huji
asked on
IL disassembler
There is an IL disassembler which installs with VS 2005. I'd like to know to what extent it can disassmble the code (for example can it fully reveal the code behind a shareware registeration function) and how can someone protect his fully .net coded application from being disassmebled like that.
Thanks
Huji
Thanks
Huji
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
example would be to keep your registration process on a webservice (they need to call back to the webservice in order to get a key to unlock the software) This is assured to be secure as the code is not on the client machine where it can be disassembled
ASKER
Well there are two points here then. First, one can still use some DNS hacks, etc, to make the programmer connect to a fake site, and bypass the real registration system. (Or change the URL the software looks into, by simply manipulating the code!) Second, once the software connects to the webservice and sends the requried data, it recieves a reg key from that web site, and checks it with its validation algorithm. One can read and reverese-engineer the validation code.
What do you think?
Huji
What do you think?
Huji
Ok, the spoofed site concept is valid sort of ...
who said anything about receiving a registration key?
If you are verifying that the server is authentic there are other ways that you can do this.
You still run a risk of someone going in and flat out changing your code, but if you are also signing your .dlls this issue is pretty much nullified.
who said anything about receiving a registration key?
If you are verifying that the server is authentic there are other ways that you can do this.
You still run a risk of someone going in and flat out changing your code, but if you are also signing your .dlls this issue is pretty much nullified.
ASKER
>> if you are also signing your .dlls this issue is pretty much nullified.
Why?
Why?
because the person while able to disassemble the dll will not be able to overwrite it (matching your key) putting their own code into the .dll ... if they create another .dll of the same name it will fail to load.
ASKER
Why can't they do that? (Well I have not heard any body doing that, but I have seen cracks which were dll file substitutes.)
with an unsigned dll it is quite easy to do ... with a signed dll it is not.
ASKER
Excuse me for being a quesiton box, but I don't know what you mean by a signed dll.
ASKER
Thanks.
Huji
Huji
ASKER
Would you please explain more?