Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Building Security Awareness in .NET Assemblies : Part 2 - Learn to protect your .NET assemblies from being tampered

0.00/5 (No votes)
31 Oct 2004 4  
Building Security Awareness in .NET Assemblies : Part 2 of 3

Disclaimer

NeCoders shall not be held responsible for any cases of software/files being hacked due to the information provided in this article.

General Overview

Before you read part 2, please make sure you already have read part 1 as it is related. In this article, I will be showing how to defend your .NET assemblies from being tampered. I do believe you have heard of the Digital Signature Approach. In short, you could actually attached a Strong Name key to the .NET Assembly to protect it from being tampered. Strong Name key is a RSA 1024 bit encryption, and to break it is not that easy at all. You need to have huge computing power to get that private key.

Why Strong Name??

When it was first introduced to me, I had no idea what it meant.

1st Scenario :

I am not sure whether this had happened to you, but it did for me. I was thinking of securing my .NET Assemblies a while ago, and I tried reading up on articles regarding how to do so. From what I read, it recommended me to use Strong Name key. It continued to explain about the benefits of it, but it was rather vague. It assumed that I could visualize what the author could which in the end, left me wondering about what so special is this so-called Strong Name.

Why did I feel this way? Well, reason being that I had many doubts about it. It did not encrypt my codes nor did it hide my codes from decompilers such as .NET Reflector. It isn't even related to obfuscation. So then what is Strong Name for? Some marketing tool to convince the public that the assemblies it protects is secure?

2nd Scenario :

Your superior comes to you and asks you to implement a Strong Name key in your assemblies. And then when you reply, why Strong Name, they would say this is what other people are doing in the industry; we should follow them as well.

The Demonstration

In this demo, I will show you the usage of attaching a Strong Name key to your assemblies.

Test machine specifications :

  • Windows XP Professional Edition SP 1

  • Intel Pentium 4 2.6GHz

  • 256MB DDR-RAM

  • Visual Studio .NET 2003 Professional Edition

  • Microsoft .NET Framework 1.1
1. Open the Visual Studio .NET 2003 command prompt and make sure you access to the directory where your source files or solution files resides. 2. Type “sn –k sn.key”

3. The strong name has been successfully created. Now how do you attach it to your solution?

4. Open up the source code for AssemblyInfo.cs in your CrackingIL solution and enter this code inside AssemblyKeyFile.

5. Build your project and run it by pressing F5 in Visual Studio .NET 2003.

6. Now, open up the Visual Studio .NET 2003 command prompt and type “ildasm CrackingIL.exe /out=CrackingIL.il”

7. Open up the CrackingIL.il with any text editor. I chose Notepad.

8. Search for this line:

9. Then change it from “Welcome to NeCoders” to “I can’t hack you, why!”

10. Save the file. Type this command “ilasm CrackingIL.il” in Visual Studio .NET 2003 command prompt.

11. Execute the CrackingIL.exe.

You will see the above and this:

12. It means that you just can’t simply manipulate someone else's .NET assembly and convert it back. Congratulations, you have successfully protected your assembly with Strong Name.

Conclusion

I hope that from this article, you manage to gain some brief idea about Strong Name and how it helps to protect your .NET assembly. I have finished the part 3 of this series. Please do check it out.

References

None

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here