lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri Jul  1 16:33:38 2005
From: tim-security at sentinelchicken.org (Tim)
Subject: plz suggest security for DLL functions

> Try signing the hash of all your function arguments with a private key
> and then in the function calculating the hash and verifying the
> signature...
> The public key could be extracted from the dll or the dll could be
> reverse enginereed to remove the checks but this is still a good
> method to prevent totally clueless people from using your dll.

Make it as complicated as you want, with as much crypto as you like, and
a skilled attacker will just find those key branch instructions and
alter them to jump where necessary.

You can obfuscate it, but you can't make it secure.  You'll just have to
live with that fact.  You might be able to track the illegitimate use of
your DLL with watermarks, but you won't be able to prevent it if someone
really wants to use it that badly.

tim

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux