Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: plz suggest security for DLL functions

From: Tim <tim-security () sentinelchicken org>
Date: Fri, 1 Jul 2005 11:33:30 -0400
Try signing the hash of all your function arguments with a private key
and then in the function calculating the hash and verifying the
signature...
The public key could be extracted from the dll or the dll could be
reverse enginereed to remove the checks but this is still a good
method to prevent totally clueless people from using your dll.


Make it as complicated as you want, with as much crypto as you like, and
a skilled attacker will just find those key branch instructions and
alter them to jump where necessary.

You can obfuscate it, but you can't make it secure.  You'll just have to
live with that fact.  You might be able to track the illegitimate use of
your DLL with watermarks, but you won't be able to prevent it if someone
really wants to use it that badly.

tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: