Code Partitioning - The next big thing in protecting .NET code?

My blog has moved. You can view this post at the following address: http://www.osherove.com/blog/2006/1/15/code-partitioning-the-next-big-thing-in-protecting-net-code.html
Published Sunday, January 15, 2006 1:03 PM by RoyOsherove
Filed under:

Comments

Sunday, January 15, 2006 7:23 AM by Eran Sandler

# re: Code Partitioning - The next big thing in protecting .NET code?

How about just releasing the code as open source ;-)

Heck, not everything should be protected and if you DO need that kind of protection you can always go the more conventional way of writing only that specific part (usually an algorithm) in native code.

.NET is REALLY good (performance wise) in P/Invoke.
Sunday, January 15, 2006 8:12 AM by Ilan Assayag

# re: Code Partitioning - The next big thing in protecting .NET code?

Another interesting application I read about lately is the one developed by the guys of http://www.approtect.com/ who got the first price at the last BizTEC academic competition. They focussed more on avoiding hacking into online software (typically games) by forcing key parts of the code to be executed on remote servers.
It's not exactly the same, but has some points in common.
I agree with you that these kinds of solutions, where you only mess around with the key parts of the code and leave the rest unprotected, seem to be very promising (not only for .NET).
Sunday, January 15, 2006 2:04 PM by Ayende Rahien

# re: Code Partitioning - The next big thing in protecting .NET code?

This doesn't seem to be all that complex, mostly you just need to hook into the AssemblyResolve event and store the encrypted assembly as a resource in the main assembly. It gets interesting when you try to unencrypt it, because then you have to deal with securing the key.
I suppose that it can be done via a web service or something like this, but performance will suffer if it is done remotedly.

The interesting question is where they put their keys.
Tuesday, January 17, 2006 1:48 AM by Addy Santo

# re: Code Partitioning - The next big thing in protecting .NET code?

The "JIT decryption" pattern has been around for a long time, and became commonplace in the mid-90s when viruses self-decrypted their payloads in order to dupe the weaker signature-based scanners.

The problem with this type of protection is that the weakest link is in the interface between it and the platform (in this case the CLR). Once their algorithm is discovered, it becomes easy to insert a layer in between (think 'rootkit for CLR') which can access the unprotected code. So in theory it does discourage "casual decompilation", but everyone knows that in X months ( 1 < X < 4) the ripper with be up on IRC/Kazaa...
Wednesday, February 08, 2006 5:07 AM by Sergey

# re: Code Partitioning - The next big thing in protecting .NET code?

After some investigation, looks like this is not encryption/decryption technology. This is kind of partial pre-compilation. The pre-compiled code is executed by what they call "SVM" - some Virtual Machine. The idea is that pre-compiled code does not need .NET metadata anymore, and it has a custom format, which also may vary. So decompilation of such code is impossible, but clearly should be some performance impact. The SVM itself runs on top of CLR, so it is not like compilation to native, the code is still managed. This is good, especially for code security support.
Looks like interesting technology.