Use strong name to save the. NET application assembly

The topic of strong name has already been described on the Internet. You may be most familiar with it.

In most cases, you can. IfCodeIt is confidential and may also use delay sign only, which is more complicated. Please find the relevant information.

If this is done, there is no processing in the code, maybe yourProgramIt is not safe enough, because a strong name remover can easily clear your signature and it runs like this.

If you don't want your program to be tortured by this small program, you should take a look at this article.Article.

Signature alone is not enough. You still need to detect the signature in your program, and the detected signature can only be my own name.

Go to Visual Studio Tools to find the command line, start it, and run the Sn-TP application, as shown in

It shows the public key token and writes it down for later use in my program. Then write the signature detection Code. The Code is as follows:

  Public   static   void  preinitcoresetup () { // check singature   bool  pfwasverified =  false ;  string  fcommon =  "flextronics. framework. common. DLL ";  bool  L Icensed = strongnamesignatureverificationex (fcommon,  true ,  ref  pfwasverified );  If  (! Licensed)  throw   New  fatalexception (shared. licenseexceptionerror);} 

After reading these statements, it checks whether the input application assembly has a signature and strong name. If not, an exception is thrown. The native method is used here, and its signature is as follows:

 [dllimport ( "mscoree. DLL ", charset = charset. unicode)]  private   static   extern   bool  strongnamesignatureverificationex ( string  filepath,  bool  forceverification,  ref   bool  wasverified); 

Continue to read the code. We should not only ensure that the Assembly has a signature, but also have my own signature. See the following program snippet.

 Public   Static   Void Ensureassemblyissigned (Assembly ){ If (Assembly =Null ) Throw   New Argumentnullexception ( "Assembly" ); Byte [] Pubkey = assembly. getname (). getpublickeytoken (); If (Pubkey. Length = 0) Throw   New Argumentexception ( "No public key token in assembly ." ); Stringbuilder builder = New Stringbuilder (); Foreach ( Byte B In Pubkey) {builder. appendformat ( "{0: X2 }" , B );} String Pkstring = builder. tostring (); If (Pkstring! = Shared. publickkey ){ Throw   New Fatalexception (shared. licenseexceptionerror );}}

The meaning of these statements is to obtain the Assembly signature, whether it is consistent with our own signature, if it is, the verification is passed, otherwise the program execution is terminated immediately.

The shared. publickkey in the last sentence is the d1063c1538fcc2c8 shown in the last line of the Sn in the figure above.

Start program debugging. in Visual Studio, we can see that the publick key displayed is the same as what we see with the SN tool.

With these two steps, not only does the verification Assembly have a signature, but also must have its own signature. Why should we do this? Because strong name can be replaced, it is often used to replace strong name in cracked programs. For example, this program can replace strong name of the Assembly.

Select the specified assembly and specify a key to replace strong name. The program you wrote is so easy to crack. You must be uncomfortable. Please use the technology introduced in this article, use strong name to protect your assembly.

 

I hope this article will help you with software cracking and protection, as well as the fight between spear and shield.

 

Download the latest Data Loader from epn.codeplex.com (http://epn.codeplex.com/releases/view/68647.