Reverse engineering protection in .net world

hmm

a better title wuld be cracking strong named .net assemblies 🙂

anyway

(note i dont have in-depth of security in .net world , following are just my thougts on the topic)

almost all of u have heared about the strong naming and gac , so ,whats new about that . Usually these terms are used in context of security and code tempering , so u strong named ur assembly and always signed them with ur keys, and also decorate them with attributes, so now runtime checks when ever that assembly , and ensure that it is the same original assembly, and the calling code has the right permission set and priviliges,

but

does this ensures that my code will not be tempered or reverse engineered or cracked, 🙂 i havent found any evidence of that yet 😀 , (i ll talk to obfuscation later on.)

by the way when ever runtime laods an assembly and if its a strong named , signed/partially signed , then it verifies that its loading the correct assembly , this is done by extracting public key token ,and calculating the assembly hash and comparing it with the origninal hash , remeber ur algorithm class abt RSA (K) with .net framework there comes a tool for signing assemblies , sn

sn provides different command line option . its really a powerfull tool

there is a swtich -Vr

executing this ,will register ur assemblies for skipping verification ,

hurrah , did ya get what i mean ??

what if

i developed an application , signed and stronged assembliessomeone just dissemble it using ildasm , temper the code , ( and believe me the instruction set IL is really simple , and the compiler generated IL code is a lot easier to comprehend , the only thing that kick ass is the stack evaluation , remember CLR is an stack based machine 😉 , it might be simple due to many reasons, one might be the maturity of c# ,vb.net compiler, if u compared them to c++ compiler in terms of code generation c++ is way ahead , also since Il is an intermediate language, so compilers might emit code that are easier to optimize during jitting ,)

hhmm where i was, oh haan,

what if someone temper my code , and register the assembly as for skipping verification , infact he can redistribute his code wrapped in mine :P,

, so my question is still here , how can we prevent our code from being reverse-engineered.

for those of u who say use obfuscator,

hmm , i havent use one:P , but what i thnk that proper analysis of generated code will let it reverse -engineered , i mean , a tool can be written to analyze and dissemble the generated code back to source, and also identify the patterns in the code for further analysis,

so how u will protect ur code from being tempered ??

plz if there is any lack of knowledge ,then correct me i ll be gratefull

ldstr “Allah hafiz”

call.s class [mscorlib] MessageBox::Show()

ret

sn -Vr dotCompilerator.dll

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s