保护资源免受逆向工程的最佳做法 [英] Best practice to protect resources against reverse engineering

问题描述

为了解决一些防止逆向工程或反编译的防护等级，我决定将C＃应用程序的重要部分（包括几个xml资源）移植到本机C ++ DLL文件中，这些文件基于此处使用C ++程序中的资源和 practice1 和 practice2 在C＃应用程序中使用C ++ DLL文件。现在我有两个问题：

1. 这是解决逆向工程应用程序保护的正确方法吗？


2. 什么是正确的方式返回文本内容。在C + +̶̶DLL文件基于̶p̶r̶a̶c̶t̶i̶c̶e̶1̶和̶p̶r̶a̶c̶t̶i̶c̶e̶2̶.̶我已阅读̶m̶a̶n̶a̶y̶样品，̶但所有这些，我读曾形容通过使用添加/减/乘/̶D̶e̶v̶i̶d̶e̶̶f̶u̶n̶c̶t̶i̶o̶n̶s̶.̶

更新：
我跳过第二个问题可能是编码问题，而第一个是关于实践的问题。

解决方案

将文本资源放在DLL中是一种隐藏资源的技术，而不是保护它们。如果目标是保护您的资源免受逆向工程的影响，这种技术只能作为晦涩的安全性的最低和最不有效的措施，这样做不会对任何人造成您的资源的极少的决心提供任何安全保障。 p>

对于任何程度的真正保护，您需要使用加密，因为使用自定义密钥加密资源将需要更高的复杂程度，任何人都会尝试逆向工程您的系统。这样做不会完全不可能对您的系统进行逆向工程，但是这样做足以阻止黑客利用有限的知识来解决您的代码。

In order to address some level of protection against reverse engineering or decompilation, I decided to move the important parts of my C# application including several xml resources into a native C++ DLL file based on the method described here for using resources in C++ programs and practice1 and practice2 for utilizing C++ DLL files in C# applications. Now i have two questions:

1. Is this a proper approach for addressing the application protection against reverse engineering?
2. W̶h̶a̶t̶ ̶i̶s̶ ̶t̶h̶e̶ ̶c̶o̶r̶r̶e̶c̶t̶ ̶w̶a̶y̶ ̶o̶f̶ ̶r̶e̶t̶u̶r̶n̶i̶n̶g̶ ̶t̶e̶x̶t̶ ̶c̶o̶n̶t̶e̶n̶t̶s̶ ̶i̶n̶ ̶C̶+̶+̶ ̶D̶L̶L̶ ̶f̶i̶l̶e̶s̶ ̶b̶a̶s̶e̶d̶ ̶o̶n̶ ̶p̶r̶a̶c̶t̶i̶c̶e̶1̶ ̶a̶n̶d̶ ̶p̶r̶a̶c̶t̶i̶c̶e̶2̶.̶ ̶I̶ ̶h̶a̶v̶e̶ ̶r̶e̶a̶d̶ ̶m̶a̶n̶a̶y̶ ̶s̶a̶m̶p̶l̶e̶s̶,̶ ̶b̶u̶t̶ ̶a̶l̶l̶ ̶o̶f̶ ̶t̶h̶o̶s̶e̶ ̶t̶h̶a̶t̶ ̶I̶ ̶r̶e̶a̶d̶ ̶h̶a̶d̶ ̶d̶e̶s̶c̶r̶i̶b̶e̶d̶ ̶b̶y̶ ̶u̶s̶i̶n̶g̶ ̶A̶d̶d̶/̶S̶u̶b̶t̶r̶a̶c̶t̶/̶M̶u̶l̶t̶i̶p̶l̶y̶/̶D̶e̶v̶i̶d̶e̶ ̶f̶u̶n̶c̶t̶i̶o̶n̶s̶.̶

Update: I skip the second question as might be coding question while the first one is a question about practice.

解决方案

Placing text resources in a DLL is a technique of hiding resources, not protecting them. If the goal is to protect your resources against reverse engineering, this technique would qualify only as the lowest and the least effective measure of "security by obscurity," which provides no security against anyone with minimal amount of determination to hack your resources.

For any degree of real protection you need to use encryption, because encrypting your resources with a custom key would require much higher degree of sophistication from anyone trying to reverse-engineer your system. This wouldn't made it completely impossible to reverse-engineer your system, but it would do enough to discourage hackers with limited knowledge from messing around with your code.

这篇关于保护资源免受逆向工程的最佳做法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！