It's really not that hard. Version information for assembly references is, to my
knowledge, stored in one place in a given assembly, the AssemblyRef table. This table
contains an index into the blob heap, where the public key token lays. A similar index
exists that points to the hash value.
Yo
> If you can't change the assembly it means you can FAKE
> Microsoft's Framework DLL
> I doubt you can do that
You can't simply fake MS' .NET assemblies so a .exe Host will
run your assemblies and not the originals. You can however, if the .exe
host runs license protection code in a .NET
I get your point :D
So basically there is no windows app that can be protected.
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL PROTECTED]
Only 10 kind of people understand me. Those who are and those who ar
Agreed. I was making the point that this security protects the system, not the
software author.
damon
-Original Message-
From: Moderated discussion of advanced .NET topics.
[mailto:[EMAIL PROTECTED] Behalf Of Frans Bouma
Sent: Monday, April 19, 2004 11:42 AM
To: [EMAIL PROTECTED]
Subject
> I think there is a subtlety being missed here. I could create
> an assembly, strong name it, and send it to you. You could
> use ILDasm/ILAsm like Frans pointed out to remove my strong
> name and any licensing checks I added. You could then apply
> your strong name, and get all the functional
Again, I mean you can't recompile it with the same strong name
and if you put strong name check on your application it will not be easy
to avoid those checks
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL P
I think there is a subtlety being missed here. I could create an assembly, strong name
it, and send it to you. You could use ILDasm/ILAsm like Frans pointed out to remove my
strong name and any licensing checks I added. You could then apply your strong name,
and get all the functionality while s
> Again,
>
> You cann't change the compiled IL
> the assembly will fail executing
erm, not to be rude or anything, but... have you tried what I
wrote? Just because you say so, doesn't make it true, sorry.
You can't alter the bytes in the original DLL, but why would you
do that?
If you can't change the assembly it means you can FAKE Microsoft's
Framework DLL
I doubt you can do that
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL PROTECTED]
Only 10 kind of people understand me. Tho
> > is simply circumvented by altering the IL a bit to simply
> > skip the 'CheckLicense' routine which does the communication
> > with your server and it's cracked.
>
> you can't changed an assembly. thats the point of security!
you can't?
ILDasm /out=foo.asm myAssembly.dll
notepa
> Should ISomeIf contain the complete interface (understood as a set of
> methods) for DoSomething() to succeed? I believe so.
Agreed.
> However, if DoSomething() operates on a number of objects:
>
> t.DoSomething2(someIf1, someIf2, someOtherIf3);
>
> then the situation may change. I recall at l
Again,
You cann't change the compiled IL
the assembly will fail executing
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL PROTECTED]
Only 10 kind of people understand me. Those who are and those who aren't.
is simply circumvented by altering the IL a bit to simply skip the
'CheckLicense' routine which does the communication with your server and
it's cracked.
you can't changed an assembly. thats the point of security! add to it a
strong name assembly and it is imposible to fake either.
Best Regard
Best way is to sign your registration assembly with public key (strong
name)
You can make a client utility to send you via email the client's machine
information and then generate a strong name assembly back to the client.
the software MUST check if the client has the assembly given and verify
> I have nearly finished a new application and we want to
> protect our investment.
>
> What is the best way to implement product registration? Is
> there an example around?
>
> I have read that some people are using the HD Volume number
> as a key to ensure each installation is unique. Is thi
I have nearly finished a new application and we want to protect our
investment.
What is the best way to implement product registration? Is there an
example around?
I have read that some people are using the HD Volume number as a key to
ensure each installation is unique. Is this a good idea?
We
16 matches
Mail list logo
