Secure Your .NET Application

[TheCPUWizard]

Dynamic Concepts Development Corporation will be releasing its .Net security package as of Janurary 1st, 2009. This package applies advanced cryptographic techniques to your managed assemblies to dramatically improve security against snooping (reverse engineering).

At present we are offering two specials for interested parties:

1) Contact us at [email protected] to recieve our security challenge. We wil send you a sample application that has been secured, with a challenge to determine the C# code that makes the program function.

2) Contact us at [email protected] and we will give you instructions on how to prepare your program for encryptions, You can then send us a copy of your compliant assemblies and we will provide you back with a (time limited) secured version of your own application. This is a limited offer

This is NOT an obsfucation techique. It protects you application files in a highly secure manner that prevents ANY analysis tool on the market from scanning your files and retrieving the contents.

[Codeplug]

If you haven't added any anti-debugging techniques to prevent a memory dump after decryption...
http://www.veracode.com/blog/category/binary-analysis/

Something I see advertised in similar products.

gg

[TheCPUWizard]

The first thing to realize is that ANY code which is deployed to a machine where you do not control all "administrative" rights, CAN be broken. If the "rpfot motice" is high enough it WILL be broken.

That being said, the key is to reduce the "Attack Surface". Even "niovices" will try to open an exe or dll with reflector or some other tool to see if they can peek at the code.

It is this particular attack vector that is the primary focus. The file will NOT be recognized as a .NET assembly.

Once things are loaded into memory, the issues do get a bit more complex. While this is NOT an obsfucation program, it will work with obsfucated assemblies. Even better, using the techniques we cover, you can completely obsdufcate multiple assemblies so that there are NO recognizable structures.

Remeber professional tool like DotFuscator (not the community version that ships with VS-20xx) will do many things to make the code harder to undersdand.

Finally we do (optionally) make use of certain CLR features, which I will not reveal on a public forum, that make it difficult to attach a debugger to get meaningful information.

In conculison, a "layered defense" is recognized as the most effective means of protection. This product focuses on one of the layers, that is typically not covered by other products, and can be avaluable addition to an arsenal of protection devices.

This is the reason we are offering (for a limited time only) to protect a sample program that you have created. You already KNOW more than any potential attacker would know about your program. This is the ideal way to see how much information you can directly expose from the protected image.