All geek questions in one place

Checking license information without a logical check?

I am currently using a simple XML file containing license information along with a data signature and public key. So far this method has been working fine. However, I see one pretty big security flaw ...

When my ASP.NET MVC application starts, it checks the license and sets the bool ValidLicense property accordingly. During each request, this property is checked, and an error message is displayed if the license is invalid.

As you can guess, there is absolutely nothing that would prevent a competent user from simply changing my build to set ValidLicense to true, regardless of the validity of the license. I know that this can be done for almost any application, but it seems incredibly easy to work with .NET assemblies.

How can I stop this, or at least make it a little harder to crack the license verification procedure?

I would prefer to stay away from encryption and obfuscation systems, if possible. Go ahead and offer them if you think they are good enough to guarantee value and an additional headache, however.

+3
source share
4

- .

, ( , ), - , , .

+8

, . , . .

, .

, ​​ , - ? , , .

+3

, ( ) : , . Nonobobuser.NET , .

, , , .

, , , , , .

. Visual Studio, DotFuscator ( "Express" ). , , .

Assemblur. (http://www.metapropeller.com/). - ( GUI , ).

, , exe

, , , . (, A, B, , , , ).

, , wannabe .

1: .NET 1 , " ". 5 , .

2: Obfuscated.NET- . .

1 2 1 , . , , ( ), , , , Reflector, , . - :

public bool ValidateLicense(string sLicense)
{
    string sInvalidLicense = "Your license is not valid";
    ...
}

, ?

//EDIT: LC :

- , ? , "if (! ValidateLicense (LicenseCode)) {NotifyUserOfInvalidLicense(); throw new LicenseException();} - , ?

: . , . : .

, Refactor .

"ValidateLicence()", ValidateLicence(). 1 . .

"WhatEver()", , "WhatEver()". , ( Refactor ). wannabe. , , ( ). , ( , , , ).

, : , . , - , . .

, , , , .

, , , + , , 5- "In and Out" , , , , , . .

, - , - . .

, , , , , : ", , ".

+1
source

The approach I encountered when trying to hack a small .NET product was to use an unmanaged .DLL to verify the license. And not only that .DLL also contained a lot of code that was actually used in the software. So, in order to crack the product, I really had to crack the unmanaged .DLL (or make perfect packaging). Needless to say, it stopped hacking wannabe like me. :)

0
source

Source: https://habr.com/ru/post/1702953/

More articles:


All Articles