|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Dll Security
Valdis.Kletnieks
vt.edu
Date: Sun May 08 2005 - 18:34:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 06 May 2005 16:17:30 -0300, VP said:
> Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
> important algorithm used here.
Good luck. You're probably better off making the customer sign an NDA
or other document that has some teeth in it, so that you can sue them if
they rip your code off. I have more faith in a good lawyer being able
to bulletproof the problem than a good programmer...
> I'm encrypting the dll with a program, then when i want to loadlibrary() it,
> i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
> So i have my encrypted dll and i have a plain-text version either. To
> mitigate this vulnerability, i'm using EFS to protect my plain-text dll.
So far so good, except....
> I'm wondering if using the PE format i can do some kind of "on-the-fly
> encrypt and decrypt". Is it possible ? There is any example ? Is it a good
> solution ?
The first guy who comes along with a debugger will have little to no problem
getting your code extracted. Note that even loading the encrypted form, then
checking if you're being debugged, then decrypting and calling the code won't
work, because there's a race condition - they can attach the debugger after
your test. And they can make the timing hole arbitrarily large - a bunch
of 'for(;;)' loops will slow things down. You can't even raise your priority
by a notch, as the attacker can raise the priority of their cycle-suckers by
2 notches and the debugger by 3.
This is *really* a "You can't win this one" game. You *might* be able
to if there's proper hardware support - but note that even the now-emerging
"trusted computing" chipsets probably can be subverted....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCfqIMcC3lWbTT17ARAs5iAKDoskD5lHDvD3U+Vz4o/ggCPe/uAgCeOp5j
9QgfcCq76dXZpgjNR00pocc=
=Bbrt
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]