Shulou(Shulou.com)06/01 Report--

At present, C #. Net language is used more and more widely, and the server architecture background code of IIS, the winform of desktop application and the logic script of Unity3d are all used. C #. Net has a powerful convenient feature, which makes the development cost extremely low. As a. Net language, it also has the disadvantage of giving developers a headache-it is very easy to decompile. Tools such as Dnspy and ILspy,de4dot on the market can easily decompile C #. Net programs protected by confusion.

The decompilation effect of ILspy without deliberate shell protection is as follows:

Public int add (int a, int b) {return a + b;} public int div (int a, int b) {return a / b;} public int mul (int a, int b) {return a * b;} public int sub (int a, int b) {return a-b;}

Solution:

Deep thinking independently developed a shell (Virbox Protector) for the protection of C #. Net language. The execution program (.exe) compiled by C # .net and the dynamic library (.dll) can be dragged directly into the shelling tool to complete the protection operation, which is very convenient. And in the effect, we can no longer see the logic in the source code.

Encryption technology: code encryption / code obfuscation / fragmented code execution

Code encryption: for dotNet programs, protect IL code: a dynamic running method to decrypt protected code. Encrypt and store the current code as ciphertext, automatically decrypt and execute when the program runs to the protected function, erase the code after execution, and then erase the code after execution. where to run to decrypt where the code, * unable to obtain the instructions of the original intermediate language and the code of memory integrity, because it is a pure memory operation, it is recommended to add all the protection means with high speed and high performance.

Code confusion: rewrite the names of various elements in the code, such as variables, functions, and classes, to meaningless names. For example, it is rewritten into a single letter, or a short combination of meaningless letters, or even a symbol such as "_", making it impossible for the reader to guess its purpose based on the name.

Rewrite part of the logic in the code to make it functionally equivalent but more difficult to understand. Such as rewriting for loops into while loops, rewriting loops into recursion, simplifying intermediate variables, and so on.

Disrupt the format of the code. For example, delete spaces, squeeze multiple lines of code into one line, or break a line of code into multiple lines, and so on.

Add flower instructions, through the specially constructed instructions to make the disassembler error, and then interfere with the decompilation work.

Code obfuscators can also cause some problems.

The main problems include:

Confused code is difficult to understand, so debugging and debugging becomes difficult. Developers often need to keep the original unconfused code for debugging.

For languages that support reflection, code obfuscation can conflict with reflection.

Code obfuscation does not really prevent reverse engineering, it only makes it more difficult. Therefore, for situations with high security requirements, using code obfuscation alone does not guarantee the security of the source code.

Fragment code execution: think deeply about the latest technology of independent intellectual property rights: based on LLVM and ARM virtual machine technology, the massive code is automatically extracted and moved into the SS kernel state module, which greatly reduces the threshold for use, eliminates the need to manually transplant algorithms, the number of portable algorithms grows from a limited number to almost unlimited, and the supported language is no longer limited to C, which is a comprehensive application of encryption technology. The effect is similar to breaking up the execution of the software, making it impossible for the cracker to start.

The effect of encryption

Public int add (int a, int b) {return (int) dm.dynamic_method ((object) this, System.Reflection.MethodBase.GetCurrentMethod (), 16416u, 21,16384u, 32u, 31516u, 5) .invoke (this, new object [] {this, a, b}) } public int div (int a, int b) {return (int) dm.dynamic_method ((object) this, System.Reflection.MethodBase.GetCurrentMethod (), 16956u, 21,16924u, 32u, 31516u, 2) .invoke (this, new object [] {this, a, b}) } public int mul (int a, int b) {return (int) dm.dynamic_method ((object) this, System.Reflection.MethodBase.GetCurrentMethod (), 16776u, 21,16744u, 32u, 31516u, 3) .invoke (this, new object [] {this, a, b}) } public int sub (int a, int b) {return (int) dm.dynamic_method ((object) this, System.Reflection.MethodBase.GetCurrentMethod (), 16596u, 21,16564u, 32u, 31516u, 4) .invoke (this, new object [] {this, a, b});}

Architecture support #

Background logical DLL file of IIS service architecture

Windows PC application EXE file

Windows PC application dynamic library DLL file

DLL files used by third-party drawing tools such as UG

DLL files used in Unity3d compilation

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.