tags:

views:

234

answers:

4
Q: 

How to encrypt a program for defense against disassembly?

I need to protect my program from disassembly. The first attempt would be by encrypting the program and decrypting its parts when needed. Perhaps encrypting again when decrypted code is executed.

Please give me a clue, how create this type of defense. Obviously without assambler this task is difficult, but I haven't found many resources.

If you have any URLs to share with information around this issue, please share.

+13  A: 

This is pointless. If you don't have control and support of the hardware, the code could always be run in an emulator that would read decrypted instructions.

Protect the data not the code.

Nikolai N Fetissov  2010-07-11 18:41:22
+4  A: 

This is just wrong :/. If you encrypt/decrypt every function that will be executed, your program will have the speed as a ... i don't know. A stone perhaps?

There is no good solutions on how to completely protect against disassembly.

Burbas  2010-07-11 18:42:19
I like stones :)
Juri Robl  2010-07-11 20:09:53
Who doesn't? :)
Burbas  2010-07-11 20:13:59
Stones can move very fast, though. For instance when involved in rockslides. But not if they're running on Windows.
amphetamachine  2010-07-11 22:00:42
Stones also need to move fast to break windows too.
Jeffrey Kern  2010-07-11 22:42:36
+2  A: 

Look at this article and also this one regarding binary-level encryption of executable code.

Other than that, just strip your debugging symbols and use gcc's -O2 flag; the bytecode will become more or less un-decompilable.

amphetamachine  2010-07-11 18:59:02
well, even if the debug symbols are striped it is still possible to "decrypt" what the program does, but of course, it is very difficult and time consuming.
Quonux  2010-07-14 13:13:32
@Quonux - I admit it wouldn't be as difficult as full code encryption, but it would serve its purpose as far as code hiding.
amphetamachine  2010-07-14 17:20:22
A: 

You'll have to have the decrypting component in the clear, right? Which means that you have handed the attacker the key to unlock the box, right? So what, exactly, have you gained by doing this?

dmckee  2010-07-11 22:41:07

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords