.NET 与 Delphi 中的混淆

发布于 2024-10-01 02:48:48 字数 252 浏览 11 评论 0原文

我有旧的 Delphi 应用程序。该应用程序从服务器获取会话密钥,使用该密钥执行一些秘密操作,例如散列等,然后将密码发回服务器。服务器知道如何从此密码检索数据。简而言之,它是通过默默无闻实现安全。

我想使用 C# 重写这个应用程序,然后使用混淆软件来隐藏创建秘密数据的过程。

C# 混淆的应用程序比未混淆的二进制 Delphi 应用程序或多或少“安全”吗?破解Delphi代码会更难吗?

注意:我完全清楚,通过默默无闻的安全性并不真正安全。

I have old Delphi application. This app takes session key from server, do some stuff with secret using this key like hashing etc. and post back cipher to the server. Server knows how to retrieve data from this cipher. So simply it's security through obscurity.

I would like to rewrite this application using C# and then use obfuscation software to hide the process of creating secret data.

Will C# obfuscated app be more or less "secure" than not obfuscated, but binary, Delphi app? Will it be still harder to crack Delphi code?

Note: I am perfectly aware, that security through obscurity is not really secure.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

流云如水 2024-10-08 02:48:48

由于 IL 比程序集简单得多,因此我想说,对 .NET 程序集进行逆向工程(无论是否混淆)比真正的二进制文件更容易。此外,由于 .NET 编译器将大部分优化留给了 JIT 编译器,因此与已编译的二进制文件相比,IL 相当简单。

Since IL is a lot simpler than assembly, I would say that it is easier to reverse engineer a .NET assembly (obfuscation or not) than a real binary. Additionally, as the .NET compilers leave most of the optimization to the JIT compiler, IL is pretty straight forward compared to a compiled binary.

带刺的爱情 2024-10-08 02:48:48

“C# 混淆的应用程序会比未混淆的二进制 Delphi 应用程序更“安全”吗?破解 Delphi 代码会更困难吗?”

我认为在不了解您的威胁模型的情况下不可能回答您的问题。谁想攻击该应用程序?他们的复杂程度如何?他们想通过攻击达到什么目的?

.NET 框架类库具有一些强大的安全功能,还有 SecureString 类。这样可能会提高您的安全性。

FWIW,我更愿意攻击托管代码而不是本机代码。但如果有足够的动力,我很乐意攻击其中任何一个。

"Will C# obfuscated app be more or less "secure" than not obfuscated, but binary, Delphi app? Will it be still harder to crack Delphi code?"

I don't think it's possible to answer your questions without knowledge of your threat model. Who wants to attack the app? What level of sophistication do they have? What do they want to achieve with their attack?

The .NET framework class libraries have some strong security features, and there's also the SecureString class. So that might improve your security.

FWIW, I would prefer to attack managed code rather than native code. But with sufficient motivation, I would be happy to attack either.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文