stackoom
  简体   繁体   中英

How to secure/encrypt Inno Setup from decompiling

 原文  2016-09-22 14:10:04       installation/ inno-setup

Question

I am using an Inno Setup Tool to pack/setup all my files (dll, exe, jpg, etc). But I found that there is a software called InnoExtractor which can really open my setup and read all the scripts and also extract all the files, since I need to hide/protect my files in setup I spent a lot of time/efforts to secure my setup.exe which was generated from Inno Setup , but I found some people saying add a password to Inno Setup Script, but this is also a wrong because the client knows that password and he can simply use InnoExtractor and extract everything even it was protected by Password! is not it!?

Now, I just ask if there someone can suggest me to solve this problem. In fact I embed XML files and DLL which is used to install specific files at client side according to the client machine, but if the client extract all DLLs to his machine then it will be a catastrophe! I need a way to prevent the client from seeing/extracting my setup.exe!

2 answers

solution1
 3  2016-09-22 14:43:08

There's no way to protect code from an user, if you need to be able to run the same code on the user's machine. Once you deliver files to client's machine, no matter what method you used to pack them, the client can extract the files.

You can only make it harder, but there's no absolute solution.

More standard tools you use, more easy it is to decompile the code. If you want to make decompiling hard, make your custom installer, instead of relying on a standard installer tool (like Inno Setup).

Probably the only safe way is to use some online service.

  • You can encrypt the files with some very strong cipher (each file/DLL with a different encryption key). The installer will ask the user for some password, and will send the password to some online service. The online service, after verifying the password, will send back a decryption key for the DLL that you allow the client to install. This will allow the installer to decrypt only the DLL for that client.

  • Another alternative is that the installer will actually download the DLL from a server, only after you verify the client.

solution2
 2  2016-09-23 11:20:48

There's no way to 100% protect your installer from an attacker. If someone want to crack it then it can do it.

What you can do:

1) Encrypt the files with some custom (3rd party) system or use [Setup] Encryption directive

2) Modify Inno Setup - download sources, change them and compile again

3) Place sensitive files and data on server and download them during setup (+ encrypt)

4) [Code] section cannot be entirely unpacked, place some calculations or file operations there

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set a global environment variable from Inno Setup installer? How to install DirectX redistributable from Inno-setup? How to get volume name from GetVolumeInformation in Inno Setup? How can I call a .NET DLL from an Inno Setup script? How to run a file before setup with Inno Setup Import a scheduled task from XML in Inno Setup Adding assemblies to the GAC from Inno Setup Execute program with output redirection from Inno Setup Getting text from FinishedLabel in Inno Setup Inno Setup : how to integrate admin credentials in the installer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM