473,320 Members | 1,831 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Code protection

Dear all,

in order to protect my assembly component from decompilation I implemented
following schema:

I created mixed mode C++ project wich has managed cProxy class and unmanaged
cMemLoader. In the cMemLoader I load encrypted assembly, decrypt it into
memory buffer and then marshal this buffer into managed memory and load the
assembly from memory.

Although I am not sure if this approach is good enough and how easy is it to
break.

Can anybody comment on this? Improvements are welcome too.

Thanks in advance,

Boni

void cProxy::Load(void){

m_pLoader=new cMemLoader(C:\\edit\\MyEncriptedManaged.dll

m_pLoader->DecriptLoad();
unsigned char _pManagedBuff __gc[]=__gc new unsigned char __gc
[m_pLoader->m_file_size] ;

Marshal::Copy(m_pLoader->m_pBuff,_pManagedBuff,0,m_pLoader->m_file_size);

delete m_pLoader;

m_Asm= Assembly::Load(_pManagedBuff);

System::Type *_Types __gc[]= m_Asm->GetTypes();

Object *_Instance = 0;

MethodInfo *_Methods __gc[]= _Types[0]->GetMethods();

_Instance = System::Activator::CreateInstance(_Types[0]);

_Methods[0]->Invoke(_Instance,0);

}


Nov 17 '05 #1
7 2402
Hi,

Did you try to obfuscate it first?

I would suggest you to use the tools accesible to the framework. In your
solution you encrypt the dll, meaning that the file in the HDD is not longer
a DLL, it's a data file. hence the framework cannot do nothing with it, you
cannot register it in the GAC, not using versionsing.

I would give a try to obfuscation first. Take a look at the community
version shipped with .NET
cheers,

--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
"Boni" <oilia@nospam> wrote in message
news:OS*************@TK2MSFTNGP15.phx.gbl...
Dear all,

in order to protect my assembly component from decompilation I implemented
following schema:

I created mixed mode C++ project wich has managed cProxy class and
unmanaged cMemLoader. In the cMemLoader I load encrypted assembly, decrypt
it into memory buffer and then marshal this buffer into managed memory and
load the assembly from memory.

Although I am not sure if this approach is good enough and how easy is it
to break.

Can anybody comment on this? Improvements are welcome too.

Thanks in advance,

Boni

void cProxy::Load(void){

m_pLoader=new cMemLoader(C:\\edit\\MyEncriptedManaged.dll

m_pLoader->DecriptLoad();
unsigned char _pManagedBuff __gc[]=__gc new unsigned char __gc
[m_pLoader->m_file_size] ;

Marshal::Copy(m_pLoader->m_pBuff,_pManagedBuff,0,m_pLoader->m_file_size);

delete m_pLoader;

m_Asm= Assembly::Load(_pManagedBuff);

System::Type *_Types __gc[]= m_Asm->GetTypes();

Object *_Instance = 0;

MethodInfo *_Methods __gc[]= _Types[0]->GetMethods();

_Instance = System::Activator::CreateInstance(_Types[0]);

_Methods[0]->Invoke(_Instance,0);

}

Nov 17 '05 #2
Dear Ignacio, dear all,

of course the dll is obfuscated before encryption. But just obfuscation is
in my case definitely not enougth protection (and it is the point, where for
me the decision is already done and will not be changed!!!). Please don't
misunderstand me, I don't want to discuss if it is worth to encrypt, but HOW
to encrypt so that the dll can't be decompiled.

Please could anybody comment on the strength of my approach or suggest how
to improve it?

Thanks so much,

Boni

"Ignacio Machin ( .NET/ C# MVP )" <ignacio.machin AT dot.state.fl.us>
schrieb im Newsbeitrag news:OM**************@TK2MSFTNGP15.phx.gbl...
Hi,

Did you try to obfuscate it first?

I would suggest you to use the tools accesible to the framework. In your
solution you encrypt the dll, meaning that the file in the HDD is not
longer a DLL, it's a data file. hence the framework cannot do nothing
with it, you cannot register it in the GAC, not using versionsing.

