加密.NET应用程序和组件 [英] encrypting a .Net application and assemblies
问题描述
我有一个加密/复制的问题。
I have an encryption/copy protection question.
我在写为使用加密狗一个公司的应用程序。请不要告诉我的软件保护是没有用的,或者说我应该就让它自由地飞翔到空中,或任何时候,我花在做,这是一种浪费;这不是关于软件保护的有效性,一个哲学问题,更像是如何做。
I'm writing an application for a company that uses a dongle. Please don't tell me that software protection is useless, or that I should just let it fly free into the air, or that any time I spend doing this is a waste; this isn't a philosophical question about the validity of software protection, more like a how-to.
据我了解,在开裂加密狗保护的软件的第一步是清除所有的呼叫从code加密狗(即修补可执行文件)。另外据我了解,我可以在.NET中,以保护应用程序和组件,打造强名称作为解释的在这个MSDN文章。
As I understand it, the first step in cracking a dongle-protected piece of software is to remove all the calls to the dongle from the code (ie, patch the executable). Also as I understand it, I can create 'strong names' in .NET in order to protect the application and the assembly, as explained in this MSDN article.
时的强命名,足以确保我的应用程序不能轻易打补丁?或者我需要使用某种加密库吗?如果我需要使用一个库,其中一个,或在那里我可以得到有关设置此功能的信息?
Is strong naming enough to ensure that my application can't be easily patched? Or do I need to use some sort of encryption library? If I need to use a library, which one, or where can I get information about setting this up?
下一步,当然,是把重要的算法在软件狗。我知道,这些只是速度碰撞到专用的裂解装置,但由于我们的市场份额增长,速度碰撞将帮助我们获得的地步,盗版的刺痛是没有那么敏锐地感觉到(我希望)。
The next step, of course, is to put important algorithms on the dongle. I realize that these are just speed bumps to the dedicated cracker, but as our market share grows, the speed bump will help us get to the point where the sting of piracy is not so keenly felt (I hope).
谢谢!
推荐答案
大会强命名从未被设计用来防止攻击者是谁,在机器的控制权。从延迟签约的 MSDN条目:
Assembly strong naming was never designed to protect against an attacker who is in control of the machine. From the msdn entry on delay signing:
下面的例子关闭了核查称为汇编 MyAssembly.dll程序。
The following example turns off verification for an assembly called myAssembly.dll.
SN -Vr MyAssembly.dll程序
的强名称的设计目标是提供名称的唯一性和保护的用户的(未发行)对攻击者。如果用户需要禁用所有强名称检查,甚至可能带出你的签名和装配用自己的键,然后有技术上来讲没什么$ P $续约pvent他这样做。
The design goal of strong names is to provide name uniqueness and to protect the user (not the publisher) against an attacker. If the user wants to disable all strong name checks, or maybe even strip out your signature and re-sign the assembly with his own key then there is technically speaking nothing to prevent him from doing so.
只需从一个加密文件中加载的程序集也不是非常有用的,因为C本身解密$ C $不能被加密,因此容易攻击的目标的逆向工程。
Simply loading your assemblies from an encrypted file is also not very useful because the decryption code itself cannot be encrypted and is therefore an easy target for reverse engineering.
正如其他海报,您正在寻找的是混淆。你可能已经有了这样一个工具:Visual Studio的(至少在2005年和2008年)带有preEmptive解决方案的 Dotfuscator。的微软也有自己的软件许可及保护服务的产品。
As mentioned by other posters, what you are looking for is obfuscation. You probably already have such a tool: Visual Studio (at least 2005 and 2008) comes with the community edition of PreEmptive Solutions’ Dotfuscator. Microsoft also has its own "Software Licensing and Protection Services" product.
模糊处理有一定的技术但缺点:
Obfuscation has some technical disadvantages however:
- 在可能复杂化构建过程。 你需要一个是非模糊和 模糊的身材,因为后者 没有可调试。
- 我喜欢有意外的异常,用户可以点击复制方式,然后给我发邮件的一些技术信息,包括堆栈跟踪错误对话框。但随着混淆,你可以忘掉得到任何有用的东西 从<一个href="http://msdn.microsoft.com/en-us/library/system.exception.stacktrace.aspx">Exception.StackTrace.
- 如果您的code利用的反射然后 有一个很好的机会,事情会 打破了模糊的身材,因为内部类型和成员的名字都没有preserved。
- it may complicate your build process. You need an unobfuscated and an obfuscated build, because the latter is not debuggable.
- I like to have an error dialog for unexpected exceptions where the user can click "copy details" and send me a mail with some technical information including the stack trace. With obfuscation however, you can forget about getting anything useful from Exception.StackTrace.
- if your code makes use of reflection then there is a good chance that things will break in the obfuscated build, because internal type and member names are not preserved.
这篇关于加密.NET应用程序和组件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
