Are strong names the answer?

  • Thread starter Thread starter PseudoBill
  • Start date Start date
P

PseudoBill

I'd like some advice on protecting stand-alone exe's built with .net.

I'm not worried about someone stealing my intellectual property since
since I have my apps obfuscated and encrypted now and it's not
exactly rocket science anyway - it's probably much easier for someone
to write from scratch than to de-obfuscate them.

What I would really like is some kind of tip or trick to make the apps
non-runnable if tampered with, but I suspect it's not possible since
someone could always decompile and remove the code for the tamper
check ...
My main concern is that someone makes my latest versions of the apps
available for free simply by using the wonderful utility that
Microsoft supplies (thanks Microsoft !!!) and removing any code I've
inserted to ensure that the user has paid for it.
 
Strong names are helpful, but can be easily removed. For
example, you can develop an EXE and a DLL, the DLL can
have a strong name, so can the EXE. The app is supposed
not to work when the exe or dll is modified. Unfortunately
the reality is not the case. One can easily delete the
signature, and modify either of the exe or dll, and your
app will still run just fine.

If you want to verify the above, download our dotexplorer
and obfuscator,
http://www.remotesoft.com/salamander/obfuscator/download.ht
ml

From the UI, go to Tools > Options > Obfuscator > Delete
Strong Name Signature, now you can obfuscate strong named
assemblies, and the modified files will still work as
usual.

I would recommend performing a private check within your
own code, say, keep a hashvalue of the assembly, and
verify it before the main logic executes. Of course, this
can be removed using ildasm/ilasm, but at lease a hacker
have to understand and figure out what your code does.

Huihong
Protect your code with salamander suite
 
There is no foolproof system to prevent licensing code from being removed or
bypassed. It becomes a trade-off of how much time you're willing to invest
in something that will inevitably be cracked. The harder you make it, the
longer it will take someone to remove your checks, but my suspicion is that
it takes much longer to write them than it does to unwrite them. It's a real
pain, but I guess one day the people that do the cracking will realise that
if they keep doing it, nobody'll bother writing new software.

Steve
 
Back
Top