How do you lock a dll?

views:

181

answers:

+3 Q:

How do you lock a dll?

Hi all,

I'm producing a dll for a business partner of mine that he is going to integrate into his app. But I also want to somehow lock the dll so it cannot be used by anyone else. The API of the dll is quite straight forward so it'd be easy to reverse-engineer and use it elsewhere.

How do I do that? My only idea so far would be to add a function in the DLL that'd unlock it if the right parameter is passed to it. But again, it can't be static, this would be too easy to intercept, so I am looking for something semi-dynamic.

Any ideas? Thanks in advance.

+5 A:

How likely do you think it is that you'll actually suffer any ill effects (lost income etc) due to this? How significant would such ill effects be? Weigh that up against the cost of doing this in the first place. You could use obfuscation (potentially - it depends on what kind of DLL it is; native or .NET?) but that will only give a certain measure of protection.

You need to accept that it's unlikely (or impossible) that you'll find a solution which is 100% secure. There are shades of grey, and the harder you make it for miscreants, the more effort (or money) you're like to have to put into it too. It may well also make it harder to diagnose issues (e.g. obfuscators munge stack traces; some allow a mapping tool back to the original, but you're likely to lose some information).

Jon Skeet 2009-06-05 12:48:26

Security is all about raising the bar, the higher your raise it the more effort it takes on your part and on the attackers part. Great point

JoshBerke 2009-06-05 12:49:51

Adding a small layer of security protects against a developer casually ripping off your code. Once a developer sees there is some protection against this, they will think "oh they don't want me to do this". At least, that's what I would think.I don't think you should take such a pessimistic view on the topic. Anything is better than nothing.

TheSean 2009-06-05 12:54:17

@TheSean: That depends on how much effort it takes to implement the "anything" and how much you would lose if you *didn't* implement the same thing. If there would actually be no impact, it's a waste of time doing anything.

Jon Skeet 2009-06-05 13:02:45

Case in point: You add an incredible good copy protection to a game which paying customers hate because it bothers them so much. So you'll turn many paying customers into pirates (-> less income) and that copy protection will cost, too (-> even less income).

Aaron Digulla 2009-06-05 13:35:20

+3 A:

It looks like you need to create and use license keys:

http://www.google.com/search?q=creating+license+keys+for+applications&rls=com.microsoft:pt&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

Luis Abreu 2009-06-05 12:49:15

+1 A:

Are you trying to protect from casual pirates or something else ? Whatever you do, if the software is remotely useful it is gonna be craked, patched and what not - just ask any of the third party controls vendors.

Any solution that you come up with, it is going to be cracked. Someone might just open the dll in hex editor and patch your function that does the checks, validation and verification.

no_one 2009-06-05 12:50:00

+5 A:

For .net libraries, this is already built into the framework, you just need to set it up. Here is an MSDN article about it.

How to: License Components and Controls

Other than liccensing, you should also obfuscate your code using a tool such as dotFuscator.

PreEmptive's DotFuscator

TheSean 2009-06-05 12:51:00

+2 A:

Quick and dirty in .NET: strong-name all your assemblies and all assemblies that will access your "locked" dll. Mark all your API classes as internal instead of public. Then, on your "locked" dll, specify those dlls that should have access to your internal API with the InternalsVisibleTo attribute.

Will 2009-06-05 13:18:12

ansaurus

tags:

views:

answers:

How do you lock a dll?

related questions