Click here to Skip to main content
15,860,859 members
Articles / Programming Languages / MSIL

Building Security Awareness in .NET Assemblies : Part 2 - Learn to protect your .NET assemblies from being tampered

Rate me:
Please Sign up or sign in to vote.
4.59/5 (44 votes)
31 Oct 20043 min read 169.3K   1.8K   82   17
Building Security Awareness in .NET Assemblies : Part 2 of 3

Disclaimer

NeCoders shall not be held responsible for any cases of software/files being hacked due to the information provided in this article.

General Overview

Before you read part 2, please make sure you already have read part 1 as it is related. In this article, I will be showing how to defend your .NET assemblies from being tampered. I do believe you have heard of the Digital Signature Approach. In short, you could actually attached a Strong Name key to the .NET Assembly to protect it from being tampered. Strong Name key is a RSA 1024 bit encryption, and to break it is not that easy at all. You need to have huge computing power to get that private key.

Why Strong Name??

When it was first introduced to me, I had no idea what it meant.

1st Scenario :

I am not sure whether this had happened to you, but it did for me. I was thinking of securing my .NET Assemblies a while ago, and I tried reading up on articles regarding how to do so. From what I read, it recommended me to use Strong Name key. It continued to explain about the benefits of it, but it was rather vague. It assumed that I could visualize what the author could which in the end, left me wondering about what so special is this so-called Strong Name.

Why did I feel this way? Well, reason being that I had many doubts about it. It did not encrypt my codes nor did it hide my codes from decompilers such as .NET Reflector. It isn't even related to obfuscation. So then what is Strong Name for? Some marketing tool to convince the public that the assemblies it protects is secure?

2nd Scenario :

Your superior comes to you and asks you to implement a Strong Name key in your assemblies. And then when you reply, why Strong Name, they would say this is what other people are doing in the industry; we should follow them as well.

The Demonstration

In this demo, I will show you the usage of attaching a Strong Name key to your assemblies.

Test machine specifications :

  • Windows XP Professional Edition SP 1

  • Intel Pentium 4 2.6GHz

  • 256MB DDR-RAM

  • Visual Studio .NET 2003 Professional Edition

  • Microsoft .NET Framework 1.1
1. Open the Visual Studio .NET 2003 command prompt and make sure you access to the directory where your source files or solution files resides. 2. Type “sn –k sn.key”

Image 1

3. The strong name has been successfully created. Now how do you attach it to your solution?

4. Open up the source code for AssemblyInfo.cs in your CrackingIL solution and enter this code inside AssemblyKeyFile.

Image 2

5. Build your project and run it by pressing F5 in Visual Studio .NET 2003.

6. Now, open up the Visual Studio .NET 2003 command prompt and type “ildasm CrackingIL.exe /out=CrackingIL.il”

Image 3

7. Open up the CrackingIL.il with any text editor. I chose Notepad.

8. Search for this line:

Image 4

9. Then change it from “Welcome to NeCoders” to “I can’t hack you, why!”

Image 5

10. Save the file. Type this command “ilasm CrackingIL.il” in Visual Studio .NET 2003 command prompt.

Image 6

11. Execute the CrackingIL.exe.

Image 7

You will see the above and this:

Image 8

12. It means that you just can’t simply manipulate someone else's .NET assembly and convert it back. Congratulations, you have successfully protected your assembly with Strong Name.

Conclusion

I hope that from this article, you manage to gain some brief idea about Strong Name and how it helps to protect your .NET assembly. I have finished the part 3 of this series. Please do check it out.

References

None

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Software Developer
Malaysia Malaysia
I am Chua Wen Ching and it is great to be part of CodeProject network Smile | :)

Comments and Discussions

 
QuestionCareful Pin
eduardna26-Mar-12 22:13
eduardna26-Mar-12 22:13 
GeneralProtection Pin
JL#28-May-05 0:11
JL#28-May-05 0:11 
GeneralRe: Protection Pin
Chua Wen Ching28-May-05 7:37
Chua Wen Ching28-May-05 7:37 
GeneralRe: Protection Pin
JL#4-Jun-05 5:39
JL#4-Jun-05 5:39 
Generalwww.necoders.com - is a dead link Pin
webber12345621-Jul-05 20:20
webber12345621-Jul-05 20:20 
Generalhacking strong names Pin
Anonymous20-Jan-05 0:35
Anonymous20-Jan-05 0:35 
GeneralGreat articles Pin
Judah Gabriel Himango18-Nov-04 7:01
sponsorJudah Gabriel Himango18-Nov-04 7:01 
GeneralRe: Great articles Pin
Chua Wen Ching18-Nov-04 13:40
Chua Wen Ching18-Nov-04 13:40 
GeneralGood article Pin
Thomas Lykke Petersen31-Oct-04 23:14
Thomas Lykke Petersen31-Oct-04 23:14 
GeneralRe: Good article Pin
Chua Wen Ching31-Oct-04 23:26
Chua Wen Ching31-Oct-04 23:26 
GeneralRe: Good article Pin
T Jenniges1-Nov-04 16:38
T Jenniges1-Nov-04 16:38 
GeneralRe: Good article Pin
Zeeshan Anwar1-Nov-04 21:26
Zeeshan Anwar1-Nov-04 21:26 
GeneralRe: Good article Pin
Chua Wen Ching1-Nov-04 21:39
Chua Wen Ching1-Nov-04 21:39 
GeneralRe: Good article Pin
jlj2223-Nov-04 9:02
jlj2223-Nov-04 9:02 
GeneralRe: Good article Pin
Anonymous9-Nov-04 20:29
Anonymous9-Nov-04 20:29 
GeneralRe: Good article Pin
Anonymous25-Nov-04 20:39
Anonymous25-Nov-04 20:39 
GeneralRe: Good article Pin
danger.iq5-May-05 20:13
danger.iq5-May-05 20:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.