Resource encryption bug

.NET obfuscator and automated error reporting

Moderators: Luke Jefferson, Alex.Davies, melvyn.harbour

Resource encryption bug

Postby GandalfTheWhite » Thu Sep 30, 2010 4:46 pm

Hey all,

I'm trying Smart Assembly V5.5 Build 153 to protect a silverlight 4 project I'm working on. It seem to be working nice for the most part. The issue I am seeing is that my resource file is not encrypted.

If I load the protected dll file from my xap into Reflector, under the resources area, there are 2 entries (compared to 1 before the protection). 1 is a jumble of binary it looks like but the other resource line shows all my images & xaml files. I am able to view & save all the files onto my desktop, which from what I understand should not be possible.

I also noticed when using SA to protect my xap file, it generates a 2nd AppManifest file with the exact same information as the original file so I now have 2 of them in my xap.

When loading the protected file into reflector, should it state that the object reference is not set to an instance of an object when enabling the fake metadata stream. I'm guessing that is how the option works based on getting that msg in reflector when viewing code protected through .net reactor & some other protector demos I've tried.

I'm not sure if this is an included feature or not, but I noticed my assigned names in my silverlight xaml files do not get renamed after to hide what my cs code is calling.

The product seems nice but unless I am doing something wrong, it appears to have a couple of bugs in it still for silverlight projects. :)
GandalfTheWhite
 
Posts: 2
Joined: Thu Sep 30, 2010 4:23 pm

Postby Brian Donahue » Sat Oct 02, 2010 10:43 am

Please note that you cannot use resource compression/encryption with Silverlight files because the XAML has to correspond to the BAML in the assembly. The root of the issue is Windows Presentation-related. You can find a list of SmartAssembly features that can't be used with silverlight here. Sorry for the inconvenience.
Brian Donahue
 
Posts: 6670
Joined: Mon Aug 23, 2004 10:48 am

Postby GandalfTheWhite » Sat Oct 02, 2010 1:55 pm

Darn ok. Will you guys be updating the program to disable that feature like it has been done with the other features that state they are not usable with silverlight?

In regards to the 2nd AppManifest file being generated, will that be corrected? If I directly read in the silverlight dll file I build, then just the protected version is created. Reading the actual xap file & then building the protected version has the program put 2 AppManifests in the xap file.

For the fake metadata feature, have you been able to verify if it works properly with silverlight because of what I explained above. If that feature has not been setup to work with silverlight yet (compared to .net reactor for instance, which does prevent viewing the file in reflector) will it be fixed to disable itself for silverlight apps?

The last thing, which I didn't mention last time, is there are a few typos when selecting the project options. There are sentences that have words that run into each other instead of having a space between them.
GandalfTheWhite
 
Posts: 2
Joined: Thu Sep 30, 2010 4:23 pm

Postby Alex.Davies » Mon Oct 04, 2010 10:31 am

The second AppManifest was a workaround to a bug in the zipping library that we use. It's harmless and small, so we won't fix it unless the zipping library's underlying bug is fixed.

We're considering removing the fake metadata stream feature altogether because it doesn't provide any protection against the people that matter (crackers and people who want your intellectual property), it only ever stopped the casual observer (usually the developer) seeing inside the assembly.
Alex
Developer,
Red Gate .NET Tools
Alex.Davies
 
Posts: 335
Joined: Tue Dec 02, 2008 12:23 pm
Location: Cambridge, uk


Return to SmartAssembly 5

Who is online

Users browsing this forum: No registered users and 0 guests