Hi,
I have a requirement to 'wrap' an EXE file so it cannot be accessed by unathorized user. I have created a simple application which stores username database and generate Log. I have thought to decrypt the EXE through my application, so it can only be accessed through my application and encrypt it right away when the user logs-off from my application. That way the EXE will not be able to be accessed without my Application. unfortunately, I do not know how to do this. I've used ClassMD5.getHash function to encrypt/decrypt password into database, but I'm afraid it cannot be used to encrypt EXE since it only hold String. *the EXE file itself is 3,7MB and I do not have the source code.
do you guys know a way to encrypt/decrypt the EXE without third-party program?
or maybe you guys have thought of an alternative way, such as: create windows user? folder permission , etc
Wrap an EXE file
Subscribe to:
Post Comments (Atom)
6 comments:
Simply use Rijndael (AES) to encrypt and decrypt binary values.
An exe is just binary code. Encrypt at rest with key and password. Decrypt
with key and password at runtime.
There are exampled allll over the intertubes. GIYF.
BTW MD5 is NOT an encryption function -- it's a *ONE-WAY* hashing algorithm.
You're never meant to "decrypt" the output, and when you're able to do so,
it's typically due to flaws in the algorithm, making said algorithm useless.
Major security hole...what happens if the user kills the process that
runs your application? They have access to the application that you
are "wrapping."
Can the application that needs to be "wrapped" be modified? In other
words, do you have access to the source code? If so, it would be
better to modify the application to support users logging in with an
authentication mechanism that you provide.
Give us a little background on why the application is being
"wrapped." Maybe you are trying to hammer in a nail with a sledge
hammer. If you are simply wanting to restrict access to an
executable, why not utilize Windows and set advanced permissions on
the file, only allowing access to the users that need access to it.
No coding required.
Major security hole...what happens if the user kills the process that
runs your application? They have access to the application that you
are "wrapping."
Can the application that needs to be "wrapped" be modified? In other
words, do you have access to the source code? If so, it would be
better to modify the application to support users logging in with an
authentication mechanism that you provide.
Give us a little background on why the application is being
"wrapped." Maybe you are trying to hammer in a nail with a sledge
hammer. If you are simply wanting to restrict access to an
executable, why not utilize Windows and set advanced permissions on
the file, only allowing access to the users that need access to it.
No coding required.
Ecryption is one possibility, but I think what would be better is to
make use of Roles and Membership, as you can restrict access to the
exe file by setting the correct permissions to each user, and on the
exe itself.
Hope this helps
Major security hole: *"if the user kills the process that runs my
application"*
I was hoping I can encrypt it back by simply calling the method in
Form1_FormClosed()
but I haven't even got to that part yet.
Unfortunately not, I do not have access to the source code.
is there a way that I can set them (Windows Permission) onto 'locked' or
something like that in windows/command prompt that I can automize and
integrate in my codes?
The procedures want it that only my application opens the 'to-be-wrapped'
application, and no access to the 'wrapped' application, also without
further interaction from the user toward the file.
*"Maybe you are trying to hammer in a nail with a sledge hammer."*
I'm afraid you might be right about this part that's why I'm very open to a
much simpler solution. So far I'm trying to 'sabotage' other files intead,
the dlls, the dependencies file of that 'to-be-wrapped' application.
Post a Comment