Tuesday, June 12, 2007

Cracking .NET code

After responding to a post recently regarding strong naming .NET assemblies I replied with the fact that this code can be broken. The mis-conception that strong naming your code will protect it is not true.

Digitally signing your code and writing algorithms in unmanaged code will protect it as much as possible.

See here for removing a strong name: http://www.atrevido.net/blog/PermaLink.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5

See here for cracking an obfucated peice of code: http://www.atrevido.net/blog/PermaLink.aspx?guid=8315fa01-0286-47ce-a20b-fcc15eb297c3

See here for more information of strong naming: http://msdn2.microsoft.com/en-us/library/wd40t7ad(VS.80).aspx (.NET 2.0)

A simple solution is to make your algorithm's more complex and harder to break and to write them in unmanaged C++ then P/Invoke your unmanaged routine from your unmanaged routine.

No comments: