Few years ago, a debate arose around Microsoft’s new born CLR (Common Language Runtime) and .Net framework. Opinions were actually divided on the reliability of the platform, the robustness and performance of the programs written in managed code but it was still early to take conclusions.
I loved the object oriented model approach that was supposed to get rid of all the mess that VB6 Sunday programmers were spreading all around. I liked the very nice and intuitive Visual Studio IDE, the brand new elegant C# language, and later I loved the power of managed code within stored procedures of SQL server 2005.
My first program with Visual Studio was an ERP for a small company; it was an SQL server 2000 DBMS based solution. Development lasted for six months and I was looking in parallel for a reliable way to protect my soft. That was not really a critical issue because the product was so customized to the client that I hardly imagine another company using it. Anyway, I went through all imaginable protection schemes for that damned executable, and I was surprised to see that none of these protections will take more than one hour to be broken.
At that time, I did not understand why Microsoft is replacing our old processor machine opcodes by this, why with this CLR virtual machine programs are so poorly protected and the first coming hacker is able to see MY source? Why do people have to pay for Visual Studio, for an obfuscator and for a packer … to protect THEIR OWN code?
The test:
Today, while trying an amzing french conjugation program, i tried to see what protection scheme is used by the shareware and guess what: it was a .Net program and here is the serial number generation routines that I got with Refractor:
Public Function B21(ByVal nom As String) As Integer Dim num As Integer Dim num2 As Integer Dim objArray As Object() num = 0 num2 = 0 goto Label_0077 Label_0006: num = (num + CInt(Math.Floor(Math.Sqrt _ (Math.Abs((Math.Pow(CDbl(nom.Chars(num2)), 3) _ Mod 2147483648)))))) Console.WriteLine(String.Concat(New Object() _ { "lettre : ", DirectCast(nom.Chars(num2), Char), _ "code : ", CInt(num) })) num2 = (num2 + 1) Label_0077: 'Here we go: If (num2 < (nom.Length - 1)) Then goto Label_0006 End If num = CInt((CLng(((num * num) * num)) Mod &H80000000)) Console.WriteLine(("code : " & CInt(num))) num = Math.Abs((num - (num Mod &H89B))) Console.WriteLine(("code : " & CInt(num))) Return numEnd Function
See nothing? Yeah, there’s a small bug: the key is initialized to zero, while the loop is done (n-1) times (n is the number of character in the given user name string). So with a little logic, if the name I enter is only one char, it will not loop and the serial number will be zero as initialized previously. The objective here was not to crack it of course, I contacted the programmer and I suppose he corrected the bug, all here is about what people can do with YOUR code!
To finish this long post, I’ll just say a fact: in my computer, the folder \Office12 is having more than 200 PE files (most are Microsoft written), but curiously none of these files have been compiled with the ‘.Net super technology’ and I (still) wonder why!
See also - Voir aussi :
{ 2 comments… read them below or add one }
Hi,
It looks like your off to a great start. If you are going to add a lot of code to your site, why not add a few plugins to show the correct formatting.
Dave
Great idea, a big thanks for your encouragement.
I’m downloading the plugins right now.