of the strings that I use in my assembly
are > > clearly visible when using a hex editor. > > Is there a way of "hiding" that string? Or does anyone have any better > > suggestions? > > > > thanks, > > Saso > >
Oh my god, so do you have a suggested obscufator that works as expected?
Actually, the entire world is investing money on data security, but MS made
it so easy for people to view the logic of a .NET software, which in the end
will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message
news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do
that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless?
I am wondering because I am planning to use it. Is it really next to
useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... This is a big problem with managed code, the obscufator in .NET 2003
is next to useless, same for theyre resource editor. --
Duncan McNutt Microsoft Product Deactivation Team --
"Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message news:bh**********@planja.arnes.si... > so an obfuscator is basicly software which "moves things around" in your > assemblies? > > As I mentioned before I use SQL Server in my application and if I
left the > connection > strings in the program anyone with a hex editor could see them. > What I did is I encrypted a text file (using .NET security and cryptography > classes) and I derypt and read the file during install. > It's probably not the best solution but it's something :) > > One other thing... I also use a "Setup and deployment project" in my > application. How can I get obfuscated files into the .msi file? I
have > VS.NET 2003 and DOTFuscator is included > with vs.net. > > Thanks a lot for your answers, > Saso > > "Edward Yang" <ne***********@msn.com> wrote in message > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > You may be interested in dotfuscator: > > > > http://www.preemptive.com/ > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in
message > > news:8b*************************@posting.google.co m... > > > Hi! > > > > > > I have recently completed an application, written in C#. > > > When I opened one of the files with a hex editor I was amazed by the > > > lack > > > of protection for the assemblies. > > > My application uses SQL Server and during install it sets up tables > > > needed in the application. I also use a simple protection
system, > > > which stores a string (an initialization password) in the database, > > > needed for the application to unlock after a few days have
passed. > > > The thing is, that all of the strings that I use in my assembly are > > > clearly visible when using a hex editor. > > > Is there a way of "hiding" that string? Or does anyone have any better > > > suggestions? > > > > > > thanks, > > > Saso > > > > > >
unless you are encrypting the payload and have a loader somehow, (and where
is the decrypt key stored?? :D) its always going to be possible to reverse
it.
If a code obscufator works by replacing variable names with crappy names or
other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other attempts
at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Tony Liu" <en*******@hotmail.com> wrote in message
news:#s**************@TK2MSFTNGP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected? Actually, the entire world is investing money on data security, but MS
made it so easy for people to view the logic of a .NET software, which in the
end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to do that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... Why you said the obscufator that comes with VS.NET is next to useless? I am wondering because I am planning to use it. Is it really next to useless??
Tony "Duncan McNutt" <mu*******@127.0.0.22> wrote in message news:u8**************@TK2MSFTNGP09.phx.gbl... > This is a big problem with managed code, the obscufator in .NET 2003 is next > to useless, same for theyre resource editor. > > > > -- > > Duncan McNutt > Microsoft Product Deactivation Team > -- > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > news:bh**********@planja.arnes.si... > > so an obfuscator is basicly software which "moves things around"
in your > > assemblies? > > > > As I mentioned before I use SQL Server in my application and if I left the > > connection > > strings in the program anyone with a hex editor could see them. > > What I did is I encrypted a text file (using .NET security and > cryptography > > classes) and I derypt and read the file during install. > > It's probably not the best solution but it's something :) > > > > One other thing... I also use a "Setup and deployment project" in
my > > application. How can I get obfuscated files into the .msi file? I have > > VS.NET 2003 and DOTFuscator is included > > with vs.net. > > > > Thanks a lot for your answers, > > Saso > > > > "Edward Yang" <ne***********@msn.com> wrote in message > > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > > You may be interested in dotfuscator: > > > > > > http://www.preemptive.com/ > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > > > news:8b*************************@posting.google.co m... > > > > Hi! > > > > > > > > I have recently completed an application, written in C#. > > > > When I opened one of the files with a hex editor I was amazed
by the > > > > lack > > > > of protection for the assemblies. > > > > My application uses SQL Server and during install it sets up tables > > > > needed in the application. I also use a simple protection system, > > > > which stores a string (an initialization password) in the database, > > > > needed for the application to unlock after a few days have passed. > > > > The thing is, that all of the strings that I use in my
assembly are > > > > clearly visible when using a hex editor. > > > > Is there a way of "hiding" that string? Or does anyone have
any better > > > > suggestions? > > > > > > > > thanks, > > > > Saso > > > > > > > > > > > >
If something is encrytped by a loader, whats to stop me loading up a ram
editor, like winhex and viewing ram with it in its decrypted form?
I suppose something is better than nothing.
