如何保护/加密Inno Setup免于反编译 [英] How to secure/encrypt Inno Setup from decompiling

问题描述

我正在使用Inno设置工具来打包/设置我的所有文件(dll，exe，jpg等). 但是我发现有一个名为 InnoExtractor 的软件可以真正打开我的设置并读取所有脚本并提取所有文件，因为我需要在安装程序中隐藏/保护我的文件，因此我花了很多时间/精力来保护我的

I am using an Inno Setup Tool to pack/setup all my files (dll, exe, jpg, etc). But I found that there is a software called InnoExtractor which can really open my setup and read all the scripts and also extract all the files, since I need to hide/protect my files in setup I spent a lot of time/efforts to secure my setup.exe which was generated from Inno Setup, but I found some people saying add a password to Inno Setup Script, but this is also a wrong because the client knows that password and he can simply use InnoExtractor and extract everything even it was protected by Password! is not it!?

现在，我只是问是否有人可以建议我解决这个问题.实际上，我嵌入了XML文件和DLL，该文件用于根据客户端计算机在客户端安装特定文件，但是如果客户端将所有DLL提取到其计算机上，那将是一场灾难！我需要一种防止客户端查看/提取我的setup.exe的方法！

Now, I just ask if there someone can suggest me to solve this problem. In fact I embed XML files and DLL which is used to install specific files at client side according to the client machine, but if the client extract all DLLs to his machine then it will be a catastrophe! I need a way to prevent the client from seeing/extracting my setup.exe!

推荐答案

如果您需要能够在用户计算机上运行相同的代码，则无法保护代码免受用户攻击.将文件传送到客户端计算机后，无论使用哪种方法打包文件，客户端都可以提取文件.

There's no way to protect code from an user, if you need to be able to run the same code on the user's machine. Once you deliver files to client's machine, no matter what method you used to pack them, the client can extract the files.

您只能加大难度，但是没有绝对的解决方案.

You can only make it harder, but there's no absolute solution.

您使用的标准工具越多，反编译代码就越容易.如果您想使反编译变得困难，请定制安装程序，而不要依赖标准的安装程序工具(如Inno Setup).

More standard tools you use, more easy it is to decompile the code. If you want to make decompiling hard, make your custom installer, instead of relying on a standard installer tool (like Inno Setup).

可能唯一安全的方法是使用一些在线服务.

Probably the only safe way is to use some online service.

• 您可以使用非常强的密码(每个文件/DLL使用不同的加密密钥)对文件进行加密.安装程序将询问用户一些密码，并将密码发送给一些在线服务.验证密码后，在线服务将发回用于客户端允许安装的DLL的解密密钥.这将允许安装程序仅解密该客户端的DLL.

• You can encrypt the files with some very strong cipher (each file/DLL with a different encryption key). The installer will ask the user for some password, and will send the password to some online service. The online service, after verifying the password, will send back a decryption key for the DLL that you allow the client to install. This will allow the installer to decrypt only the DLL for that client.

另一种选择是，只有在验证客户端之后，安装程序才会从服务器下载DLL.

Another alternative is that the installer will actually download the DLL from a server, only after you verify the client.

这篇关于如何保护/加密Inno Setup免于反编译的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！