I would give a try to obfuscation first. Take a look at the community
version shipped with .NET
cheers,

--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
"Boni" <oilia@nospam> wrote in message
news:OS*************@TK2MSFTNGP15.phx.gbl...
Dear all,

in order to protect my assembly component from decompilation I
implemented following schema:

I created mixed mode C++ project wich has managed cProxy class and
unmanaged cMemLoader. In the cMemLoader I load encrypted assembly,
decrypt it into memory buffer and then marshal this buffer into managed
memory and load the assembly from memory.

Although I am not sure if this approach is good enough and how easy is it
to break.

Can anybody comment on this? Improvements are welcome too.

Thanks in advance,

Boni

void cProxy::Load(void){

m_pLoader=new cMemLoader(C:\\edit\\MyEncriptedManaged.dll

m_pLoader->DecriptLoad();
unsigned char _pManagedBuff __gc[]=__gc new unsigned char __gc
[m_pLoader->m_file_size] ;

Marshal::Copy(m_pLoader->m_pBuff,_pManagedBuff,0,m_pLoader->m_file_size);

delete m_pLoader;

m_Asm= Assembly::Load(_pManagedBuff);

System::Type *_Types __gc[]= m_Asm->GetTypes();

Object *_Instance = 0;

MethodInfo *_Methods __gc[]= _Types[0]->GetMethods();

_Instance = System::Activator::CreateInstance(_Types[0]);

_Methods[0]->Invoke(_Instance,0);

}


Nov 17 '05 #3
>but HOW to encrypt so that the dll can't be decompiled.

If your code can do it, so can I.

Please could anybody comment on the strength of my approach or suggest how
to improve it?


I would say it's pretty useless. It's trivial to break your code at
the right place and dump the content of _pManagedBuff.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.
Nov 17 '05 #4
Hi Mattias,
could you suggest how to improve the approach, that it is not so trivial to
break?
Thanks,
Boni
"Mattias Sjögren" <ma********************@mvps.org> schrieb im Newsbeitrag
news:uk**************@TK2MSFTNGP14.phx.gbl...
but HOW to encrypt so that the dll can't be decompiled.


If your code can do it, so can I.

Please could anybody comment on the strength of my approach or suggest how
to improve it?


I would say it's pretty useless. It's trivial to break your code at
the right place and dump the content of _pManagedBuff.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Nov 17 '05 #5
Are you trying to protect against proprietary algorithms or are you trying
to prevent someone from thwarting your licensing system? You have to way
your options... Is spending all this extra time attempting to write an
"unbreakable" scheme worth more to you then putting that time and effort in
to marketing your application? You could waste your entire life away
trying to protect your software.

Even if you did find the perfect protection what will happen is that someone
will use a stolen credit card to order the software and get it for free
anyway.

"Boni" <oilia@nospam> wrote in message
news:Oo**************@TK2MSFTNGP10.phx.gbl...
Hi Mattias,
could you suggest how to improve the approach, that it is not so trivial
to break?
Thanks,
Boni
"Mattias Sjögren" <ma********************@mvps.org> schrieb im Newsbeitrag
news:uk**************@TK2MSFTNGP14.phx.gbl...
>but HOW to encrypt so that the dll can't be decompiled.


If your code can do it, so can I.

Please could anybody comment on the strength of my approach or suggest
how
to improve it?


I would say it's pretty useless. It's trivial to break your code at
the right place and dump the content of _pManagedBuff.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.


Nov 17 '05 #6
I am trying to protect algorithms written in managed code. By the way the
license manager runs in the unmanaged code, and if lisence is not valid
assembly will not be decripted.
So my only need is to prevent easy decompile in order to protect algorithms.
May be somebody has an idea how to improve my protection approach?
Thanks,

P.S. Please, I know not anything can be broken. I am trying just to raise
the level.
"Bill" <ms****@hotmail.com> schrieb im Newsbeitrag
news:%2****************@tk2msftngp13.phx.gbl...
Are you trying to protect against proprietary algorithms or are you trying
to prevent someone from thwarting your licensing system? You have to way
your options... Is spending all this extra time attempting to write an
"unbreakable" scheme worth more to you then putting that time and effort
in to marketing your application? You could waste your entire life away
trying to protect your software.

Even if you did find the perfect protection what will happen is that
someone will use a stolen credit card to order the software and get it for
free anyway.

