WPF/Silverlight deep solution: (2) self-protection of Silverlight source code

Silverlight ApplicationProgramAll local resources and class libraries will be releasedDLLPackageXapFile, the advantage is that it can be easily deployed on the web page and used on the desktop; but it also brings a high risk of source code leakage. As we all know,XapFile can beZipThe decompressed software can be opened smoothly.DLLAnd various materials.**** Reflector And other tools to decompile theseDLL, EvenXAMLThe content in can also be reflected clearly, which reminds meFlash. In the webpageSWFCan be downloaded by many download tools, and use similar**All the same resources will become invisible when tools such as the flash client are decompiled and even specific to each frame.

In countries with sound legal systems, protection of intellectual property rights is meticulous. How can we deal with plagiarism in China?

ProtectionSilverlightThe source code has only one final goal: ProtectionXapFile. Below are some protection solutions I have summarized, hoping to help you:

Method 1: disable key files or folder page caching

ToIISFor example, we can set upSilverlightApplication websiteClientbinThe directory is set to disable page cache:

In this way,SilverlightApplicationsClientbinDirectoryXapFiles will not be cached, suchC: \ Documents ents and Settings \ Administrator \ Local Settings \ Temporary Internet FilesDirectory, others will not be able to copy through the browser cacheXapFile. However, you can click "View Source File" and findClientbin/*****. xapThis sentenceCodeAnd then use the download tool such as thunder+This code is pasted in. No matter how limited the permission and port is, it is difficult to block it.XapThe downloading of a file is unfortunate. More importantly, if the file is not cached, the user needs to download the file again during each access.XapFile not only increases the burden on the server, but also shows a very unfriendly experience.

Method 2: UseJavascriptEncryption keyHtmlSome code

To avoid exposureClientbin/*****. xapThere are many things we can do with this code. For example, Disabling source files, saving pages as prohibited files, forbidding certain shortcut keys and right-clicking, etc. However, this is also unfriendly and can be easily cracked. After all, the method is too old. In this case, we may consider using some fraudulent means, suchJavascriptEncryptionHtmlCode. AboutJavascrpitThere are many encryption methods. You can search for the key sentence:"JavascriptEncryption and decryption ". The simplest and most direct method is to useJScript. encodeEncryption Method andEscapeMethod:

Then we forge another fakeXapCarrier control, the final page will be the following code:

As you can see, there is only one more line.JavascriptThe rest of the code is almost identical, so that the realAk47.xapFiles are disguised as fakeSilver. xapFile, you can evenClientbinDirectory is a messSilver. xapFile, so that the download of its friends confused, so as to achieve the perfect code disguise.

This method can be used to cheat many people (of course, I have readArticleExcept for friends^), Or even someSilverlightOf. NetMaster; howeverJavascriptGood hands,EscapeThis word will be exposed immediatelyHtmlAnd then easy decryption.

Method 3: PassIFRAME + JavascriptPrevent users from accessing key pages

This method requires you to prepare an additional page as the homepage.IFRAMETo loadSilverlightApplication page, for example:

< IFRAME SRC= "Mygame. aspx" Width= "820" Height= "580" Frameborder= "No" Border= "0"/>

In addition, the data is encrypted and disguised by means of method 2. Next, the key to this method is:Mygame. aspxAdd the following section to the page:JS:

<Script Type= "Text/JavaScript">

If(Self. Location = top. Location) {self. Location =Http://www.cnblogs.com/alamiye010"}

</Script>

This processing method is simple: Through judgmentMygame. aspxWhether it is a child page to implement page protection. You may wish to directly enter the address of the page in the browser address bar, and you will find that the page jumps directly to a preset page.: Http://www.cnblogs.com/alamiye010 To achieveMygame. aspxKey pages are not directly opened. Similarly, you can combine this method with method 1 and method 2 for deeper page protection, even if the client user tries every means to disable the browser'sJS, We can also<Object>... </Object>InBehindIn the codePage_loadSimilar Registerstartupscript To make<Object>... </Object>This code and browserJSPerfect bundle. You can do it, and you can block me.

However, there are already many tools or plug-ins that can directly extractXap, You can easily export the flesh and blood inside and even every cell. I really don't want to mention the names of these guys. I personally think that this is a flaw in the holy technology, and their existence does not reflect the progress of society, does penetrating others' hearts make you feel supreme pleasure?

Method 4: source code obfuscation

In response to the above terrible terrorist acts, we have to use the traditional and most defensive method.----Code obfuscation.

. NetThere are many tools for code obfuscation,VSIntegratedDonfuscator community EditionIt is a simple and practical code obfuscation tool:

However, the latest versionDonfuscator community EditionStill unable to directlySilverlightReleasedDLLDirectly obfuscation, becauseXAMLFile resources temporarily make it helpless. Of course, there are third-party obfuscation tools that can be used, such as deepsea, which can directly confuse xap files, which is very powerful.The following figure shows the obfuscation after I use the decompilation software.SilverlightApplicationsDLL:


I wonder if you can still understand the framework and method logic of the entire project?^

Method 4:3Methods are negligible.SilverlightThe ultimate protection solution for source code. However, as there is no ready-made and very matureSilverlightObfuscation tools, which often increase the total amount of work for project development.

In the next section, I will explainWPF/SilverlightTips for optimizing and improving application performance.

Author: dark blue right hand
Source: http://alamiye010.cnblogs.com/
Download this series of directories and source code: Click to enter (welcome to join the WPF/Silverlight team WPF/Silverlight blog Team)
The copyright of this article is shared by the author and the blog Park. You are welcome to reprint it. However, this statement must be retained without the author's consent and the original article connection should be provided in a prominent position on the article page; otherwise, the right to pursue legal liability will be retained.