Un modo per permettere un minimo di test di un piccolo programma .net senza permettere che sia disassemblato troppo facilmente  potrebbe essere questo:

1)crittografare il file dell’eseguibile (dopo averne salvata una copia di backup oltre al sorgente)

2) caricarlo da un altro programma .net che le decrittografi in memoria e lo passi come array di bytes ad assembly.load  evitando il keypress log tramite una tastiera virtuale

chiaramente non è un modo ottimale in quanto il riavviare la macchina o un fatal error dello stesso programma comporta l’interruzione dell’esecuzione però può essere utile per testarlo rispetto ad altri software, db , web services non pubblici a cui debba interfacciarsi oppure semplicemente per mostrarne il funzionamento dell’interfaccia ed avere un riscontro.

segue del codice non testato ed ‘as is’ per  seguire questa strada prima di utilizzarlo dovete fare una copia di back up dei file originari:

per prima cosa un bell’esempio di classe per l’uso di  crittografia simmetrica in .net:

//    This sample code is provided “AS IS” with no warranties,
//    and confers no rights.
//
//    ATTENTION: This sample is designed to be more of a
//    tutorial rather than something you can copy and paste in
//    the production code!
//

using System;
using System.IO;
using System.Security.Cryptography;

//
// Sample encrypt/decrypt functions
// Parameter checks and error handling
// are ommited for better readability
//

namespace CryptoFile {
public class EncDec
{
// Encrypt a byte array into a byte array using a key and an IV
public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
{
// Create a MemoryStream to accept the encrypted bytes
MemoryStream ms = new MemoryStream();

// Create a symmetric algorithm.
// We are going to use Rijndael because it is strong and
// available on all platforms.
// You can use other algorithms, to do so substitute the
// next line with something like
//      TripleDES alg = TripleDES.Create();
Rijndael alg = Rijndael.Create();

// Now set the key and the IV.
// We need the IV (Initialization Vector) because
// the algorithm is operating in its default
// mode called CBC (Cipher Block Chaining).
// The IV is XORed with the first block (8 byte)
// of the data before it is encrypted, and then each
// encrypted block is XORed with the
// following block of plaintext.
// This is done to make encryption more secure.

// There is also a mode called ECB which does not need an IV,
// but it is much less secure.
alg.Key = Key;
alg.IV = IV;

// Create a CryptoStream through which we are going to be
// pumping our data.
// CryptoStreamMode.Write means that we are going to be
// writing data to the stream and the output will be written
// in the MemoryStream we have provided.
CryptoStream cs = new CryptoStream(ms,
alg.CreateEncryptor(), CryptoStreamMode.Write);

// Write the data and make it do the encryption
cs.Write(clearData, 0, clearData.Length);

// Close the crypto stream (or do FlushFinalBlock).
// This will tell it that we have done our encryption and
// there is no more data coming in,
// and it is now a good time to apply the padding and
// finalize the encryption process.
cs.Close();

// Now get the encrypted data from the MemoryStream.
// Some people make a mistake of using GetBuffer() here,
// which is not the right way.
byte[] encryptedData = ms.ToArray();

return encryptedData;
}

// Encrypt a string into a string using a password
//    Uses Encrypt(byte[], byte[], byte[])

public static string Encrypt(string clearText, string Password)
{
// First we need to turn the input string into a byte array.
byte[] clearBytes =
System.Text.Encoding.Unicode.GetBytes(clearText);

// Then, we need to turn the password into Key and IV
// We are using salt to make it harder to guess our key
// using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×61, 0×6e, 0×20, 0×4d,
0×65, 0×64, 0×76, 0×65, 0×64, 0×65, 0×76});

// Now get the key/IV and do the encryption using the
// function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting
// 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes)
// and then 16 bytes for the IV.
// IV should always be the block size, which is by default
// 16 bytes (128 bit) for Rijndael.
// If you are using DES/TripleDES/RC2 the block size is
// 8 bytes and so should be the IV size.
// You can also read KeySize/BlockSize properties off
// the algorithm to find out the sizes.
byte[] encryptedData = Encrypt(clearBytes,
pdb.GetBytes(32), pdb.GetBytes(16));

// Now we need to turn the resulting byte array into a string.
// A common mistake would be to use an Encoding class for that.
//It does not work because not all byte values can be
// represented by characters.
// We are going to be using Base64 encoding that is designed
//exactly for what we are trying to do.
return Convert.ToBase64String(encryptedData);

