суббота, 21 мая 2011 г.

Complex .NET code protection

It is not a secret the programs written for .NET are easy to reverse engineer. This is not in any way a fault in the design of .NET. It is simply a reality of modern, intermediate-compiled languages. There are few techniques of software protection against unauthorized reverse-engineering:
  1. Code obfuscation – it is a technique when .NET assembly is converted into the form which is hard to read after de-compiling to the languages like C# or VB.NET.
  2. Code encryption – it is a technique when binary file (DLL) of the .NET assembly is encrypted and stored somewhere in your application. In runtime your application decrypt, load and use it.
  3. Convert .NET application from the IL form into the processor-specific binaries.
We will not consider #3 in this article, because it creates binaries which actually aren’t a .NET code already. We will take a look into the combination of the #1 and #2 for better protection of your intellectual property.
Manco Software produces products which support both code obfuscation (Manco .NET Obfuscator) and code encryption (Manco .NET Licensing System). Both techniques give you a good level of the code protection itself. But the best level can be achieved when they are used in combination.
At the beginning we should create project files for code encryption and code obfuscation. Process of the complex .NET code protection consists of the 4 steps, so you should have 4 project files:
  1. Project file to create loader and wrapper class. The License Manager uses reflection when creates these files, so it is close to impossible to do it after code obfuscation. So this process must use original (not obfuscated) assembly binary file.
  2. Project file to obfuscate assembly DLL.
  3. Project file to encrypt obfuscated DLL.
  4. Project file to obfuscate your application which uses encrypted DLL.
Create project file for loader and wrapper

This project file will be used to create loader and wrapper class for encrypted only.

  1. Run License Manager and select “Products” tab.
  2. Right click license type node.
  3. Select “Encrypt File” in the context menu.
  4. If you’ve not generated crypto parameters and cryptographic key for file encryption, then click “Generate Crypto Params” button. In other case, select in the “Cryptographic Key” combo box name of the custom value where cryptographic keys are stored. NOTE: If you created new cryptographic parameters then you MUST re-create license file to include these parameters to it.
  5. Enter name of the DLL file that contains assembly to be encrypted to the “File to encrypt” text box.
  6. Enter name of the file that will contain encrypted assembly to the “Save encrypted to” text box.
  7. Check “Create Loader and Wrapper for encrypted assembly” check box.
  8. Select programming language that will be used to create loader and wrapper in the “Language” combo box. C# and Visual Basic .NET are currently supported.
  9. Enter name of the file to save generated code to the “Save loader to” text box.
  10. By default public methods and properties from encrypted DLL has same access modifier (public) in the wrapper class. We suppose that you need not to access these methods and properties outside your application, and you would like to have wrapper class obfuscated by Manco .NET Obfuscator. In this case it is reasonable to use ‘internal’ access modifier for these methods and properties. Check the “Set internal access modifier in the wrapper class for public properties and methods” checkbox to change access modifiers in the wrapper class.
  11. Click "Save settings"  button and enter name of the project file. For example: CreateLoaderAndWraper_EncryptSettings.xml.
  12. Click "Encrypt"  button. File with loader and wrapper classes will be created.
  13. Click "Close" button.
Create project file for obfuscation of the encrypted assembly

This project file will be used to obfuscate original assembly (DLL).
  1. Run Manco .NET Obfuscator.
  2. Click “Open Assembly” button. In the open file dialog select .NET binary file (DLL or EXE) you’d like to obfuscate. Manco .NET Obfuscator will load assembly information and make default obfuscation settings. You can browse the classes, fields and methods are supposed to be obfuscated in the assembly tree view. If checkbox in the tree view is checked then correspondent item (class, property or field) will be obfuscated. By default Manco .NET Obfuscator mark private and internal classes and members for obfuscation.
  3. By default Manco .NET Obfuscator do not mark any strings to encode. You can simple force obfuscator to encode all strings in assembly by check “Encode all strings” check box, or you can switch to the “Strings for encoding” tab and select strings which should be encoded. By default Manco .NET Obfuscator uses “Raw” method to encode strings. It is a fastest way to encode and decode strings, but it is less secure than other options.
  4. Set desirable level of the control flow protection.
  5. Click “Save” button and enter name of the obfuscation project. For example:  ImportantFunctionality.moproj.
Create project file to encrypt obfuscated DLL

