Use SNK key files to protect your DLL and code from being decompiled
- 2021-01-14 05:47:12
- OfStack
People do project development 1 are usually layered, such as UI layer, business layer, data access layer. The business layer references DLL of the data access layer (for example, dataAccess.dll) and uses the methods in dataAccess.dll. When the project is finished and used by the client, some BT clients can also ask someone who knows NET to reference your dataAccess.dll and call the methods in it to do some damage. For example, you can directly use the ChangePwd inside (string UserName,string Pwd) method to change the password of other users, this time on you.......
Okay, now it's time to talk about how to protect our code:
First we need to make our assembly strongly named.
sn -k c:\test.snk Create a new random key pair and store it in c:\test.snk at the command prompt
Then create a new class library ES32en1, there is only a class file ES33en1.ES34en, the code is as follows:
using System;
namespace ClassLibrary1
{
public class Class1
{
public Class1()
{
//
// TODO: Add the constructor logic here
//
}
public string Insert()
{
return "ok";
}
}
}
AssemblyInfo. cs code:
/ /... Everything else is default
[assembly: AssemblyKeyFile("c:\ test.snk ")] // Connect the above file generated by the strong naming tool SN.exe.
Then create an WindowApplication to call our ClassLibrary1 with the code:
private void button1_Click(object sender, System.EventArgs e)
{
MessageBox.Show(new ClassLibrary1.Class1().Insert());
}
AssemblyInfo.cs is not modified for WindowApplication.
You can run it from here, but as you can see, it will successfully call the methods in Class1.
Class1.cs: Class1.cs: Class1.cs: Class1.cs: Class1.cs
using System;
using System.Security.Permissions;
namespace ClassLibrary1
{
[StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey =
"00240000048000009400000006020000002400005253413100040000010001000551684edd1600"+
"8ccbdd337b1cf1490490d97fe0048c5f3629cc4f5104578499eace9b2a94115022edd620def472"+
"8b4f088291cfa77a40659afba611fdafbb7894b93a64049d439936bd0cd8dc0704625aeb735892"+
"e9eb3f910a49a2925af10515d935654d7adac5567ff6d780d23d587de0ff4d271da7b30680fa88"+
"a47a4ba4")]
public class Class1
{
public Class1()
{
//
// TODO: Add the constructor logic here
//
}
public string Insert()
{
return "ok";
}
}
}
Then run windowapplication after compilation and call methods in class1 to get an error.
SecurityAction.LinkDemand is a class in CAS(Code Access Security) provided by NET. SecurityAction.LinkDemand requires that the direct caller has been granted the specified permissions. In this case, windowapplication requires that all high-level callers in the call stack have been granted the specified permissions by the current permission object. The difference is that if windowapplication has authorized access and windowapplication2 calls class1 by calling button1_Click, SecurityAction.LinkDemand can be called successfully, but SecurityAction.Demand cannot be called. windowapplication can be called in both cases.
PublicKey = PublicKey = PublicKey = PublicKey = PublicKey = PublicKey = PublicKey = PublicKey = PublicKey = PublicKey The string following PublicKey is the public key saved in the file c:\test.snk that you started to generate. ES106en.ES107en: ES106en.ES107en: ES106en.ES107en: ES106en.ES107en: ES106en.ES107en: ES106en.ES107en
Enter sn -p c:\test.snk c:\publicKey.snk (extract the public key from test.snk and store it in publicKey.snk)
sn -tp c:\publicKey.snk (to display public key information)
The above command to see the strings behind the PublicKey, what ah, also want to put the string copy down.
Last 1 set for a concern class1 windowapplication how to call this time, actually is also simple, as long as the windowapplication AssemblyInfo. cs is amended as:
[assembly: AssemblyKeyFile("c:\\test.snk")]
Here is 1 cut OK, everyone see the key is test. snk file, so 1 need to protect your own test. snk file.