Is it possible to compile a dll that only works on my machine? if
someone steals it, it would not work on their machine. 5 2476
Yes.
There are many mechanisms you could use, but one would be to get the machine
name at runtime and compare it to a hard-coded value.
"Aaron" <ku*****@yahoo.com> wrote in message
news:b4**************************@posting.google.c om... Is it possible to compile a dll that only works on my machine? if someone steals it, it would not work on their machine.
This is a tricky subject, however. I am looking at it presently for a
client for some commercial software I am developing. We want to protect our
code from crackers and also competitors.
Because the .NET Framework compiles your managed code into Intermediate
Language (IL) then we are looking at using an obfuscator to deter a hacker
from attempting to modify our code that performs the licensing checks. Note
I use the word 'deter'. From my research, I believe that obfuscation does
not provide 100% protection - I await any counter arguments from the
obfuscation vendors :)
Therefore I am looking at a mix-and-match combination of techniques to
achieve a level of security that is 'good enough', e.g. online registration
via a web server, a record of authorized features in a digitally signed XML
file, a strongly named assembly in the Global Assembly Cache (GAC) with a
security certificate registered in the client's company name, and
obfuscation of the IL.
Ultimately, the whole security system is built on the obfuscation as, at
present, there is no way (AFAIK) of storing a secret on a user's computer.
There are plenty of discussions on this subject going on in
microsoft.public.dotnet.security.
O'Reilly have published an excellent book 'Programming .NET Security' ISBN
0-596-00442-7.
---
Steven Wood
"Stephany Young" <st******@sysoft.co.nz> wrote in message
news:OH**************@tk2msftngp13.phx.gbl... Yes.
There are many mechanisms you could use, but one would be to get the
machine name at runtime and compare it to a hard-coded value.
"Aaron" <ku*****@yahoo.com> wrote in message news:b4**************************@posting.google.c om... Is it possible to compile a dll that only works on my machine? if someone steals it, it would not work on their machine.
There are other means than obfuscation for code protection. Obfuscation is
the very first step that makes decompilation a bit more difficult, but does
not prevent disassembly at all,. We offers a series of award winning
products to secure your .NET code. We offer the best protection strategy on
the market with a breadth of product offering.
(1) protector, completely prevents disassembly (no more ildasm) and
decompilation, also offers string and resource protection. MSIL code is
replaced with x86 machine code. http://www.remotesoft.com/salamander/protector.html
(2) obfuscator, make reverse engineering more difficult, the easiest to use.
Next release will make obfuscation a truely painless, and totally automated
process. support C#, VB.NET, J#, MC++, etc. http://www.remotesoft.com/salamander/obfuscator.html
(3) Linker and mini-deployment tool. The linker tool automatically finds
all required methods/classes and link all dependent EXE or DLL files into a
single assembly. Even the .NET framework libraries can be linked into your
own code, and thus make it easier to deploy and very hard to decompile. We
also offer tools to help you to deploy only the very minimum set of files
without installing the whole Microsoft .NET framework. http://www.remotesoft.com/linker
(4) native compiler, link and compile .NET executables to x86 native code,
run w/o .NET framework, coming soon.
This would be very useful for WinForms applications as the compiled code can
be deployed to more machines, and make it secure.
(5) salamander .NET decompiler, show how easy to get source code from the
..NET assemblies, http://www.remotesoft.com/salamander/index.html
Huihong
Remotesoft
"Steven Wood" <st*********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... This is a tricky subject, however. I am looking at it presently for a client for some commercial software I am developing. We want to protect
our code from crackers and also competitors.
Because the .NET Framework compiles your managed code into Intermediate Language (IL) then we are looking at using an obfuscator to deter a hacker from attempting to modify our code that performs the licensing checks.
Note I use the word 'deter'. From my research, I believe that obfuscation does not provide 100% protection - I await any counter arguments from the obfuscation vendors :)
Therefore I am looking at a mix-and-match combination of techniques to achieve a level of security that is 'good enough', e.g. online
registration via a web server, a record of authorized features in a digitally signed
XML file, a strongly named assembly in the Global Assembly Cache (GAC) with a security certificate registered in the client's company name, and obfuscation of the IL.
Ultimately, the whole security system is built on the obfuscation as, at present, there is no way (AFAIK) of storing a secret on a user's computer.
There are plenty of discussions on this subject going on in microsoft.public.dotnet.security.
O'Reilly have published an excellent book 'Programming .NET Security' ISBN 0-596-00442-7.
--- Steven Wood
"Stephany Young" <st******@sysoft.co.nz> wrote in message news:OH**************@tk2msftngp13.phx.gbl... Yes.
There are many mechanisms you could use, but one would be to get the machine name at runtime and compare it to a hard-coded value.
"Aaron" <ku*****@yahoo.com> wrote in message news:b4**************************@posting.google.c om... Is it possible to compile a dll that only works on my machine? if someone steals it, it would not work on their machine.
Which is exactly what I said; one needs a 'good enough' solution. I believe
that native code can be put through a debugger to look for critical values
such as encryption keys.
I tried a trial of your obfuscator and had it do the full works on some
assemblies, but all my drop down list boxes stopped working; they were bound
to different typed datasets. Maybe it was something I did.
I shall be keen to see your next version, I am especially interested in the
direction you are taking with integration of obfuscation with the build
process, either through the IDE or scripts. The last thing I need when I'm
shipping is problems in this area, especially when a client wants a CD
yesterday.
---
Steven Wood
"Huihong Luo" <hu******@stanfordalumni.org> wrote in message
news:%2******************@TK2MSFTNGP10.phx.gbl... There are other means than obfuscation for code protection. Obfuscation is the very first step that makes decompilation a bit more difficult, but
does not prevent disassembly at all,. We offers a series of award winning products to secure your .NET code. We offer the best protection strategy
on the market with a breadth of product offering.
(1) protector, completely prevents disassembly (no more ildasm) and decompilation, also offers string and resource protection. MSIL code is replaced with x86 machine code. http://www.remotesoft.com/salamander/protector.html
(2) obfuscator, make reverse engineering more difficult, the easiest to
use. Next release will make obfuscation a truely painless, and totally
automated process. support C#, VB.NET, J#, MC++, etc. http://www.remotesoft.com/salamander/obfuscator.html
(3) Linker and mini-deployment tool. The linker tool automatically finds all required methods/classes and link all dependent EXE or DLL files into
a single assembly. Even the .NET framework libraries can be linked into your own code, and thus make it easier to deploy and very hard to decompile. We also offer tools to help you to deploy only the very minimum set of files without installing the whole Microsoft .NET framework. http://www.remotesoft.com/linker
(4) native compiler, link and compile .NET executables to x86 native code, run w/o .NET framework, coming soon. This would be very useful for WinForms applications as the compiled code
can be deployed to more machines, and make it secure.
(5) salamander .NET decompiler, show how easy to get source code from the .NET assemblies, http://www.remotesoft.com/salamander/index.html
Huihong Remotesoft
"Steven Wood" <st*********@hotmail.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... This is a tricky subject, however. I am looking at it presently for a client for some commercial software I am developing. We want to protect our code from crackers and also competitors.
Because the .NET Framework compiles your managed code into Intermediate Language (IL) then we are looking at using an obfuscator to deter a
hacker from attempting to modify our code that performs the licensing checks. Note I use the word 'deter'. From my research, I believe that obfuscation
does not provide 100% protection - I await any counter arguments from the obfuscation vendors :)
Therefore I am looking at a mix-and-match combination of techniques to achieve a level of security that is 'good enough', e.g. online registration via a web server, a record of authorized features in a digitally signed XML file, a strongly named assembly in the Global Assembly Cache (GAC) with
a security certificate registered in the client's company name, and obfuscation of the IL.
Ultimately, the whole security system is built on the obfuscation as, at present, there is no way (AFAIK) of storing a secret on a user's
computer. There are plenty of discussions on this subject going on in microsoft.public.dotnet.security.
O'Reilly have published an excellent book 'Programming .NET Security'
ISBN 0-596-00442-7.
--- Steven Wood
"Stephany Young" <st******@sysoft.co.nz> wrote in message news:OH**************@tk2msftngp13.phx.gbl... Yes.
There are many mechanisms you could use, but one would be to get the machine name at runtime and compare it to a hard-coded value.
"Aaron" <ku*****@yahoo.com> wrote in message news:b4**************************@posting.google.c om... > Is it possible to compile a dll that only works on my machine? if > someone steals it, it would not work on their machine.
I agree with you. Spending precious development time on things like
obfuscation is ridiculous, it kills me. However, there is one unsolvable
reflection-related problem that any obfuscators are facing, that is, a
developer must manually exclude certain symbols from obfuscation, otherwise
the obfuscated code won't work. This problem prevents any true integration.
Wizard-driven obfuscation can not be done. In fact, >80% work of an
obfuscator is dealing with this painful configuration process.
We will deliver a new solution that makes obfuscation an enjoyable
experience.
Ideally, one should just click a few buttons, and then ship the processed
product.
The bug you get with the drop down list seems to do with some custom
attributes, we fixed a few bugs on that front. Will post a new build during
next week.
Huihong http://www.remotesoft.com/salamander/obfuscator.html
"Steven Wood" <st*********@hotmail.com> wrote in message
news:eR**************@tk2msftngp13.phx.gbl... Which is exactly what I said; one needs a 'good enough' solution. I
believe that native code can be put through a debugger to look for critical values such as encryption keys.
I tried a trial of your obfuscator and had it do the full works on some assemblies, but all my drop down list boxes stopped working; they were
bound to different typed datasets. Maybe it was something I did.
I shall be keen to see your next version, I am especially interested in
the direction you are taking with integration of obfuscation with the build process, either through the IDE or scripts. The last thing I need when
I'm shipping is problems in this area, especially when a client wants a CD yesterday.
