stackoom
  简体   繁体   中英

How can I prevent others from using my unmanaged DLL in their C# application?

 原文  2015-06-01 13:08:35       c#/ .net/ dll/ reverse-engineering/ unmanaged

Question

I'm developing a C# application to assist people with reading and writing disabilities - among other things this application provides word prediction.

The word prediction is written in C and runs as a webservice on a Linux server and requires a login to be used. No problem.

Lately, however, several of our customers have expressed interest in an offline version, which is something we would like to provide. As a means to that I've written a wrapper (in C) around the word prediction code and compiled it to a DLL that I can use in my C# application along with our prediction data files.

Problem is, now everyone has access to:

  1. Our data files (not a problem in itself, because the files don't really make sense without the prediction code).
  2. The compiled DLL.
  3. The C# code (which can easily be decompiled to see how the DLL is used).

I know I can't protect the C# code and I am also aware that it is impossible to completely secure the code, as the binaries will always be readable (there are plenty of questions/answers on this topic already, so I'd be grateful if people don't repeat these answers).

I would, however, like to know if it is possible to secure the DLL in a way that it can only be called from my application?

I'm thinking something along the lines of comparing the checksum of the calling EXE file with a checksum compiled into the DLL. Are the other (more elegant) solutions available?

The point isn't to create a DLL that is 100% secured against being used by unintended applications (as it's impossible) - but secure enough that other developers cannot easily copy the data/DLL files and use them in their application (we've had issues with competitors stealing our code on other platforms already).

Clarification of the intended purpose of the question

Based on some of the comments I think some clarification is needed.

The point of the question isn't to find a way that will 100% secure code - we already know that's impossible (here's a good question on the topic: Protect .NET code from reverse engineering? ).

The point is to get suggestions on ways to complicate cracking the code (or, as I've learned, now: Security through obscurity).

Some people will argue that it's a waste of time, but by that thinking we might as well hand out all of our source code to everyone for free, because it's going to be cracked eventually anyway, right? Right?

No. It really depends on your target audience.

If you are Microsoft trying to prevent piracy of Windows with its hundreds of thousands of users someone will find a way to crack it - even if just for the "prestige" of being "The guy that cracked Windows". Regardless, it still makes sense to put some anti-piracy measures into place, just to keep the average user from pirating it.

If you're a small business, however, the act of making it more complicated to crack your code may mean that it won't actually be cracked. Why? Because it's all the more unlikely that average Joe (and his developer friends) have the knowledge to crack your code and the people who can crack it will have no interest in it.

2 answers

solution1
 1  2015-06-01 13:43:51

For Direct Security

The simplest approach would be to make your unmanaged C DLL have a built-in licensing mechanism, to essentially render it useless to third-party developers who might otherwise import the library to their own managed or unmanaged code.

There are many techniques to do this, such as reading a license key from the Windows registry or by adding a special ActivateLicense(string key) function to the DLL which gets called from your C# managed application prior to using the other functions of the library.

The specific process of generating and accepting licensing keys is up to you, but in a pure offline environment, there's no such thing as a 100% safe system ( How are Software License Keys generated? ).

For Extra Security through Obscurity

These remaining options are just extra tips and tricks to make it harder for competitors to reverse engineer, but do not provide much in the way of real security:

  • Embed your unmanaged DLL as a resource within your managed application and load it at runtime from a temporary file
  • Encrypt your unmanaged DLL prior to embedding it, decrypt at runtime, and delete it when unloading the application
  • Use a third-party obfuscation tool for your C# code

solution2
 0  2015-06-02 18:52:14

Since you're concerned about just the average users pirating your product, I'd suggest you look into license managers like flexlm. Just make sure the dll itself connects to the license server to make sure the product is licensed, not the exe.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I pass a pointer from C# to an unmanaged DLL? How can I declare constant strings for use in both an unmanaged C++ dll and in a C# application? How to pass data to C# COM DLL from unmanaged application How can I convert C++ unmanaged DLL to C# How can I pass struct from C# managed to C++ unmanaged DLL and get struct in result? How do I protect my C# app from crashing when calling a method in an unmanaged DLL? Using an unmanaged struct from an unmanaged DLL without copying in C# How can I pass an array from C# to an unmanaged DLL as a long [] and get values back? How to create unmanaged DLL using C#? Using unmanaged dll with c#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM