Hi all,
Basically right now, i am interested to learn how to break strong names in
..net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies. http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :) 5  2045 
A strong name does not help for preventing reverse engineering, decompiler
retrieves code exactly the same whether or not an assembly is strong-named.
A strong name might help to prevent unauthorized reference of the signed
assembly. However, as you noted, strong names can be removed, or resigned
with a different key. You can download our obfuscator
( http://www.remotesoft.com/salamander/obfuscator.html), which offers an
option: -delsig to delete strong names. You can also use ildasm/ilasm to
delete or resign with a different strong name.
Obfuscators are often used to make reverse engineering more difficult, but
since the nature is renaming symbols, so the underlying code is still
available to hackers as you mentioned, although the code becomes more
difficult for a human to understand due to the presence of large amount of
non-sense class/method/field names.
If you wanted to hide the underlying code completely, so a hacker does not
have access to the logics, you can try our protector product
( http://www.remotesoft.com/salamander/protector.html). It modifies the MSIL
code, instead of the sybol names. Once protected, the MSIL code is no longer
visible.
Thanks,
Huihong
"Chua Wen Ching" <ch************@nospam.hotmail.com> wrote in message
news:CA**********************************@microsof t.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in .net assemblies. I had researched a lot and found a blog that mention how
to hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most
of them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries,
at least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there?
I tried obfuscation and strong names, it seems to be the same. No
difference. I can still see codes inside void main (example) using .net reflector by
Lutz Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
A strong name does not help for preventing reverse engineering, decompiler
retrieves code exactly the same whether or not an assembly is strong-named.
A strong name might help to prevent unauthorized reference of the signed
assembly. However, as you noted, strong names can be removed, or resigned
with a different key. You can download our obfuscator
( http://www.remotesoft.com/salamander/obfuscator.html), which offers an
option: -delsig to delete strong names. You can also use ildasm/ilasm to
delete or resign with a different strong name.
Obfuscators are often used to make reverse engineering more difficult, but
since the nature is renaming symbols, so the underlying code is still
available to hackers as you mentioned, although the code becomes more
difficult for a human to understand due to the presence of large amount of
non-sense class/method/field names.
If you wanted to hide the underlying code completely, so a hacker does not
have access to the logics, you can try our protector product
( http://www.remotesoft.com/salamander/protector.html). It modifies the MSIL
code, instead of the sybol names. Once protected, the MSIL code is no longer
visible.
Thanks,
Huihong
"Chua Wen Ching" <ch************@nospam.hotmail.com> wrote in message
news:CA**********************************@microsof t.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in .net assemblies. I had researched a lot and found a blog that mention how
to hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most
of them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries,
at least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there?
I tried obfuscation and strong names, it seems to be the same. No
difference. I can still see codes inside void main (example) using .net reflector by
Lutz Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
Hi Chua,
Strong naming is not a form of encryption. It just guarantees that an
assembly is not tampered and also who signed it (which strong key).
You can delete or change the signature but then the assembly is tampered and
any application using it will notice (if the application was linked or is
linking against original one).
As a form of protection, you should use one of obfuscators out there (just
search for obfuscator - one is included with vs.net, btw).
--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com www.rthand.com
"Chua Wen Ching" <ch************@nospam.hotmail.com> wrote in message
news:CA**********************************@microsof t.com... Hi all,
Basically right now, i am interested to learn how to break strong names
in
.net assemblies. I had researched a lot and found a blog that mention how
to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name
assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save
back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines
of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No
difference. I
can still see codes inside void main (example) using .net reflector by
Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
--
Regards,
Chua Wen Ching :)
Hello,
May I suggest that you consider our obfuscator, very easy to use and
reasonably priced: http://www.xenocode.com
Regards
Lionel Lindemann
XenoCode Europe
"Chua Wen Ching" <ch************@nospam.hotmail.com> wrote in message news:<CA**********************************@microso ft.com>... Hi all,
Basically right now, i am interested to learn how to break strong names in
.net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks.
