. Net signature and obfuscation graph analysis

Signature

That is, a strongly-named Assembly ensures that your assembly is unique without being tampered with or exploited. Even if the Assembly with the same name has different signatures.

Comparison of assembly structure before and after signature

Assume that the Assembly name is"WindowsApplication1", Assembly information comparison before and after signature
Copy codeThe Code is as follows:
WindowsApplication1, Version = 1.0.0.0, Culture = neutral, PublicKeyToken = null
WindowsApplication1, Version = 1.0.0.0, Culture = neutral, PublicKeyToken = 85377e8b68475fc8

If a signed Assembly a. dll is referenced in the project and a forged a. dll is used to steal the bar, an exception occurs when the main program is called.

An unsigned main program can reference signed or unsigned assembly. Only signed main programs cannot reference unsigned assembly.

After a strong signature is made to the Assembly, a unique identifier is provided to know the Assembly route in the program. You can obtain information about the currently executed assembly or call the Assembly, as shown in:
Copy codeThe Code is as follows:
System. Reflection. Assembly. GetExecutingAssembly ()
System. Reflection. Assembly. GetCallingAssembly ()

You can use the sn.exe command line tool in. net sdkto Generate Keys and signatures, or use the project-properties-signature tool in visual studio.

If the key is password protected, a pfx file is generated, and no password is used to generate an snk file. The pfx file is larger than the snk file;

Obfuscation

Fuzzy processing is performed on the MSIL intermediate code generated by compilation. With the increase of obfuscation, the human brain's ability to carry out multiple aspects of intellectual thinking is gradually reduced, and the source code is protected to improve the difficulty of decompilation. This type of fuzzy processing does not change the logic of program execution.

There are many obfuscation tools: DotFuscator, Obfuscator. NET, XeonCode, MaxtoCode

Merger

It is also possible to sign the Assembly and perform obfuscation. If the strongly-named assembly is obfuscated, an exception will occur and the program cannot be executed normally. Correct practice:

Delayed signature-Development completed-obfuscation-re-signature (that is, the signature is delayed first, and then the signature is obfuscated)

After obfuscation, the signature can be completed using the R option in the sn.
Copy codeThe Code is as follows:
Sn-R a.exe mykey. snk // use mykey.snksecret to re-sign a.exe

Delayed signature (before re-signature) programs cannot run. If an exception is reported in. net cf
In team development, no one knows the private key. Generally, A. snk file containing the Public Key is created.
Copy codeThe Code is as follows:
Sn-p mykey. snk publicKey. snk

PublicKey. snk is used by developers. After Development and release, use mykey. snk to re-sign it.