}

// Encrypt bytes into bytes using a password
//    Uses Encrypt(byte[], byte[], byte[])

public static byte[] Encrypt(byte[] clearData, string Password)
{
// We need to turn the password into Key and IV.
// We are using salt to make it harder to guess our key
// using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×61, 0×6e, 0×20, 0×4d,
0×65, 0×64, 0×76, 0×65, 0×64, 0×65, 0×76});

// Now get the key/IV and do the encryption using the function
// that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting
// 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes)
// and then 16 bytes for the IV.
// IV should always be the block size, which is by default
// 16 bytes (128 bit) for Rijndael.
// If you are using DES/TripleDES/RC2 the block size is 8
// bytes and so should be the IV size.
// You can also read KeySize/BlockSize properties off the
// algorithm to find out the sizes.
return Encrypt(clearData, pdb.GetBytes(32), pdb.GetBytes(16));

}

// Encrypt a file into another file using a password
public static void Encrypt(string fileIn,
string fileOut, string Password)
{

// First we are going to open the file streams
FileStream fsIn = new FileStream(fileIn,
FileMode.Open, FileAccess.Read);
FileStream fsOut = new FileStream(fileOut,
FileMode.OpenOrCreate, FileAccess.Write);

// Then we are going to derive a Key and an IV from the
// Password and create an algorithm
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×49, 0×6e, 0×20, 0×4d,
0×65, 0×64, 0×76, 0×65, 0×64, 0×65, 0×76});

Rijndael alg = Rijndael.Create();
alg.Key = pdb.GetBytes(32);
alg.IV = pdb.GetBytes(16);

// Now create a crypto stream through which we are going
// to be pumping data.
// Our fileOut is going to be receiving the encrypted bytes.
CryptoStream cs = new CryptoStream(fsOut,
alg.CreateEncryptor(), CryptoStreamMode.Write);

// Now will will initialize a buffer and will be processing
// the input file in chunks.
// This is done to avoid reading the whole file (which can
// be huge) into memory.
int bufferLen = 4096;
byte[] buffer = new byte[bufferLen];
int bytesRead;

do {
// read a chunk of data from the input file
bytesRead = fsIn.Read(buffer, 0, bufferLen);

// encrypt it
cs.Write(buffer, 0, bytesRead);
} while(bytesRead != 0);

// close everything

// this will also close the unrelying fsOut stream
cs.Close();
fsIn.Close();
}

// Decrypt a byte array into a byte array using a key and an IV
public static byte[] Decrypt(byte[] cipherData,
byte[] Key, byte[] IV)
{
// Create a MemoryStream that is going to accept the
// decrypted bytes
MemoryStream ms = new MemoryStream();

// Create a symmetric algorithm.
// We are going to use Rijndael because it is strong and
// available on all platforms.
// You can use other algorithms, to do so substitute the next
// line with something like
//     TripleDES alg = TripleDES.Create();
Rijndael alg = Rijndael.Create();

// Now set the key and the IV.
// We need the IV (Initialization Vector) because the algorithm
// is operating in its default
// mode called CBC (Cipher Block Chaining). The IV is XORed with
// the first block (8 byte)
// of the data after it is decrypted, and then each decrypted
// block is XORed with the previous
// cipher block. This is done to make encryption more secure.
// There is also a mode called ECB which does not need an IV,
// but it is much less secure.
alg.Key = Key;
alg.IV = IV;

// Create a CryptoStream through which we are going to be
// pumping our data.
// CryptoStreamMode.Write means that we are going to be
// writing data to the stream
// and the output will be written in the MemoryStream
// we have provided.
CryptoStream cs = new CryptoStream(ms,alg.CreateDecryptor(), CryptoStreamMode.Write);

// Write the data and make it do the decryption
cs.Write(cipherData, 0, cipherData.Length);

// Close the crypto stream (or do FlushFinalBlock).
// This will tell it that we have done our decryption
// and there is no more data coming in,
// and it is now a good time to remove the padding
// and finalize the decryption process.
cs.Close();

// Now get the decrypted data from the MemoryStream.
// Some people make a mistake of using GetBuffer() here,
// which is not the right way.
byte[] decryptedData = ms.ToArray();

return decryptedData;
}

// Decrypt a string into a string using a password
//    Uses Decrypt(byte[], byte[], byte[])

public static string Decrypt(string cipherText, string Password)
{
// First we need to turn the input string into a byte array.
// We presume that Base64 encoding was used
byte[] cipherBytes = Convert.FromBase64String(cipherText);

