.net dll encryption

M

Mineer

Expert Member
Joined
Apr 30, 2008
Messages
3,190
Reaction score
4
Location
/\/¯¯¯¯¯\/\
How does this work ?

Am not looking for the steps on how to encrypt or decrypt dll's I just want to know, once you encrypt your DLL do you have to decrypt the DLL on the fly when running your program?

or what situations would want to encrypt your DLL. is it not better suited to just use obfuscation? :confused::confused:
 
Don't think dll can be encrypted. Some programs could encrypt strings and resources.
 
Obfuscation is what you're looking for but then again that also has its draw backs. Decrypting and encrypting is insecure.
 
I may be talking out of turn, but dll's are compiled already. interpreted languages like PHP/Classic ASP etc might need to be encrypted/obfuscated because the source is openly available?
 
thanks for the answers I think obfuscation is prob what my client wants, even if encryption was possible we would need to decrypt the dll run the method then encrypt the dll file again. Which makes no sense :whistle:
 
Mineer said:
thanks for the answers I think obfuscation is prob what my client wants, even if encryption was possible we would need to decrypt the dll run the method then encrypt the dll file again. Which makes no sense :whistle:
Click to expand...

Or decrypt when you open the program/login and encrypt when you close the program/session.
 
envo said:
Yes but isn't there some stuff "lost" when doing that? Or does it decompile exactly what my code was? What if it was written in vb.net and it decompiles to c#? I doubt you'll get something that makes sense?
Click to expand...

Obviously, some stuff is lost. But try it and decide for yourself. But the bottom line is, definitely do not think you can safely store secret stuff like passwords in a DLL.
 
envo said:
Yes but isn't there some stuff "lost" when doing that? Or does it decompile exactly what my code was? What if it was written in vb.net and it decompiles to c#? I doubt you'll get something that makes sense?
Click to expand...

probably decompiles what your code "does". Not necessarily what it "was". Which is much like having 2 different developers develop the same solution. Both can have the same outcomes, but they may have implemented it differently.
 
envo said:
Yes but isn't there some stuff "lost" when doing that? Or does it decompile exactly what my code was? What if it was written in vb.net and it decompiles to c#? I doubt you'll get something that makes sense?
Click to expand...

.NET assemblies can be entirely reverse engineered extremely easily. The IL can be re-interpreted and compiled to either VB.NET or C#.

Original:

Code: 
namespace ExampleObfs
{
  class Program
  {
    static void Main(string[] args)
    {
      Console.WriteLine("Hello Semaphore");
    }
  }
}

Decompiled:

Code: 
using System;

namespace ExampleObfs
{
    internal class Program
    {
        public Program()
        {
        }

        private static void Main(string[] args)
        {
            Console.WriteLine("Hello Semaphore");
        }
    }
}


Obviously a very simple example, but as you can see code is pretty much exact except for the internal replacement and whatever else.


Code: 
    internal class Program
    {
        public Program()
        {
        }

        [STAThread]
        private static void Main()
        {
            if (!File.Exists(Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), string.Format("{0}{1}", Assembly.GetExecutingAssembly().ManifestModule.Name, ".Config"))))
            {
                throw new FileNotFoundException("Log configuration file was not found");
            }
            XmlConfigurator.Configure();
           
            DomainMapper.Map();
            HostFactory.Run((HostConfigurator c) => {
                Action<Engine> action = null;
                Action<Engine> action1 = null;
                c.SetServiceName("Falcon.Service");
                c.SetDisplayName("Falcon Service");
                c.SetDescription("Backend gateway to various components");
                c.RunAsLocalSystem();
                StandardKernel standardKernel = new StandardKernel(new NinjectSettings()
                {
                    LoadExtensions = true
                }, new INinjectModule[0]);
                standardKernel.Load(new INinjectModule[] { new FalconServiceRegistry() });
                c.Service<Engine>((ServiceConfigurator<Engine> s) => {
                    s.ConstructUsing((HostSettings builder) => standardKernel.Get<Engine>(new IParameter[0]));
                    ServiceConfigurator<Engine> serviceConfigurator = s;
                    if (action == null)
                    {
                        action = (Engine o) => o.Start();
                    }
                    serviceConfigurator.WhenStarted<Engine>(action);
                    ServiceConfigurator<Engine> serviceConfigurator1 = s;
                    if (action1 == null)
                    {
                        action1 = (Engine o) => o.Stop();
                    }
                    serviceConfigurator1.WhenStopped<Engine>(action1);
                });
            });
        }
    }
}

Another one decompiled which is almost identical with the flow and crap, names have been man handled a bit.
 
Last edited:
zippy said:
probably decompiles what your code "does". Not necessarily what it "was". Which is much like having 2 different developers develop the same solution. Both can have the same outcomes, but they may have implemented it differently.
Click to expand...

No.

It decompiles to what it was.
 
Bar0n said:
Or decrypt when you open the program/login and encrypt when you close the program/session.
Click to expand...

So whats stopping a person monitoring the drive changes and snatching the files before they encrypt again...
 
I use DotNetReactor. It does obfuscation and encryption. As I understand it it encrypts the DLL into a secure container and only extracts on demand. Quite a nice tool.. you can protect your assemblies and then issue licences based on machine id and/ or number of uses and or expiry date etc etc.. also has SDK so you can buyild your own license server...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X