AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
To run the code, the main assembly has to derrive the exact key, and unencrypt the DLL into a buffer.The only reason im considering alternatives is because Java is decompilable, and thus ones source code is unprotected for the most part when shipped as a desktop app (obfuscation is good, but id like it to be more secure).
Do i understand correctly that C.NET can always be decompiled, like Java Or is there an option to compile even C into pure machine language That will be losing the advantages of Managed code, but i just wonder about flexibilities of compiling C into managed or unmanaged code upon choice. P.S. I also came across news that MS considers providing some kind of encryption support for.NET. If thats true, will that be strong enough to ensure code confidentiality for managed code Thanks, rs. Do i understand correctly that C.NET can always be decompiled, like Java. Or is there an option to compile even C into pure machine language That will be losing the advantages of Managed code, but i just wonder about flexibilities of compiling C into managed or unmanaged code upon choice. Though the il code is still there and framework is still required. ![]() Miha Markic - RightHand.NET consulting development miha at rthand com. The mini-deployment tool then builds a minimum set of the Microsoft.NET runtime to ship with your application. This usually results in installation size of a few mega bytes, rather than tens of mega bytes, and the installation takes much less time without rebooting machines. Code Protection There is one problem none of the current obfuscators address, that is, no matter how good the obfuscation is, there are system library calls and other external references scattered over in your code (see red in below). Since these calls are external references, obfuscators will have to leave them unchanged. However, these references help a lot to understand the decompiled code, because they are well documented and public APIs. The linker removes or reduces such public APIs by linking the framework APIs into your own code, and thus makes your code much more difficult to decompile after obfuscation. Below shows sample MSIL code before and after the linker is used. Miha Markic wrote in message news:umTK2MSFTNGP11.phx.gbl. Hi, Reshat Sabiq wrote in message news:01phx.gbl. Do i understand correctly that C.NET can always be decompiled, like Java Yup, unless obfuscated - like java. In fact machine language is very much like byte code, and there are tools out there that take PEs and give you readable code back. The issue is that machine code is mixed with headers and literal data (not in a nice standardized way like.NET or Java), so you have to look at how the compiler put the stuff together. If I know a piece of executable code came from VC or Borland C, then I can remove a lot of the mystery about where the data stops and the code begins. Once you know that, its only marginally more difficult to reverse-engineer those binaries than it is for.NET or Java. If you want something more secure, you can take your.NET code and write the important bits in a.NET DLL rather than the main assembly. Then, encrypt the DLL using a symmetric cypher with a key derrived from the signed main assembly (so the key isnt present) and create a digest for it. If you want to create something a little more concrete, you can also derrive the key from certificates you issue, and ensure that the certs are valid.
0 Comments
Read More
Leave a Reply. |