简体繁体 English

如何从反编译中保护/加密 Inno Setup

[英]How to secure/encrypt Inno Setup from decompiling

原文 2016-09-22 14:10:04 5 2 installation/ inno-setup

I am using an Inno Setup Tool to pack/setup all my files (dll, exe, jpg, etc).我正在使用 Inno Setup Tool 来打包/设置我的所有文件（dll、exe、jpg 等）。 But I found that there is a software called InnoExtractor which can really open my setup and read all the scripts and also extract all the files, since I need to hide/protect my files in setup I spent a lot of time/efforts to secure my setup.exe which was generated from Inno Setup , but I found some people saying add a password to Inno Setup Script, but this is also a wrong because the client knows that password and he can simply use InnoExtractor and extract everything even it was protected by Password!但是我发现有一个叫做InnoExtractor的软件可以真正打开我的设置并读取所有脚本并提取所有文件，因为我需要在设置中隐藏/保护我的文件我花了很多时间/努力来保护我的setup.exe 是从Inno Setup生成的，但我发现有些人说向 Inno Setup Script 添加密码，但这也是错误的，因为客户端知道该密码，他可以简单地使用 InnoExtractor 并提取所有内容，即使它受保护密码！ is not it!?不是吗！？

Now, I just ask if there someone can suggest me to solve this problem.现在，我只是问是否有人可以建议我解决这个问题。 In fact I embed XML files and DLL which is used to install specific files at client side according to the client machine, but if the client extract all DLLs to his machine then it will be a catastrophe!实际上我是根据客户端机器嵌入了XML文件和DLL文件，用于在客户端安装特定文件，但如果客户端将所有DLL提取到他的机器上，那将是一场灾难！ I need a way to prevent the client from seeing/extracting my setup.exe!我需要一种方法来防止客户端看到/提取我的 setup.exe！

2 个解决方案

There's no way to protect code from an user, if you need to be able to run the same code on the user's machine.如果您需要能够在用户的机器上运行相同的代码，则无法保护用户的代码。 Once you deliver files to client's machine, no matter what method you used to pack them, the client can extract the files.一旦您将文件传送到客户端的机器，无论您使用什么方法打包它们，客户端都可以提取文件。

You can only make it harder, but there's no absolute solution.你只能让它更难，但没有绝对的解决方案。

More standard tools you use, more easy it is to decompile the code.您使用的标准工具越多，反编译代码就越容易。 If you want to make decompiling hard, make your custom installer, instead of relying on a standard installer tool (like Inno Setup).如果您想让反编译变得困难，请制作您的自定义安装程序，而不是依赖标准安装程序工具（如 Inno Setup）。

Probably the only safe way is to use some online service.可能唯一安全的方法是使用一些在线服务。

You can encrypt the files with some very strong cipher (each file/DLL with a different encryption key).您可以使用一些非常强大的密码（每个文件/DLL 使用不同的加密密钥）来加密文件。 The installer will ask the user for some password, and will send the password to some online service.安装程序会要求用户输入一些密码，并将密码发送给某个在线服务。 The online service, after verifying the password, will send back a decryption key for the DLL that you allow the client to install.在线服务在验证密码后，将发回您允许客户端安装的 DLL 的解密密钥。 This will allow the installer to decrypt only the DLL for that client.这将允许安装程序仅解密该客户端的 DLL。
Another alternative is that the installer will actually download the DLL from a server, only after you verify the client.另一种选择是安装程序实际上会从服务器下载 DLL，只有在您验证客户端之后。

There's no way to 100% protect your installer from an attacker.没有办法 100% 保护您的安装程序免受攻击者的侵害。 If someone want to crack it then it can do it.如果有人想破解它，那么它可以做到。

What you can do:你可以做什么：

1) Encrypt the files with some custom (3rd party) system or use [Setup] Encryption directive 1) 使用一些自定义（第 3 方）系统加密文件或使用 [Setup] Encryption 指令

2) Modify Inno Setup - download sources, change them and compile again 2) 修改 Inno Setup - 下载源代码，更改它们并再次编译

3) Place sensitive files and data on server and download them during setup (+ encrypt) 3）将敏感文件和数据放在服务器上并在安装过程中下载它们（+加密）

4) [Code] section cannot be entirely unpacked, place some calculations or file operations there 4) [Code] 部分不能完全解压，在那里放置一些计算或文件操作