如果HASP开发商代码进行加密/混淆? [英] Should HASP Vendor Code be encrypted/obfuscated?
问题描述
这是关于SafeNet公司/阿拉丁HASP哨兵键。我已经发布了自己的网站,但为了以防万一别人知道答案还是会发现我太张贴在这里有用的答案。
This is in regard to SafeNet/Aladdin Sentinel HASP keys. I've posted to their site but just in case anybody else knows the answer or would find the answer useful I'm posting here too.
据提供的文档SafeNet的软件保护和授权Guid.pdf我们应该保持我们的供应商代码的秘密吧?
According to the docs provided by SafeNet in "Software Protection and Licensing Guid.pdf" we are supposed to keep our Vendor Code secret, right?
好吧,如果我建立中提供的示例\ Samples\Runtime\csharp\,那么保护应用程序与信封,然后在反编译JetBrains公司dotPeek的笼罩应用程序,我可以在那里很容易看到供应商代码字符串。看来Envelope不会混淆常量字符串。或者,也许它的一流水平串,我不知道。
Well, if I build the sample provided in "\Samples\Runtime\csharp\", then protect the app with Envelope, then decompile the Enveloped app in JetBrains dotPeek, I can see the Vendor Code string there very easily. It appears that Envelope does not obfuscate const strings. Or maybe it's class level strings, I don't know.
这是使用供应商代码的推荐方式?似乎并不很秘密。如果我把供应商代码串入一个临时变量的函数,那么它就会被模糊处理。是,事情应该是这样做呢?如果是的话,应该不会示例代码反映?
Is this the recommended way of using the Vendor Code? Doesn't seem very secret. If I put the Vendor Code string into a temporary variable in a function then it gets obfuscated. Is that the way it should be done? If so, shouldn't the sample code reflect that?
感谢。
推荐答案
我们已经注意到了同样的事情。究其原因常量字符串不混乱可能是由于这样的事实,一个const变量是一个的编译时间常数,让编译器来代替引用到常量在编译时恒定值本身变化。所以基本上没有常量串场的包络过程开始的时候混淆。 (这并不完全如此 - 常量的定义是坚持在IL,但只是对文件的目的;它不是由任何代码中引用)
We had noticed the same thing. The reason const strings are not obfuscated is likely due to the fact that a const variable is a compile time constant, which allows the compiler to replace references to a const variable with the constant value itself at compile time. So there basically is no const string field to obfuscate by the time the enveloping process starts. (This isn't entirely true - the definition of the const is persisted in the IL, but just for documentation purposes; it's not referenced by any code.)
我们处理这个问题的方法是通过使用静态 只读字符串,在静态构造函数初始化。这样做存储的字符串值运行时间常数,使包络过程中正确地访问它们混淆。 (这是通过反编译装配验证,正如你所提到。)
The way we dealt with this is by by using static readonly strings, initialized in a static constructor. Doing this stores the string values as runtime constants, allowing the enveloping process to access them properly for obfuscation. (This is verified by decompiling the assembly, as you mentioned.)
这篇关于如果HASP开发商代码进行加密/混淆?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
