Click here to Skip to main content
Click here to Skip to main content

Building Security Awareness in .NET Assemblies : Part 2 - Learn to protect your .NET assemblies from being tampered

, 31 Oct 2004
Rate this:
Please Sign up or sign in to vote.
Building Security Awareness in .NET Assemblies : Part 2 of 3

Disclaimer

NeCoders shall not be held responsible for any cases of software/files being hacked due to the information provided in this article.

General Overview

Before you read part 2, please make sure you already have read part 1 as it is related. In this article, I will be showing how to defend your .NET assemblies from being tampered. I do believe you have heard of the Digital Signature Approach. In short, you could actually attached a Strong Name key to the .NET Assembly to protect it from being tampered. Strong Name key is a RSA 1024 bit encryption, and to break it is not that easy at all. You need to have huge computing power to get that private key.

Why Strong Name??

When it was first introduced to me, I had no idea what it meant.

1st Scenario :

I am not sure whether this had happened to you, but it did for me. I was thinking of securing my .NET Assemblies a while ago, and I tried reading up on articles regarding how to do so. From what I read, it recommended me to use Strong Name key. It continued to explain about the benefits of it, but it was rather vague. It assumed that I could visualize what the author could which in the end, left me wondering about what so special is this so-called Strong Name.

Why did I feel this way? Well, reason being that I had many doubts about it. It did not encrypt my codes nor did it hide my codes from decompilers such as .NET Reflector. It isn't even related to obfuscation. So then what is Strong Name for? Some marketing tool to convince the public that the assemblies it protects is secure?

2nd Scenario :

Your superior comes to you and asks you to implement a Strong Name key in your assemblies. And then when you reply, why Strong Name, they would say this is what other people are doing in the industry; we should follow them as well.

The Demonstration

In this demo, I will show you the usage of attaching a Strong Name key to your assemblies.

Test machine specifications :

  • Windows XP Professional Edition SP 1

  • Intel Pentium 4 2.6GHz

  • 256MB DDR-RAM

  • Visual Studio .NET 2003 Professional Edition

  • Microsoft .NET Framework 1.1
1. Open the Visual Studio .NET 2003 command prompt and make sure you access to the directory where your source files or solution files resides. 2. Type “sn –k sn.key”

3. The strong name has been successfully created. Now how do you attach it to your solution?

4. Open up the source code for AssemblyInfo.cs in your CrackingIL solution and enter this code inside AssemblyKeyFile.

5. Build your project and run it by pressing F5 in Visual Studio .NET 2003.

6. Now, open up the Visual Studio .NET 2003 command prompt and type “ildasm CrackingIL.exe /out=CrackingIL.il”

7. Open up the CrackingIL.il with any text editor. I chose Notepad.

8. Search for this line:

9. Then change it from “Welcome to NeCoders” to “I can’t hack you, why!”

10. Save the file. Type this command “ilasm CrackingIL.il” in Visual Studio .NET 2003 command prompt.

11. Execute the CrackingIL.exe.

You will see the above and this:

12. It means that you just can’t simply manipulate someone else's .NET assembly and convert it back. Congratulations, you have successfully protected your assembly with Strong Name.

Conclusion

I hope that from this article, you manage to gain some brief idea about Strong Name and how it helps to protect your .NET assembly. I have finished the part 3 of this series. Please do check it out.

References

None

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Chua Wen Ching
Software Developer
Malaysia Malaysia
I am Chua Wen Ching and it is great to be part of CodeProject network Smile | :)

Comments and Discussions

 
QuestionCareful Pinmembereduardna26-Mar-12 22:13 
GeneralProtection Pinmemberjoejoe GOD's Son28-May-05 0:11 
GeneralRe: Protection Pinmemberchuawenching28-May-05 7:37 
GeneralRe: Protection Pinmemberjoejoe GOD's Son4-Jun-05 5:39 
Generalwww.necoders.com - is a dead link Pinmemberwebber12345621-Jul-05 20:20 
Generalhacking strong names PinsussAnonymous20-Jan-05 0:35 
GeneralGreat articles PinmemberJudah Himango18-Nov-04 7:01 
GeneralRe: Great articles Pinmemberchuawenching18-Nov-04 13:40 
GeneralGood article Pinmembersinus-c31-Oct-04 23:14 
I am always on the lookout for more ways to protect my sourcecode, and the ones I've found so far is strong name signing and obfuscation.
 
Have you got any more tricks up your sleave?
 
/sinus-c
GeneralRe: Good article Pinmemberchuawenching31-Oct-04 23:26 
GeneralRe: Good article PinmemberTonyJ1-Nov-04 16:38 
GeneralRe: Good article PinmemberZeeshan Anwar1-Nov-04 21:26 
GeneralRe: Good article Pinmemberchuawenching1-Nov-04 21:39 
GeneralRe: Good article Pinmemberjlj2223-Nov-04 9:02 
GeneralRe: Good article PinsussAnonymous9-Nov-04 20:29 
GeneralRe: Good article PinsussAnonymous25-Nov-04 20:39 
GeneralRe: Good article PinmemberDanger.IQ5-May-05 20:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.141022.2 | Last Updated 1 Nov 2004
Article Copyright 2004 by Chua Wen Ching
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid