Cloud-based protection .NET applications
Perhaps protection has always been one of my most favorite topics. I loved to come up with a complicated clever examination of license program, and enthusiastically implement them. I've always held to the principle that a hacker to break in, needs to study the high technology used in the program. Let him think about thread synchronization, if he wanted to put a breakpoint in the validation algorithm of the key. Let the studying questions of the COM reference count, if he wants to intervene in my algorithm. Let him think about the representation of bitmaps images in memory, if he decided to figure out how I kept the key.
Yes, C++ was almost an ideal language in this respect. But times change, old technology gone and in their place come new, more productive and comfortable. So our team moved on .NET. But in exchange for ease of development and ease of debugging, we in addition got in the appendage and ease of decompilation. The attacker could not simply bypass the license constraints, but also to an almost complete source code of our program just give her the reflector.
Of course, as a solution to this problem on the market there are many different obfuscators. But, oddly enough, most of them disappoint me from two sides: pricing (even minimal license some exceeded the value of our FOR several times), and "intelligence" of the algorithm. So, after some obfuscators, managed to fall even a simple WinForms application. That also applies to WPF, without a long black voodoo on exclude, to run a medium size program was not possible in principle.
Formed understanding of the problem and a clear desire to create a product that reduces the above mentioned problems to a minimum. And there was SaaS obfuscator and protector .NET code AppFuscator.com
security Algorithms
Renaming
Obfuscation of classes and their members, with full Generics support, inheritance, overloading of virtual methods, the standard obfuscation attributes.
Available in various options of naming: English letters, English letters with overload by type of parameters, non-printable characters, and several others.
Assembly Merging
Merging multiple source protected assemblies into one end, with the purpose of complexity analysis and decompilation.
In the current version as a built-in assemblies must be Assembly containing WPF resources.
Decomposition
Decomposition of the structure of classes in a procedural presentation is our own original design, based on the idea of translation from object-oriented forms (simple for reverse engineering) to a procedural style of maximum destruction of all available information stored in metadata (but preserving the full efficiency of the garbage collector).
Tell a little more. Let's say we have an Assembly with such a structure of classes:
After performing the decomposition we will see the following:
The method that is highlighted in the screenshot — this is MainForm_Load ex — handler of form load. Only now he, like the rest of the code is outside of the class to which belongs, in the global namespace (unlike C#, where any method should include the class, in IL valid Declaration of an ordinary global functions).
In the form of a (now class b) has only one method: Dispose. He is the overloaded virtual function, so we can not bear.
As you can see, the complexity of the reading increases significantly, the attacker will be very difficult to figure out what method to what was applied. While the classes turn into empty wrappers that contain only the data fields (from lost), and a balance of virtual functions.
External Method Call Hiding
Concealment call external methods — the substitution explicit invoke methods from external assemblies (including references to Common Language Runtime), an implicit appeal for an unmanaged pointer.
A small example. Was:
the
public void ShowMessage(string text)
{
MessageBox.Show(text);
}
Was:
the
// <Module>
public static void a(object obj, string text)
{
object arg_0C_0 = calli(System.Int32(System.String), text, g.b);
}
String Encryption
String encryption based on private algorithm. To categorically make it harder for potential developers of computer-aided decoder, the protected program is generated dynamic variables, depending on the context.
Reflection Analyzing
Analysis of applications to the reflection mechanism — a set of algorithms that track the appeal to Reflection.
I always strongly disliked that, after Assembly of the next version of the program begins the next stage – dances with a tambourine around obfuscator. Therefore, our product is designed with an analyzer that is trained to automatically keep track of and adjust the names in the program code. It has a pretty powerful logic analysis of complex structures and output decisions. All possible cases close automatically of course he can't, but the life of the developer easier significantly.
Suppose we have two classes:
the
class ClassA
{
string GetText() { return "A"; }
public int smallField;
}
class ClassB
{
string GetText() { return "B"; }
}
Consider the following code example:
the
public void HabraTestFirst(int x)
{
Type work = null;
string method = "gettext";
if (x == 0)
work = typeof(ClassA); // ClassA Take
else
{
string name = "HabraCode.ClassB, HabraCode, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null";
work = Type.GetType(name, true); // Take ClassB
}
// And call his method GetText
HabraReflectionCall(work, method);
}
public void HabraReflectionCall(Type target, string method)
{
var call = target.GetMethod(method, BindingFlags.IgnoreCase | BindingFlags.NonPublic | BindingFlags.Instance);
var obj = Activator.CreateInstance(target);
call.Invoke(obj, null);
MessageBox.Show(string.Format("call HabraReflection: {0}.{1}", obj.The ToString () call.Name));
}
In this example, depending on the input numeric parameter, the method will be called either ClassA or ClassB in. At the same time no when the inheritance / interfaces of these classes among themselves are not.
Compiled a simple program:
the
var reflector = new Reflector();
reflector.HabraTestFirst(0);
reflector.HabraTestFirst(1);
Run and voila:
As you can see, both classes and both methods in the course of obfuscation was renamed, but the program was able to identify the dependence between them, and updated the reference to the name in the Reflection call.
An even more interesting example, in which we not only accessed through Reflection, but also find the desired field in the enumeration:
the
public void HabraTestSecond()
{
FieldInfo result = null;
var anyobj = new ClassA().GetType();
foreach (var it in anyobj.GetFields())
{
if (it.Name == "smallField") // search for the class field, smallField going through all the turns
result = it;
}
if (result == null) throw new InvalidOperationException();
MessageBox.Show("HabraReflection field:" + result.ToString());
}
When you run the program honestly tell us:
How does it work? It's simple — seeing characteristic design – an enumeration of fields derived from Reflection, the analyzer was able to adapt and update the requested name in the IL code.
Of course, this approach will not always work if the construction will be more multi-stage or name of the desired method will be taken, for example, from an external file, our intelligent analyzer honestly admits defeat.
The source code can be downloaded here.
WPF Analyzing
Automatic exclusion from obfuscation types, methods and fields which are available for the treatment of the Windows Presentation Foundation. The program performs the decompilation and analysis of the compiled XAML resources in assemblies. Fully supports the extension syntax, WPF, including complex structures (e.g., PropertyPath, etc.).
Due to this, the program written in WPF, renamed is the only thing that needs to be renamed.
A typical example of the program after obfuscation:
(click to enlarge)
Why SaaS?
It's simple — instead of having to buy a good box obfuscator for a few thousand dollars, and then constantly pay for the purchase of updates (in fact a platform technology .NET grow very quickly), You will gain access to the online service of obfuscation. And then only pay for the amount of work that is needed for You personally. Release a version once a month – only pay for it.
Pricing is now in the formative stage, but I can safely say that conditions will be delicious. In addition, be available a free version, whose functionality is superior to all free obfuscators presented at the moment.
is This safe?
We are very serious about the protection of Your data.
First and most importantly: You don't need to send to the server source code. You send only the already compiled Assembly, in this form, as they would see Your users (and perhaps not only users), if You have not addressed the issue of protection and did not obfuscatable them. No other information will be required.
The whole process of obfuscation is done on dedicated servers, accessed only a few people from our team. Of course, we use the latest software version and perform regular updates. In addition, the module obfuscation and web-frontend for user interaction, physically placed on separate servers to increase security and scalability of the system.
We are a legal entity, and are ready to provide all necessary documents such as a contract for the use of our service and NDA.
Now the service launched in beta mode and You can test all the functionality absolutely free of charge.
Комментарии
Отправить комментарий