> If you can't change the assembly it means you can FAKE
> Microsoft's Framework DLL
> I doubt you can do that
You can't simply fake MS' .NET assemblies so a .exe Host will
run your assemblies and not the originals. You can however, if the .exe
host runs license protection code in a .NET assembly, use an altered
assembly and change the reference in the .exe to your assembly.
> Again, I mean you can't recompile it with the same strong name
> and if you put strong name check on your application it will
> not be easy to avoid those checks
That's very easy actually, as you just have to remove the
signature from the IL, change the references specified for the
assemblies to meet your own Public key token and you're set (or remove
signing at all). As I said, a somewhat experienced cracker needed 20
seconds to do it on my test application which used a signed .exe and two
signed assemblies. Trust me, I believed that it was very hard (if not
impossible) to do, but it was very easy. :-/ Protection schemes which do
work most of the time, always involve net-access at runtime for
essential program logic, like a part of the system is implemented as a
webservice so not accessable to the cracker. :)
FB
===================================
This list is hosted by DevelopMentorŪ http://www.develop.com
Some .NET courses you may be interested in:
NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles
http://www.develop.com/courses/gaspdotnetls
View archives and manage your subscription(s) at http://discuss.develop.com