// Then, we need to turn the password into Key and IV
// We are using salt to make it harder to guess our key
// using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×61, 0×6e, 0×20, 0×4d, 0×65,
0×64, 0×76, 0×65, 0×64, 0×65, 0×76});

// Now get the key/IV and do the decryption using
// the function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first
// getting 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes)
// and then 16 bytes for the IV.
// IV should always be the block size, which is by
// default 16 bytes (128 bit) for Rijndael.
// If you are using DES/TripleDES/RC2 the block size is
// 8 bytes and so should be the IV size.
// You can also read KeySize/BlockSize properties off
// the algorithm to find out the sizes.
byte[] decryptedData = Decrypt(cipherBytes,
pdb.GetBytes(32), pdb.GetBytes(16));

// Now we need to turn the resulting byte array into a string.
// A common mistake would be to use an Encoding class for that.
// It does not work
// because not all byte values can be represented by characters.
// We are going to be using Base64 encoding that is
// designed exactly for what we are trying to do.
return System.Text.Encoding.Unicode.GetString(decryptedData);
}

// Decrypt bytes into bytes using a password
//    Uses Decrypt(byte[], byte[], byte[])

public static byte[] Decrypt(byte[] cipherData, string Password)
{
// We need to turn the password into Key and IV.
// We are using salt to make it harder to guess our key
// using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×61, 0×6e, 0×20, 0×4d,
0×65, 0×64, 0×76, 0×65, 0×64, 0×65, 0×76});

// Now get the key/IV and do the Decryption using the
//function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting
// 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes)
// and then 16 bytes for the IV.
// IV should always be the block size, which is by default
// 16 bytes (128 bit) for Rijndael.
// If you are using DES/TripleDES/RC2 the block size is
// 8 bytes and so should be the IV size.

// You can also read KeySize/BlockSize properties off the
// algorithm to find out the sizes.
return Decrypt(cipherData, pdb.GetBytes(32), pdb.GetBytes(16));
}

// Decrypt a file into another file using a password
public static void Decrypt(string fileIn,
string fileOut, string Password)
{

// First we are going to open the file streams
FileStream fsIn = new FileStream(fileIn,
FileMode.Open, FileAccess.Read);
FileStream fsOut = new FileStream(fileOut,
FileMode.OpenOrCreate, FileAccess.Write);

// Then we are going to derive a Key and an IV from
// the Password and create an algorithm
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0×49, 0×76, 0×61, 0×6e, 0×20, 0×4d,
0×65, 0×64, 0×76, 0×65, 0×64, 0×65, 0×76});
Rijndael alg = Rijndael.Create();

alg.Key = pdb.GetBytes(32);
alg.IV = pdb.GetBytes(16);

// Now create a crypto stream through which we are going
// to be pumping data.
// Our fileOut is going to be receiving the Decrypted bytes.
CryptoStream cs = new CryptoStream(fsOut,
alg.CreateDecryptor(), CryptoStreamMode.Write);

// Now will will initialize a buffer and will be
// processing the input file in chunks.
// This is done to avoid reading the whole file (which can be
// huge) into memory.
int bufferLen = 4096;
byte[] buffer = new byte[bufferLen];
int bytesRead;

do {
// read a chunk of data from the input file
bytesRead = fsIn.Read(buffer, 0, bufferLen);

// Decrypt it
cs.Write(buffer, 0, bytesRead);

} while(bytesRead != 0);

// close everything
cs.Close(); // this will also close the unrelying fsOut stream
fsIn.Close();
}
}
}

poi una classe che si frapponga tra la precedente e l’interfaccia per facilitare l’uso di altri esempi:

class MiddleCaller
{

public MiddleCaller()
{

}

public void CallEncrypt(string pathFileInput, string pathFileOutPut, string password)
{
EncDec.Encrypt(pathFileInput, pathFileOutPut, password);
}

public void CallDecrypt(string pathFileInput,string pathFileOutPut,string password) {
EncDec.Decrypt(pathFileInput, pathFileOutPut, password);
}

public byte[] CallDecrypt(string pathInputFile,string password)
{
byte[] b = null;
MemoryStream stream = new MemoryStream();

byte[] cipherData = File.ReadAllBytes(pathInputFile);
b= EncDec.Decrypt(cipherData, password);
return b;
}
}

un form con le necessarie chiamate:

public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

[STAThreadAttribute()]
static void Main()
{
Application.Run(new Form1());

