Skip to main content

Code Protector... Stop .NET ReverseEngineering

Alsalam alikom wa ra7mat Allah wa barakatoh

As we all know -and suffer- one of the biggest issues with applications written in .NET is that they are so easily reverse engineered.. Even after using obfuscator programs, the logic is still there in the assembly and it's still written in MSIL which is a very easy language to read and hence decompile.

Microsoft's offered a new product called Code Protector, which comes in the SLP (Secure Licensing and Protection) solution... and I'll try to briefly speak about the features it offers.

Let's declare something first:
- SVML (Secure Virtual Machine Language):
It's a language that .NET framework understands and can actually execute, this language has 2 features:
* It's secure (It's actually encrypted)
* It's one way transformation, any MSIL code can be converted to SVML but it can never be retrieved (something like a very powerful unique hashing)

The main features that SLP offers are:

1- Code Protection:
Code Protector allows you to select any number of methods (or classes) that you believe are potentially dangerous to be left unprotected (hard coded connection string!, license validation, server credentials... etc) and then with a simple click on the Protect button, nobody will be able to reverse engineer this part of code (hopefully) let's see a simple example..

1- Add Module browse to the exe you want to protect
2- Select methods/classes/namespaces that you want to protect
3- Click protected... bingo

Here is what happens when I tried to reflect the code..

A screenshot from Lutz .NET Reflector for an exe before applying any protection

A screenshot for the same reflected code after applying the protection, does it make any sense or does it give you any figure about what the original code was? for me, it doesn't...

That was the first benefit for using SLP...

2- Dynamic Licensing:
Companies that offer products with different types of licenses (Trial, Demo, Basic, Professional, Enterprise... etc) will really like this..
The usual way to offer multiple license is this scenario:
- Marketing guys do some market research and decide what features/licenses do they want to offer,
- They go back to the dev team and ask them to "modify" the code to check for those types of licenses
- The dev team go into the code, put some more checks to disable/enable certain features.. they recompile, test and then ship to the sales guys...

So long story... imagine if after this iteration, a customer declared that he is only interested in a set of features and they he's only ready to pay for those (and believe me, this is WHAT customers are looking for now..)... you will have to repeat this process again and again for every customer request... it's very very bad/costy (money & time) and moreover offers a reasonable opportunity to produce more bugs

Here comes this feature in benefit, when you select certain portions of code to be protected, you are also offered a chance to bind this with specific feature.. as the following screenshot..


Now, all what you will need to do when the marketing guys think of a new license type is to select the set of features you want to include in the new features set.

There is one thing I didn't mention which is the portal that allows you to generate licenses, prepare features sets track license usage... etc but it's straight forward and you can figure it out on your own :)

References:
SLP official website: http://www.microsoft.com/slps/ (Where I watched a video that explains everything in more details...)

Thanks,
Haytham Alaa

Comments

  1. What about debugging support!! can I still debug my *encrypted* DLL?

    What about crash dumps? call stacks?

    ReplyDelete
  2. Hi Dany,

    It's my plessure to see you reading my posts :D..

    Sadly, once you *encrypt* a DLL or exe, you will not be able to debug your actual code...
    crash dumps will give you the call stack of the generated code instead of the real call stack.

    Trade off..

    Maybe there is a work around this but I'm not aware of one.

    Thanks

    ReplyDelete

Post a Comment

Popular posts from this blog

Exploiting Double Free Vulnerabilities...

Alsalam alikom wa ra7mat Allah wa barakatoh



Huh!! that's what I said when I first saw that title... but let me explain...


Double Free means that you try to free a pointer two times (which is logically can't work).
Actually windows SP2 and later (even Vista) this can be done (in somehow) and can actually corrupt the heap (Vista will shout at your face if u did) and that can make you able to use and browse the heap as you want..

Facts to know about how Windows frees your pointers:
- There is something called Lookaside buffer (fast access, small size) and another thing is FreeList(slower access, the whole memory).
- Chunk is an object of the DataStructure that holds mainly 2 things: pointer to where the next free Chunk is and pointer to the previous free one (think about it like a node in a linked list)
- The first 4 bytes of the Chunk is the BLink (BackLink) and the second 4 bytes is the FLink
- delete ptr1;
delete ptr2;
Windows takes your Chunk (for ptr1) and puts it in the Lookaside s…

Windows7 adds Math Input Panel

Alsalam alikom wa ra7mat Allah wa barakatoh…I was reading a windows team post about Input Panels improvements in Windows7 [here]. When at the end I saw a very interesting –intuitive if you wish- new thing… which is, as you guessed, the Math Input Panel…Yes, that crappy font is mine… I “drew” that by mouse as I don’t have a tablet pen/pc.You can then paste it directly into word and it’ll recognize it as an editable equation…During my tests, the output panel (the top part) hanged, but I liked that the drawing panel was still responsive and I could still write/erase… till the top one started to respond again…One other thing to know, after you click Insert (that button down there) it copies the equation in MathML [Wikipedia link] format.. which is a standard way of representing equations and hence any application that recognizes the format can insert it not as an image but as a nice editable equation…If you think it recognized something wrong, you can click “Select and Correct” then draw …

Visual Studio 2008 Not saving changes or project properties?

Alsalam alikom wa ra7mat Allah wa barakatoh (Peace upon you)I’ve recently ran into problems with VS 2008. Summarized here:When you try to edit the project properties (specially C++ projects) you are faced with a little nice message saying “Exception from HRESULT: 0xF9F0F308”. Sometimes when you are editing a file (specially large ones), VS doesn’t recognize you’ve made changes (ie doesn’t display that ‘*’ in the files tabs) hence, when you save, nothing actually gets saved. For those 2 problems, a friend explained the problem and a work around (till they officially release a fix)…Open up a Visual Studio 2008 Command Prompt Run cd "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE" Make a backup copy of devenv.exe in case something does not work right.
ie. copy devenv.exe devenv.exe.bak Run editbin /largeaddressaware:no devenv.exe Happy VSing… :)