开发者

Protect a string in my .NET app?

开发者 https://www.devze.com 2023-03-22 20:42 出处:网络
In one of my .NET apps I must \"validate\" my program to a library with a license key. But everyone who peeks into my assemblies can get the key...

In one of my .NET apps I must "validate" my program to a library with a license key.

But everyone who peeks into my assemblies can get the key...

This does not affect me but I do care about the creator(s) of the library.

I don't wish to "leak" his/their keys and cause him/them losses like this...

Is there any free tool that I can use to protect my data?

I really do not care about the other code... The key is important.开发者_JAVA百科


If you have to pass it into the library and if you don't control the library, then you can't do much anyway. You can obfuscate your code all you like to thwart Reflector users (but not Reflector VSPro, at least not easily) and I'll just use Crack.NET to peek into the memory and grab it from there.

It would have been the job of the library creator to give a secure mechanism, e.g. using public/private keys, SecureString, DPAPI or requiring a web call to store the key on the server.


The only way package I can recall is dotnetfuscator for ubfuscating code but this is not immune to reverse engineering from an expert. The topic is a sore point for C# developers the only real way to do this is not to use .net (which is no answer at all)

There are some others listed in question 211849


Another product doing this and other things: SmartAssembly from RedGate (though not free)...

There is no absolute security - esp. with JITted code (like IL/.NET and Java)...

Although beware of string constants - they need to be replaced by "static readonly" strings... otherwise they can't be "obfuscated/encrytped"...


I have the same situation. The key is present in my code. I do not obfuscate the code. I suppose this is because the bulk of my users are not programmers and would not know how to decompile the code and get at the key. If I was concerned then I thinkl I would obfuscate as suggested above


I would look at this in a different way.

If the library requires a license to validate; then do you have the right license to distribute the library in your application?

If so, then I'd say it's up to the library provider to give you instructions how to properly secure the key.

Otherwise, do the best you can with a code obfuscator.


Dotfuscator can do this for you. I believe it comes packaged with Visual Studio- look it up.

I wouldn't worry about it though; if you're not their only customer then chances are somebody else is leaking the license key through un-obfuscated code, making your efforts a waste of time.


There is a list of code obfuscators at MSDN.

0

精彩评论

暂无评论...
验证码 换一张
取 消