}
private void Form1_Load(object sender, EventArgs e)
{

}

private void button3_Click(object sender, EventArgs e)
{
string input = this.textBox1.Text;
string output = this.textBox2.Text;
string pwd = this.textBox3.Text;
MiddleCaller mc = new MiddleCaller();
mc.CallDecrypt(input, output, pwd);
}

private void button4_Click(object sender, EventArgs e)
{
string input = this.textBox1.Text;
string output = this.textBox2.Text;
string pwd = this.textBox3.Text;
MiddleCaller mc = new MiddleCaller();
mc.CallEncrypt(input, output, pwd);
}

private void button1_Click(object sender, EventArgs e)
{
this.openFileDialog1.ShowDialog();
if (this.openFileDialog1.FileName != null && this.openFileDialog1.FileName != “”)
{
this.textBox1.Text = this.openFileDialog1.FileName;
}
}

private void button2_Click(object sender, EventArgs e)
{
this.saveFileDialog1.ShowDialog();
if (this.saveFileDialog1.FileName != null && this.saveFileDialog1.FileName != “”)
{
this.textBox2.Text = this.saveFileDialog1.FileName;
}
}

private void LoadExecutable(string path)
{
try
{
MiddleCaller mc = new MiddleCaller();
byte[] res = mc.CallDecrypt(path, this.textBox3.Text);
Assembly a = Assembly.Load(res);
Form f = (Form)a.CreateInstance(a.EntryPoint.ReflectedType.FullName);
f.Show();
} catch (Exception ex) {
MessageBox.Show(ex.Message);
}
}

private void button5_Click(object sender, EventArgs e)
{
LoadExecutable(this.textBox1.Text);
}

private void helpToolStripMenuItem_Click(object sender, EventArgs e)
{
//open help form
Help h = new Help();
h.Show();
}

private void button6_Click(object sender, EventArgs e)
{
QwertyForm QF = new QwertyForm();
QF.ShowDialog(this);
string keys = QF.GetPressedKeys(); ;
this.textBox3.Text = keys;
}

private void aboutToolStripMenuItem_Click(object sender, EventArgs e)
{
Help h = new Help();
h.Show();
}
}

ed una qwerty virtuale per eviatar che la password sia catturata da un keypress logger

public partial class QwertyForm : Form
{
ArrayList chars = null;
private string pressedkeys = null;

public QwertyForm()
{
chars = new ArrayList();
InitializeComponent();
}

private void QwertyForm_Load(object sender, EventArgs e)
{
LoadQwerty();
AddButtons();
}
public string GetPressedKeys()
{
return this.pressedkeys;
}
private void LoadQwerty()
{
chars.Add(“Q”);
chars.Add(“W”);
chars.Add(“E”);
chars.Add(“R”);
chars.Add(“T”);
chars.Add(“Y”);
chars.Add(“U”);
chars.Add(“I”);
chars.Add(“O”);
chars.Add(“P”);
chars.Add(“A”);
chars.Add(“S”);
chars.Add(“D”);
chars.Add(“F”);
chars.Add(“G”);
chars.Add(“H”);
chars.Add(“J”);
chars.Add(“K”);
chars.Add(“L”);
chars.Add(“Z”);
chars.Add(“X”);
chars.Add(“C”);
chars.Add(“V”);
chars.Add(“B”);
chars.Add(“N”);
chars.Add(“M”);
}
private void AddButtons()
{
int p = 0;
int k = this.chars.Count;
int posX = 0;
int posY = 0;
int h = 20;
int hAbsolute = 20;
int w = 20;
int offSetX=0;
while (p < k )
{
System.Windows.Forms.Button b = new System.Windows.Forms.Button();
b.Text = this.chars[p].ToString();
b.Height = h;
b.Width = w;
b.Location = new Point(posX, posY);
b.Click += new System.EventHandler(this.button1_Click);

posX = posX + w;
//posY = posY + h;
this.Controls.Add(b);
if (this.chars[p].ToString().Equals(“P”) || this.chars[p].ToString().Equals(“L”))
{
posX = 0;
offSetX=offSetX + (hAbsolute / 2);
posY = posY + h + 5;
posX = posX + offSetX;
}
b = null;
p++;

}
this.Width = w*10 + 5;
this.Height = w * 5 + 5;

}
private void button1_Click(object sender, EventArgs e)
{
Button b = (Button)sender;
pressedkeys = pressedkeys + b.Text;
}
}

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
  • MSN Reporter
  • MyShare
  • MySpace
  • Segnalo
  • StumbleUpon
  • Technorati
  • Twitter
  • Yahoo! Bookmarks
  • Yahoo! Buzz