Protecting DLL file methods in. NET (prevent cracking, decompile DLLs) _ Practical Tips

Source: Internet
Author: User
Tags reflector

. NET is a language that is built on virtual machines that directly generates the intermediate language of MSIL, and then the. NET compiler JIT interprets the image as native code and delivers CPU execution. Intermediate languages are easy to decompile, so study how to protect DLL files effectively.

My general approach is: strong signature + obfuscation + encryption.

Strong signature
Strong-Named assemblies ensure that your assembly is unique and not tampered with, and so on, even if the same name of the assembly if the signature is different.
Strong signatures are simple.

To add an enhanced name method to a project:
1. Right-click the item to open the Properties window;
2. Select the Signature tab in the Properties window, select the option to sign the assembly, and select New in the Drop-down list, as shown in the following figure:

3. Open the New Signature window, enter the name of the signature password, and so on, as shown in the following figure:

When you click OK, the signature is added complete.

Add a enhanced name to a DLL file without source code

If the project references other DLL files that do not have source code, and this DLL file is an assembly that has no strong name, then a mistake like "Assembly generation failed-referenced assembly ' xxxxxxxxxxx ' no Strong name" appears at compile time.
I'm referring to the Interop.Scripting.dll assembly, which is not a strong name, and you need to do the following:
1. Open the SDK Command Prompt window;


2. Create a new random key pair:
Sn-k Interop.Scripting.snk
3. Decompile the target assembly
ILDASM interop.scripting.dll/out=interop.scripting.il
3. Recompile, with strong named parameters
ILAsm interop.scripting.il/dll/resource=interop.scripting.res/key=interop.scripting.snk/optimize
4. Verifying signature Information
Sn-v Interop.Scripting.dll


OK, reintroduce the generated DLL file into the project and compile it.

Note: Unsigned main programs can reference signed or unsigned assemblies; the signed main program cannot reference unsigned assemblies. (The above article has the corresponding solution)

Confuse
Confusion is the compilation of the generated MSIL intermediate code obfuscation, the simplest confusion is the name confusion, the namespace name, class name, method name, field name, and so on are replaced by special symbols or other symbols, the purpose is to let people see faint, but does not change the program execution logic.
The Dotfuscator I use here is confusing.
Dotfuscator Obfuscation method :
1. Create a new project, as shown in the following illustration:

2. Select the DLL and EXE file you want to confuse, as shown in the following figure

3. Select the library attribute in the attribute (very important, because I am here to confuse the DLL file, if not selected, confusion will not be called correctly!) ), as shown in the following illustration:

4. Select the Bulid label and click the Bulid button to confuse it.

We can also choose other tags to encrypt strings, add watermarks and other operations, I am here to encrypt the work in another way, so there is no choice operation.
OK, after the confusion is complete, we can use Reflector.exe to decompile the confused DLL file, you can compare the source to see the effect.

Encryption

Next we continue to encrypt the confused DLL file to further protect the DLL file.
The encryption tool I use is maxtocode.
Open the software, switch to Chinese, you can see very simple, add the DLL file, directly click to perform encryption. Other options such as: encrypted string, strong name, etc. are very simple, we will know as soon as we try, and maxtocode help to do very friendly, a look will be used.

The encrypted DLL file is one-fold larger than before, and after Reflector.exe, the DLL file is found to be encrypted more thoroughly because the contents of the main function are hidden.

Through the above three steps, make your DLL file free from the common People's cracked, of course, can not absolutely prevent being cracked.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.