"Boni" <oilia@nospam> wrote in message
news:Oo**************@TK2MSFTNGP10.phx.gbl...
Hi Mattias,
could you suggest how to improve the approach, that it is not so trivial
to break?
Thanks,
Boni
"Mattias Sjögren" <ma********************@mvps.org> schrieb im
Newsbeitrag news:uk**************@TK2MSFTNGP14.phx.gbl...
>but HOW to encrypt so that the dll can't be decompiled.

If your code can do it, so can I.
Please could anybody comment on the strength of my approach or suggest
how
to improve it?

I would say it's pretty useless. It's trivial to break your code at
the right place and dump the content of _pManagedBuff.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.



Nov 17 '05 #7
I think your approach (obfuscation plus encryption) probably makes it as
hard as it's practical to make it -- maybe even harder. But neither you nor
your employer should labor under the misconception that there's any such
thing as bullet-proof protection. It's exactly as you put it in an earlier
message -- you are making it "not so trivial to break" -- not "impossible to
break". So long as you understand the distinction, well and good.

But in my experience, it's still better to innovate your competition into
irrelevance than to expend much serious effort in protection schemes. After
all if someone steals the code all they have is unsupported warez. I'm sure
you add enough value that any serious user would gladly pay for the product.
If not, you need to lower your price or add more value, or both. IMO,
protection schemes should only stop the most casual theives and keep honest
people honest, no more than that.

--Bob

"Boni" <oilia@nospam> wrote in message
news:uD***************@TK2MSFTNGP12.phx.gbl...
I am trying to protect algorithms written in managed code. By the way the
license manager runs in the unmanaged code, and if lisence is not valid
assembly will not be decripted.
So my only need is to prevent easy decompile in order to protect
algorithms. May be somebody has an idea how to improve my protection
approach?
Thanks,

P.S. Please, I know not anything can be broken. I am trying just to raise
the level.
"Bill" <ms****@hotmail.com> schrieb im Newsbeitrag
news:%2****************@tk2msftngp13.phx.gbl...
Are you trying to protect against proprietary algorithms or are you
trying to prevent someone from thwarting your licensing system? You have
to way your options... Is spending all this extra time attempting to
write an "unbreakable" scheme worth more to you then putting that time
and effort in to marketing your application? You could waste your
entire life away trying to protect your software.

Even if you did find the perfect protection what will happen is that
someone will use a stolen credit card to order the software and get it
for free anyway.

"Boni" <oilia@nospam> wrote in message
news:Oo**************@TK2MSFTNGP10.phx.gbl...
Hi Mattias,
could you suggest how to improve the approach, that it is not so trivial
to break?
Thanks,
Boni
"Mattias Sjögren" <ma********************@mvps.org> schrieb im
Newsbeitrag news:uk**************@TK2MSFTNGP14.phx.gbl...
>but HOW to encrypt so that the dll can't be decompiled.

If your code can do it, so can I.
>Please could anybody comment on the strength of my approach or suggest
>how
>to improve it?

I would say it's pretty useless. It's trivial to break your code at
the right place and dump the content of _pManagedBuff.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.



Nov 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
by: dam | last post by:
Hi, since there are tools that can decompile assemblies and show ENTIRE SOURCE CODE (!?) is there any way for developers to protect their work ? Or, is famoues .NET framework just for...
6
by: YK | last post by:
All, What is the best way to protect IL code? --------------------------------------------------- Typical scenario: Visual Studio .NET 2003 includes Dotfuscator Community Edition, which...
15
by: Enzo | last post by:
Hi Ng, It's possible to protect the source code of a js file? With PHP? Thanks in advance! Enzo
28
by: Noone Here | last post by:
AIUI, it was not all that long ago when the threat to personal users, was attachments that when executed compromised machines with keyloggers, trojans, etc. Now it seems that the big problem is...
14
by: Usman | last post by:
Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after...
64
by: Bayazee | last post by:
hi can we hide a python code ? if i want to write a commercial software can i hide my source code from users access ? we can conver it to pyc but this file can decompiled ... so ...!! do you...
16
by: FAQ server | last post by:
----------------------------------------------------------------------- FAQ Topic - How do I protect my javascript code? ----------------------------------------------------------------------- ...
22
by: flit | last post by:
Hello All, I have a hard question, every time I look for this answer its get out from the technical domain and goes on in the moral/social domain. First, I live in third world with bad gov., bad...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.