--- Steven Wood
"Huihong Luo" <hu******@stanfordalumni.org> wrote in message news:%2******************@TK2MSFTNGP10.phx.gbl... There are other means than obfuscation for code protection. Obfuscation
is the very first step that makes decompilation a bit more difficult, but does not prevent disassembly at all,. We offers a series of award winning products to secure your .NET code. We offer the best protection strategy on the market with a breadth of product offering.
(1) protector, completely prevents disassembly (no more ildasm) and decompilation, also offers string and resource protection. MSIL code is replaced with x86 machine code. http://www.remotesoft.com/salamander/protector.html
(2) obfuscator, make reverse engineering more difficult, the easiest to use. Next release will make obfuscation a truely painless, and totally automated process. support C#, VB.NET, J#, MC++, etc. http://www.remotesoft.com/salamander/obfuscator.html
(3) Linker and mini-deployment tool. The linker tool automatically
finds all required methods/classes and link all dependent EXE or DLL files
into a single assembly. Even the .NET framework libraries can be linked into
your own code, and thus make it easier to deploy and very hard to decompile.
We also offer tools to help you to deploy only the very minimum set of
files without installing the whole Microsoft .NET framework. http://www.remotesoft.com/linker
(4) native compiler, link and compile .NET executables to x86 native
code, run w/o .NET framework, coming soon. This would be very useful for WinForms applications as the compiled code can be deployed to more machines, and make it secure.
(5) salamander .NET decompiler, show how easy to get source code from
the .NET assemblies, http://www.remotesoft.com/salamander/index.html
Huihong Remotesoft
"Steven Wood" <st*********@hotmail.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... This is a tricky subject, however. I am looking at it presently for a client for some commercial software I am developing. We want to
protect our code from crackers and also competitors.
Because the .NET Framework compiles your managed code into
Intermediate Language (IL) then we are looking at using an obfuscator to deter a
hacker from attempting to modify our code that performs the licensing checks. Note I use the word 'deter'. From my research, I believe that obfuscation does not provide 100% protection - I await any counter arguments from the obfuscation vendors :)
Therefore I am looking at a mix-and-match combination of techniques to achieve a level of security that is 'good enough', e.g. online registration via a web server, a record of authorized features in a digitally
signed XML file, a strongly named assembly in the Global Assembly Cache (GAC)
with a security certificate registered in the client's company name, and obfuscation of the IL.
Ultimately, the whole security system is built on the obfuscation as,
at present, there is no way (AFAIK) of storing a secret on a user's computer. There are plenty of discussions on this subject going on in microsoft.public.dotnet.security.
O'Reilly have published an excellent book 'Programming .NET Security' ISBN 0-596-00442-7.
--- Steven Wood
"Stephany Young" <st******@sysoft.co.nz> wrote in message news:OH**************@tk2msftngp13.phx.gbl... > Yes. > > There are many mechanisms you could use, but one would be to get the machine > name at runtime and compare it to a hard-coded value. > > "Aaron" <ku*****@yahoo.com> wrote in message > news:b4**************************@posting.google.c om... > > Is it possible to compile a dll that only works on my machine? if > > someone steals it, it would not work on their machine. > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: William C. White |
last post by:
Does anyone know of a way to use PHP /w Authorize.net AIM without using
cURL? Our website is hosted on a shared drive and the webhost company
doesn't installed additional software (such as cURL)...
|
by: Albert Ahtenberg |
last post by:
Hello,
I don't know if it is only me but I was sure that header("Location:url")
redirects the browser instantly to URL, or at least stops the execution of
the code. But appearantely it continues...
|
by: James |
last post by:
Hi,
I have a form with 2 fields.
'A'
'B'
The user completes one of the fields and the form is submitted.
On the results page I want to run a query, but this will change
subject to which...
|
by: Ollivier Robert |
last post by:
Hello,
I'm trying to link PHP with Oracle 9.2.0/OCI8 with gcc 3.2.3 on a Solaris9
system. The link succeeds but everytime I try to run php, I get a SEGV from
inside the libcnltsh.so library.
...
|
by: Richard Galli |
last post by:
I want viewers to compare state laws on a single subject.
Imagine a three-column table with a drop-down box on the top. A viewer
selects a state from the list, and that state's text fills the...
|
by: Albert Ahtenberg |
last post by:
Hello,
I have two questions.
1. When the user presses the back button and returns to a form he filled
the form is reseted. How do I leave there the values he inserted?
2. When the...
|
by: inderjit S Gabrie |
last post by:
Hi all
Here is the scenerio ...is it possibly to do this...
i am getting valid course dates output on to a web which i have designed
....all is okay so far , look at the following web url
...
|
by: Jack |
last post by:
Hi All,
What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
Which in asp/jsp would be followed by some statements to bind a value...
|
by: Sandwick |
last post by:
I am trying to change the size of a drawing so they are all 3x3.
the script below is what i was trying to use to cut it in half ... I
get errors.
I can display the normal picture but not the...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |