.NET 源代码的安全性(源代码工具真正比拼) (論)（3）

上面我们展现了反编译技术对混淆过后代码的比较,我们清楚的看到了三个工具的强大性.从C#的反编译结果上来说,无疑MaxtoCode是最优秀的,它已经完全的杜绝你的源代码外泄.

 

但C#只是一种高级语言,我们希望更底层一点,希望读到更深层的代码MSIL,那么,现在让我们来用各种工具取得它的MSIL代码吧.

 

源文件的MSIL代码如下:

.method private instance string Encrypt( string inStr) cil managed

{

      // Code Size: 84 byte(s)

      .maxstack 5

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: nop

      L_0001: ldstr "a#2151336fdaghksfges"

      L_0006: stloc.3

      L_0007: ldarg.1

      L_0008: callvirt instance int32 string:: get_Length()

      L_000d: stloc.1

      L_000e: ldc.i4.0

      L_000f: stloc.s num3

      L_0011: ldc.i4.0

      L_0012: ldloc.1

      L_0013: ldc.i4.1

      L_0014: sub.ovf

      L_0015: stloc.s num4

      L_0017: stloc.2

      L_0018: br.s L_0048

      L_001a: ldloc.s text3

      L_001c: ldarg.1

      L_001d: ldloc.2

      L_001e: ldc.i4.1

      L_001f: callvirt instance string string:: Substring( int32, int32)

      L_0024: ldloc.3

      L_0025: ldloc.s num3

      L_0027: ldc.i4.1

      L_0028: callvirt instance string string:: Substring( int32, int32)

      L_002d: call string string:: Concat( string, string, string)

      L_0032: stloc.s text3

      L_0034: ldloc.s num3

      L_0036: ldc.i4.1

      L_0037: add.ovf

      L_0038: stloc.s num3

      L_003a: ldloc.s num3

      L_003c: ldc.i4.s 20

      L_003e: blt.s L_0043

      L_0040: ldc.i4.0

      L_0041: stloc.s num3

      L_0043: nop

      L_0044: ldloc.2

      L_0045: ldc.i4.1

      L_0046: add.ovf

      L_0047: stloc.2

      L_0048: ldloc.2

      L_0049: ldloc.s num4

      L_004b: ble.s L_001a

      L_004d: ldloc.s text3

      L_004f: stloc.0

      L_0050: br.s L_0052

      L_0052: ldloc.0

      L_0053: ret

}

 

.method private instance string Register( string instr) cil managed

{

      // Code Size: 44 byte(s)

      .maxstack 5

      .locals (

            [ mscorlib] System.Text.ASCIIEncoding encoding1,

            [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: nop

      L_0001: newobj instance void [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: .ctor()

      L_0006: stloc.1

      L_0007: newobj instance void [ mscorlib] System.Text.ASCIIEncoding:: .ctor()

      L_000c: stloc.0

      L_000d: ldloc.0

      L_000e: ldloc.1

      L_000f: ldloc.0

      L_0010: ldarg.0

      L_0011: ldarg.1

      L_0012: callvirt instance string TestRegister.Form1:: Encrypt( string)

      L_0017: callvirt instance unsigned int8[] [ mscorlib] System.Text.Encoding:: GetBytes( string)

      L_001c: ldc.i4.0

      L_001d: callvirt instance unsigned int8[] [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: Encrypt( unsigned int8[], bool)

      L_0022: callvirt instance string [ mscorlib] System.Text.ASCIIEncoding:: GetString( unsigned int8[])

      L_0027: stloc.2

      L_0028: br.s L_002a

      L_002a: ldloc.2

      L_002b: ret

}

 

1.      Dotfuscator Community Edition MSIL

.method private instance string b( string A_0) cil managed

{

      // Code Size: 84 byte(s)

      .maxstack 5

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: nop

      L_0001: ldstr "a#2151336fdaghksfges"

      L_0006: stloc.3

      L_0007: ldarg.1

      L_0008: callvirt instance int32 string:: get_Length()

      L_000d: stloc.1

      L_000e: ldc.i4.0

      L_000f: stloc.s num3

      L_0011: ldc.i4.0

      L_0012: ldloc.1

      L_0013: ldc.i4.1

      L_0014: sub.ovf

      L_0015: stloc.s num4

      L_0017: stloc.2

      L_0018: br.s L_0048

      L_001a: ldloc.s text3

      L_001c: ldarg.1

      L_001d: ldloc.2

      L_001e: ldc.i4.1

      L_001f: callvirt instance string string:: Substring( int32, int32)

      L_0024: ldloc.3

      L_0025: ldloc.s num3

      L_0027: ldc.i4.1

      L_0028: callvirt instance string string:: Substring( int32, int32)

      L_002d: call string string:: Concat( string, string, string)

      L_0032: stloc.s text3

      L_0034: ldloc.s num3

      L_0036: ldc.i4.1

      L_0037: add.ovf

      L_0038: stloc.s num3

      L_003a: ldloc.s num3

      L_003c: ldc.i4.s 20

      L_003e: blt.s L_0043

      L_0040: ldc.i4.0

      L_0041: stloc.s num3

      L_0043: nop

      L_0044: ldloc.2

      L_0045: ldc.i4.1

      L_0046: add.ovf

      L_0047: stloc.2

      L_0048: ldloc.2

      L_0049: ldloc.s num4

      L_004b: ble.s L_001a

      L_004d: ldloc.s text3

      L_004f: stloc.0

      L_0050: br.s L_0052

      L_0052: ldloc.0

      L_0053: ret

}

 

.method private instance string a( string A_0) cil managed

{

      // Code Size: 44 byte(s)

      .maxstack 5

      .locals (

            [ mscorlib] System.Text.ASCIIEncoding encoding1,

            [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: nop

      L_0001: newobj instance void [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: .ctor()

      L_0006: stloc.1

      L_0007: newobj instance void [ mscorlib] System.Text.ASCIIEncoding:: .ctor()

      L_000c: stloc.0

      L_000d: ldloc.0

      L_000e: ldloc.1

      L_000f: ldloc.0

      L_0010: ldarg.0

      L_0011: ldarg.1

      L_0012: callvirt instance string c:: b( string)

      L_0017: callvirt instance unsigned int8[] [ mscorlib] System.Text.Encoding:: GetBytes( string)

      L_001c: ldc.i4.0

      L_001d: callvirt instance unsigned int8[] [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: Encrypt( unsigned int8[], bool)

      L_0022: callvirt instance string [ mscorlib] System.Text.ASCIIEncoding:: GetString( unsigned int8[])

      L_0027: stloc.2

      L_0028: br.s L_002a

      L_002a: ldloc.2

      L_002b: ret

}

 

评价: 还是和源代码基本上一样…我不知道把这种东西给我们有什么意思

 

2.      XeonCode MSIL

.method private instance string x246b032720dd4c0d( string x96c91b85a03f00b0) cil managed

{

      // Code Size: 105 byte(s)

      .maxstack 6

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: ldstr "/uec3b/uf2fa/ufa06/u0102/u0803/u0efc/u15fb/u1cf8/u23f8/u2b25/u3220/u391a/u401d/u471b/u4e1b/u5520/u5c10/u630e/u6a09/u7114"

      L_0005: ldc.i4 281144282

      L_000a: call string x2715eff98365d956.x1110bdd110cdcea4:: _d574bb1a8f3e9cbc( string, int32)

      L_000f: call string string:: Intern( string)

      L_0014: stloc.3

      L_0015: ldarg.1

      L_0016: callvirt instance int32 string:: get_Length()

      L_001b: stloc.1

      L_001c: ldc.i4.0

      L_001d: stloc.s num3

      L_001f: br.s L_0043

      L_0021: stloc.s text3

      L_0023: ldloc.s num3

      L_0025: br.s L_0030

      L_0027: ldc.i4.s 20

      L_0029: blt.s L_0038

      L_002b: ldc.i4.0

      L_002c: stloc.s num3

      L_002e: br.s L_0038

      L_0030: ldc.i4.1

      L_0031: add.ovf

      L_0032: stloc.s num3

      L_0034: ldloc.s num3

      L_0036: br.s L_0027

      L_0038: ldloc.2

      L_0039: ldc.i4.1

      L_003a: add.ovf

      L_003b: stloc.2

      L_003c: ldloc.2

      L_003d: ldloc.s num4

      L_003f: ble.s L_004c

      L_0041: br.s L_0066

      L_0043: ldc.i4.0

      L_0044: ldloc.1

      L_0045: ldc.i4.1

      L_0046: sub.ovf

      L_0047: stloc.s num4

      L_0049: stloc.2

      L_004a: br.s L_003c

      L_004c: ldloc.s text3

      L_004e: ldarg.1

      L_004f: ldloc.2

      L_0050: ldc.i4.1

      L_0051: callvirt instance string string:: Substring( int32, int32)

      L_0056: ldloc.3

      L_0057: ldloc.s num3

      L_0059: ldc.i4.1

      L_005a: callvirt instance string string:: Substring( int32, int32)

      L_005f: call string string:: Concat( string, string, string)

      L_0064: br.s L_0021

      L_0066: ldloc.s text3

      L_0068: ret

}

 

.method private instance string x2a0cb95ab84ba877( string x5b3e4cba383dedd9) cil managed

{

      // Code Size: 39 byte(s)

      .maxstack 6

      .locals (

            [ mscorlib] System.Text.ASCIIEncoding encoding1,

            [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: newobj instance void [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: .ctor()

      L_0005: stloc.1

      L_0006: newobj instance void [ mscorlib] System.Text.ASCIIEncoding:: .ctor()

      L_000b: stloc.0

      L_000c: ldloc.0

      L_000d: ldloc.1

      L_000e: ldloc.0

      L_000f: ldarg.0

      L_0010: ldarg.1

      L_0011: callvirt instance string x9324a7f62e6a3ae4.xaa4f033827d75b4d:: x246b032720dd4c0d( string)

      L_0016: callvirt instance unsigned int8[] [ mscorlib] System.Text.Encoding:: GetBytes( string)

      L_001b: ldc.i4.0

      L_001c: callvirt instance unsigned int8[] [ mscorlib] System.Security.Cryptography.RSACryptoServiceProvider:: Encrypt( unsigned int8[], bool)

      L_0021: callvirt instance string [ mscorlib] System.Text.ASCIIEncoding:: GetString( unsigned int8[])

      L_0026: ret

}

 

评价: 有点花指令,不过在MSIL的状态下,源码的逻辑尽显无疑,也可以畅读一番,不太理想

 

3.      MaxtoCode MSIL

 

.method private instance string Encrypt( string inStr) cil managed

{

}

 

.method private instance string Register( string instr) cil managed

{

}

 

  评价: 依然无法看到代码,那怕是较底层的MSIL也无法看见.这下应该安全了.

 

以上的比较让您更清楚谁对您的知识产权保护更完美了吧。

排除代码层面上的因素，我们再看看其它方面吧。

待续。。。