I see... only obfuscator the only way :(
Yeah, i will evaluate it...
"Lionel Lindemann" wrote: Hello,
May I suggest that you consider our obfuscator, very easy to use and
reasonably priced:
http://www.xenocode.com
Regards
Lionel Lindemann
XenoCode Europe
"Chua Wen Ching" <ch************@nospam.hotmail.com> wrote in message news:<CA**********************************@microso ft.com>... Hi all,
Basically right now, i am interested to learn how to break strong names in
.net assemblies. I had researched a lot and found a blog that mention how to
hack strong name assemblies.
http://blogs.msdn.com/shawnfa/archiv...20/218049.aspx
"
In order to enable post-build modifications, you need to either:
Delay sign your assembly, hack the PE image, and then perform the final
signing; or
Sign your assembly, hack the PE image, and the use SN -R to resign the
assembly
"
I had look and read about Portable Executables, but the problem is most of
them are in concepts.
Do you had any experience in breaking apart a .net strong name assemblies?
It seems that PE are in C++ codes, and in order to hack PE, i need to
write C++ codes, or use binary editors to manually change?
I am looking into possibilities to protected my office .net libraries, at
least make it harder for hacker.
I heard you can apply a ECMA key, and you can secure the libraries, just
like what Microsoft did to some of their .net framework codes, which you
can't use .net reflector to see the codes.
Please correct me if had a wrong understanding :)
I tried the binary editor from Visual Studio .NET, but i can't seem to
understand how to modify anything (hex or ascii), when i change and save back
to the exe, it fails to run. An error related to not a proper win32
executable.
I had tested with ildasm by generating an il, manually delete the lines of
codes that calls the software license and compile back to an exe by using
ilasm. That is easy. I think even you obfuscate the code, it is still
breakable as obfuscation only changes method and class names to
alphanumerics. The codes in there are still the same.
Is there no way way to encrypt all the codes than being shown in there? I
tried obfuscation and strong names, it seems to be the same. No difference. I
can still see codes inside void main (example) using .net reflector by Lutz
Roeder or Anakrino.
Can you share some opinion to me, please?
Thanks. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kelly G. |
last post by:
Hi All
I am developing a web application in .Net technology. Usually, I create a
DLL for all of my modules to protect the logics. And it is possible to
decompile the DLL.
How do I protect DLL...
|
by: Tom Dacon |
last post by:
If you're not putting assemblies in the GAC, but are referencing shared code
with copylocal=true into the projects that use them, is there any value to
signing the assemblies?
In the environment...
|
by: peter |
last post by:
I have taken over the website duties at work. I am still learning PHP
and MySQL. I want to have a form where the user enters some finacial
info and it is stored in a database. It, obviously,...
|
by: thbst16 |
last post by:
After a number of weeks of fruitless research and experimentation, I
decided to turn to the group with this issue and see if anyone had any
experiences or insights that might help me out. Here's...
|
by: Jack Addington |
last post by:
I have recently spun off a new version of my application for a different
project and plan to do some more shortly. I have essentially split it into
three parts:
1) Common Company Framework...
|
by: Jack Addington |
last post by:
This is my setup
Original Solution /w projects/assemblies:
App (Starting Project)
AppFrameWork
SharedAssemblyA
SharedAssemblyB
SharedAssemblyC
SharedAssemblyD
|
by: 6tc1 |
last post by:
Hi all, I'm having a problem where in my solution that contains
multiple projects - I instantiate a singleton class in one assembly and
then if another assembly tries to use that singleton class...
|
by: Arnie |
last post by:
"We use an Authenticode (digital code signing) certificate from Verisign to
digitally sign our .NET assemblies, and to ensure the assemblies in a
calling tree are authentic as each class and public...
|
by: =?Utf-8?B?TWljaGVsQFZvb3JidXJn?= |
last post by:
Hi all,
i've built a C# dll / component with some wonderful services to the clients
Payroll service.
As you might guess, i only want MY pogram to use this DLL.
If some developer get's hold of a...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
