Full Disclosure mailing list archives
Re: plz suggest security for DLL functions
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 1 Jul 2005 11:33:30 -0400
Try signing the hash of all your function arguments with a private key and then in the function calculating the hash and verifying the signature... The public key could be extracted from the dll or the dll could be reverse enginereed to remove the checks but this is still a good method to prevent totally clueless people from using your dll.
Make it as complicated as you want, with as much crypto as you like, and a skilled attacker will just find those key branch instructions and alter them to jump where necessary. You can obfuscate it, but you can't make it secure. You'll just have to live with that fact. You might be able to track the illegitimate use of your DLL with watermarks, but you won't be able to prevent it if someone really wants to use it that badly. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: plz suggest security for DLL functions Abhisek Datta (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
- Re: plz suggest security for DLL functions securitynews (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Tim (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
- <Possible follow-ups>
- Re: plz suggest security for DLL functions upb (Jul 01)
- Re: plz suggest security for DLL functions Tim (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- RE: plz suggest security for DLL functions Aditya Deshmukh (Jul 02)
- Re: plz suggest security for DLL functions Devdas Bhagat (Jul 01)
- Re: plz suggest security for DLL functions John LaCour (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
- Re: plz suggest security for DLL functions Sasha Goldshtein (Jul 02)
- RE: plz suggest security for DLL functions Aditya Deshmukh (Jul 02)
- Re: plz suggest security for DLL functions Kristian Hermansen (Jul 02)