[Full-disclosure] plz suggest security for DLL functions
tim-security at sentinelchicken.org
Fri Jul 1 16:33:30 BST 2005
> Try signing the hash of all your function arguments with a private key
> and then in the function calculating the hash and verifying the
> The public key could be extracted from the dll or the dll could be
> reverse enginereed to remove the checks but this is still a good
> method to prevent totally clueless people from using your dll.
Make it as complicated as you want, with as much crypto as you like, and
a skilled attacker will just find those key branch instructions and
alter them to jump where necessary.
You can obfuscate it, but you can't make it secure. You'll just have to
live with that fact. You might be able to track the illegitimate use of
your DLL with watermarks, but you won't be able to prevent it if someone
really wants to use it that badly.
Full-Disclosure is hosted and sponsored by Secunia.