对 .NET 程序集进行签名:这真的可以保护我的程序集免遭篡改吗?

发布于 2024-07-10 17:38:10 字数 389 浏览 7 评论 0原文

我正在我的应用程序中实现一个“锁定”系统,以保护我的应用程序免遭复制和非法使用。 系统检查基于硬件的代码的签名,并期望使用只有我公司拥有的私钥对其进行签名。 (该应用程序已获得公钥来验证签名。)

我想确保没有人更改应用程序中的锁定机制,因此我想签署我的应用程序的程序集,我认为这是有道理的。

  1. 由于我还没有看到 CLR 谈论过程序集的签名无效,所以我想确保这个系统确实有效。 可以? 我应该做什么才能让它发挥作用?
  2. 攻击者能否将精力集中在 CLR 上,使其不关心我的签名? 也就是说,如果他不能篡改我的代码,因为我已经签名了,那么他可以篡改 CLR 吗?
  3. 一般来说,我想了解一下您对此类安全防护技术的经验。 任何人都可以提出其他建议吗?

I am implementing a "locking" system in my app which protects my app against being copied and used illegally. The system checks the signature of a hardware-based code and expects it to be signed with a Private Key that only my company owns. (The app has got the Public Key to validate the signature.)

I want to make sure that no one changes my locking mechanism in the app, so I want to sign my app's assembly and I think it makes sense.

  1. Since I haven't seen the CLR ever talk about an assembly's signature being invalid, I want to make sure this system really works. Does it? What should I do to make it work?
  2. Can an attacker concentrate his efforts on the CLR to make it not care about my signature? That is, if he can't tamper with my code because I've signed it, can he tamper with CLR?
  3. Generally, I would like to know your experience about such safe-guards and protection technologies. Can any one suggest anything else?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

等待我真够勒 2024-07-17 17:38:10

程序集签名旨在允许应用程序/程序集引用程序集,并确保它们获得最初引用的程序集。 如果有人愿意,理论上他们可以反编译您的整个应用程序并重新编译而无需签名。 (即:他们可以重新编译引用程序集,以便它引用引用程序集的未签名版本)。

然后他们就可以根据需要修改代码,因为客户端 (exe) 现在将引用未签名(或“重新签名”)的 dll。

为了使反编译和重新编译过程变得更加困难,您可以尝试创建包含托管代码和本机代码的混合模式 C++/CLI 程序集。 但是,是的......最终人们掌握了所有的二进制文件,并且通过足够的努力可能可以绕过您想到的任何许可系统。

Assembly signing is designed to allow applications/assemblies to reference an assembly and be sure that they get the assembly they originally referenced. If someone wanted to, they could in theory decompile your entire app and recompile with no signing. (ie: they could recompile the referencing assembly so that it referenced an unsigned version of the referenced assembly).

They would then be able to modify the code as they wanted, because the client (exe) would now reference an unsigned (or 're-signed') dll.

To make the process of decompilation and recompilation more difficult, you could try creating a mixed-mode C++/CLI assembly containing both managed and native code. But yeah... ultimately people have all your binaries to hand and with enough effort can probably get round any licensing system you think up.

冷默言语 2024-07-17 17:38:10

对于签名程序集存在一定程度的误解。 正如麦肯尼尔指出的那样,程序集签名并不是一种用于防止程序集被篡改的安全机制。 以下关于 codeproject 的文章对该主题提供了很好的处理:

http://www.codeproject .com/KB/security/StrongNameExplained.aspx

There's a certaining amount of misconception about signed assemblies. Assembly signing is not, as mackenir pointed out, a secure mechanism to be used to prevent your assemblies from being tampered with. The following article on codeproject gives a pretty good treatment of the subject:

http://www.codeproject.com/KB/security/StrongNameExplained.aspx

巡山小妖精 2024-07-17 17:38:10

对代码进行签名仅允许篡改检测,而不能阻止篡改检测。 知道自己在做什么的人可以删除您的签名,并在必要时添加他们自己的签名。

事实上,大多数版权保护方案都是浪费时间,并且可能被破坏,而且它们也往往会惹恼您的付费客户。 最终,您无法阻止某人在他们控制的硬件上修改和运行您的代码。 只要让它变得足够困难,这样就可以更容易地去采购部门并写下支票,并且很难忘记您没有获得许可的副本。 那些关心的人最终会付出代价,而那些不关心的人永远不会。

另请注意,即使您认为大多数人不会费心破解您的计划,或者没有能力做到这一点,也没关系。 因为一旦有人破坏了您的复制保护方案,他们就可以将其发布到种子网站上,供那些没有技能的人使用,然后游戏就结束了。

Signing your code only allows tamper detection, it doesn't prevent it. Somebody who knows what they are doing can remove your signature and if necessary add their own.

Really most copy protection schemes are a waste of time and can be subverted, and they also tend to annoy the hell out of your paying customers. Ultimately you can't prevent somebody from modifying and running your code on hardware that they control. Just make it sufficiently difficult that it is easier to go to the purchasing department and get a check written, and that it is difficult to forget that you haven't got a licensed copy. Those who care will eventually pay, and those who don't never will.

Also note that even if you think that most people won't bother cracking your scheme, or haven't the skill to do it, it doesn't matter. Because once one person has subverted your copy protection scheme, they can make it available on a torrent site for those without the skill to do it, and it is game over.

梦断已成空 2024-07-17 17:38:10

您可以使用的一种防止篡改的技术是使用程序集的公钥来加密软件的重要部分,例如应用程序/算法参数。 如果公钥已更改,解密将无法进行,您的应用程序将崩溃。

一些混淆器(例如 Crypto Obfuscator)将此技术与字符串加密功能结合使用。 它使用程序集的公钥来加密所有字符串。 如果公钥已更改或删除,解密将失败,您的应用程序甚至无法启动。

One technique you can use is to prevent tampering is to use the public key of your assembly to encrypt essential parts of your software such as application/algorithm parameters. If the public key has been changed, the decryption will not work and your app will crash.

Some obfuscators such as Crypto Obfuscator use this technique with the string encryption feature. It uses the public key of your assembly to encrypt all strings. If the public key has been changed or removed, decryption will fail and your app wont even start.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文