This project file will be used to encrypt obfuscated DLL. 
  1. Run License Manager and select “Products” tab.
  2. Right click license type node.
  3. Select “Encrypt File” in the context menu.
  4. Select in the “Cryptographic Key” combo box name of the custom value where cryptographic keys are stored.
  5. Enter name of the DLL file that contains OBFUSCATED assembly to the “File to encrypt” text box. For example: “D:\Manco\Licensing\EncryptAssemblyCS\ImportantFunctionality\bin\Debug\Output\ImportantFunctionality.dll”
  6. Enter name of the file that will contain encrypted assembly to the “Save encrypted to” text box.                              
  7. Click "Save settings" button and enter name of the project file. For example: EncryptObfuscated_EncryptSettings.xml.
  8. Click "Encrypt" button. File with loader and wrapper classes will be created.
  9. Click "Close" button.
  10. Remove reference to the encrypted assembly from your project.
  11. Add encrypted assembly and loader class to your project. We would recommend you to add these 2 files to your project as link. This way you always will be sure that you are using latest version of the encrypted assembly and loader class.
  12. Select file with encrypted code in the solution explorer (“ImportantFunctionality.dll.enc” in our case) and set Build Action for it to “Embedded Resource”.                
  13. Add following code right after initialization of the license object:
[C#]

            _EncryptedBinaryLoader.Load(license);
[VB.NET]

           _EncryptedBinaryLoader.Load(license)

Create project file to obfuscate your application

This project file will be used to obfuscate your application which uses encrypted DLL. The process is absolutely similar to one described for encrypted assembly. You just need to select executable file of your application. Pay attention, because of the settings made for the loader and wrapper classes both have internal access modifier, so Manco .NET Obfuscator marks both classes for obfuscation:

Click “Save” button and enter name of the obfuscation project. For example:  EncryptedAssembly.moproj.

Using of the project files

If you are using “Standard Edition” of the Manco .NET Licensing System then you can encrypt your assembly using License Manager only. In this case build sequence looks like the following:
  1. Build Visual Studio project for encrypted assembly.
  2. Run License Manager.
  3. Use CreateLoaderAndWraper_EncryptSettings.xml project file to create loader and wrapper.
  4. Run Manco .NET Obfuscator.
  5. Use   ImportantFunctionality.moproj project file to obfuscate encrypted assembly.
  6. From License Manager use EncryptObfuscated_EncryptSettings.xml project file to encrypt obfuscated assembly.
  7. Build Visual Studio project for your application which uses encrypted assembly.
  8. From Manco .NET Obfuscator use EncryptedAssembly.moproj project file to obfuscate your application.
“Professional Edition” (and high) of the Manco .NET Licensing System includes license for Encryptor. This is console application which performs encryption operations from the command line. It makes possible automation of the encryption during application building process (from the Visual Studio, for example). You can call Encryptor and command line mode of the obfuscator from the Post-build event:

  1. Run Visual Studio and open solution with your application and encrypted assembly project. For example:                                           
  2. Open properties page of the ImportantFunctionality project and go to the “Build Events” tab.
  3. In the “Post-build event command line” text box enter commands to call Encryptor and obfuscator:
    1. "C:\Program Files (x86)\Manco Software\Manco .NET Licensing System\Tools\Manco.Licensing.Encryptor.exe" $(ProjectDir)Encrypted\CreateLoaderAndWraper_EncryptSettings.xml
    2. "C:\Program Files (x86)\Manco Software\Manco .NET Obfuscator\Manco.Obfuscator.Console.exe" $(ProjectDir)ImportantFunctionality.moproj
    3. "C:\Program Files (x86)\Manco Software\Manco .NET Licensing System\Tools\Manco.Licensing.Encryptor.exe" $(ProjectDir)Encrypted\EncryptObfuscated_EncryptSettings.xml
  4. Open properties page of the EncryptedAssemblyCS project and go to the “Build Events” tab.
  5. In the “Post-build event command line” text box enter command to call obfuscator:
    "C:\Program Files (x86)\Manco Software\Manco .NET Obfuscator\Manco.Obfuscator.Console.exe" $(ProjectDir)EncryptAssemblyCS.moproj
Now all necessary encryption and obfuscation things are automated in the Visual Studio build process. So you need not to run License Manager and/or Manco .NET Obfuscator GUI to encrypt and obfuscate your code. It will be done automatically when Visual Studio build your solution.

1 комментарий: