. Net signature and obfuscation)

Software Security and copyright protection are important at any time, especially for enterprise-level development or some special applications. This article mainly discusses signature and obfuscation, principles, and ideas on how to secure development under the. NET platform.

Signature

That is, a strongly-named Assembly ensures that your assembly is unique without being tampered with or exploited. Even if the Assembly with the same name has different signatures.

Comparison of assembly structure before and after signature

Assume that the Assembly name is "windowsapplication1" and the assembly information is compared before and after the signature.

Windowsapplication1, version = 1.0.0.0, culture = neutral, publickeytoken = NULL
Windowsapplication1, version = 1.0.0.0, culture = neutral, publickeytoken = 85377e8b68475fc8

If a signed Assembly A. dll is referenced in the project and a forged a. dll is used to steal the bar, an exception occurs when the main program is called.

An unsigned main program can reference signed or unsigned assembly. Only signed main programs cannot reference unsigned assembly.

After a strong signature is made to the Assembly, a unique identifier is provided to know the Assembly route in the program. You can obtain information about the currently executed assembly or call the Assembly, as shown in:

 

System.Reflection.Assembly.GetExecutingAssembly()System.Reflection.Assembly.GetCallingAssembly()

You can use the sn.exe command line tool in. Net sdkto Generate Keys and signatures, or use the project-properties-signature tool in Visual Studio.

If the key is password protected, a pfx file is generated, and no password is used to generate an SNK file. The pfx file is larger than the SNK file;

Obfuscation

Fuzzy processing is performed on the msil intermediate code generated by compilation. With the increase of obfuscation, the human brain's ability to carry out multiple aspects of intellectual thinking is gradually reduced, and the source code is protected to improve the difficulty of decompilation. This type of fuzzy processing does not change the logic of program execution.

There are many obfuscation tools: dotfuscator, obfuscator. net, xeoncode, maxtocode

Merger

It is also possible to sign the Assembly and perform obfuscation. If the strongly-named assembly is obfuscated, an exception will occur and the program cannot be executed normally. Correct practice:

Delayed signature-Development completed-obfuscation-re-signature (that is, the signature is delayed first, and then the signature is obfuscated)

After obfuscation, the signature can be completed using the R option in the Sn.

Sn-r a.exe mykey. SNK // use mykey.snksecret to re-sign a.exe

Delayed signature (before re-signature) programs cannot run. If an exception is reported in. Net CF

In team development, no one knows the private key. Generally, A. SNK file containing the Public Key is created.

 

sn - p mykey.snk publicKey.snk

Publickey. SNK is used by developers. After Development and release, use mykey. SNK to re-sign it.