--
Duncan McNutt
Microsoft Product Deactivation Team
--
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message
news:#N*************@TK2MSFTNGP10.phx.gbl... unless you are encrypting the payload and have a loader somehow, (and
where is the decrypt key stored?? :D) its always going to be possible to reverse it.
If a code obscufator works by replacing variable names with crappy names
or other symbols then the algorithm would still be visible won't it?
There are a few but I would ask "how" they obscufate it
here is one that I quickly found and I am sure there are many other
attempts at solving this problem, http://www.wiseowl.com/products/products.aspx
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:#s**************@TK2MSFTNGP12.phx.gbl... Oh my god, so do you have a suggested obscufator that works as expected? Actually, the entire world is investing money on data security, but MS made it so easy for people to view the logic of a .NET software, which in the end will be the one accessing the securited data.
"Duncan .McNutt" <fu*******@127.0.0.99> wrote in message news:#B**************@TK2MSFTNGP10.phx.gbl... Doesnt take much to reverse it :D check online (google) for tools to
do that :D
--
Duncan McNutt Microsoft Product Deactivation Team --
"Tony Liu" <en*******@hotmail.com> wrote in message news:ey**************@TK2MSFTNGP09.phx.gbl... > Why you said the obscufator that comes with VS.NET is next to
useless? I am > wondering because I am planning to use it. Is it really next to useless?? > > > Tony > > > > "Duncan McNutt" <mu*******@127.0.0.22> wrote in message > news:u8**************@TK2MSFTNGP09.phx.gbl... > > This is a big problem with managed code, the obscufator in .NET
2003 is > next > > to useless, same for theyre resource editor. > > > > > > > > -- > > > > Duncan McNutt > > Microsoft Product Deactivation Team > > -- > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in
message > > news:bh**********@planja.arnes.si... > > > so an obfuscator is basicly software which "moves things around"
in your > > > assemblies? > > > > > > As I mentioned before I use SQL Server in my application and if
I left > the > > > connection > > > strings in the program anyone with a hex editor could see them. > > > What I did is I encrypted a text file (using .NET security and > > cryptography > > > classes) and I derypt and read the file during install. > > > It's probably not the best solution but it's something :) > > > > > > One other thing... I also use a "Setup and deployment project"
in my > > > application. How can I get obfuscated files into the .msi file?
I have > > > VS.NET 2003 and DOTFuscator is included > > > with vs.net. > > > > > > Thanks a lot for your answers, > > > Saso > > > > > > "Edward Yang" <ne***********@msn.com> wrote in message > > > news:Oy**************@TK2MSFTNGP10.phx.gbl... > > > > You may be interested in dotfuscator: > > > > > > > > http://www.preemptive.com/ > > > > > > > > "Saso Zagoranski" <sa*************@guest.arnes.si> wrote in message > > > > news:8b*************************@posting.google.co m... > > > > > Hi! > > > > > > > > > > I have recently completed an application, written in C#. > > > > > When I opened one of the files with a hex editor I was
amazed by the > > > > > lack > > > > > of protection for the assemblies. > > > > > My application uses SQL Server and during install it sets up tables > > > > > needed in the application. I also use a simple protection system, > > > > > which stores a string (an initialization password) in the database, > > > > > needed for the application to unlock after a few days have passed. > > > > > The thing is, that all of the strings that I use in my assembly are > > > > > clearly visible when using a hex editor. > > > > > Is there a way of "hiding" that string? Or does anyone have any > better > > > > > suggestions? > > > > > > > > > > thanks, > > > > > Saso > > > > > > > > > > > > > > > > > > > >
I would advise you to keep away from obfuscating your code.
It has the potential of introducing many bug in case you rely on reflection. Moreover, public methods names are not obfuscated and in case you are relying on a third party library to manage you authorization and authentication need then you are really in de ep trouble. I would recommend using code encryption based utilities, specifically CliSecure by SecureTeam which I find very useful. You can find it at SecureTeam This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: dam |
last post by:
Hi,
since there are tools that can decompile assemblies and
show ENTIRE SOURCE CODE (!?) is there any way for
developers to protect their work ?
Or, is famoues .NET framework just for...
|
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which...
|
by: Enzo |
last post by:
Hi Ng,
It's possible to protect the source code of
a js file? With PHP?
Thanks in advance!
Enzo
|
by: Boni |
last post by:
Dear all,
in order to protect my assembly component from decompilation I implemented
following schema:
I created mixed mode C++ project wich has managed cProxy class and unmanaged
cMemLoader....
|
by: Noone Here |
last post by:
AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is...
|
by: Usman |
last post by:
Hi
I'm working on an application that contains classes for licensing,
authentication etc, including all the algorithms of encryption/decryption
etc. I wanted to secure this code, but after...
|
by: Bayazee |
last post by:
hi
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |