问题描述
我想知道一些软件如何隐藏秘密密钥,使得它们不能被轻易地发现。只是几个例子:
- DVD播放器软件隐藏CSS键
- 带有序列号/注册的软件代码隐藏用于验证序列号的键/哈希值
显然,这些程序做的不仅仅是一个字节中的键[ ],因为这样可以轻松窃取他们的密钥并生成自己的序列号等。
使用什么策略来隐藏这些密钥,以便他们可以
这些密钥被轻易发现的原因是因为它们被隐藏在软件中。 p>
不惜一切代价在软件中隐藏秘密 - 混淆只会让你到目前为止。问问自己:如何从一个完全访问反汇编,用户模式和内核模式调试器的人的软件中隐藏一个密钥,而不是日常工作?这只是一个时间的问题才能破解。
I've wondered for some time how some software hides secret keys in such a way that they can't be trivially discovered. Just a few examples:
- DVD Player Software hides CSS keys
- Software with serial numbers/registration codes hides keys/hashes used to validate the serial numbers
Obviously, these programs do something more than just have the key in a byte[], as that would make it easy to steal their keys and generate your own serial numbers, etc.
What sorts of strategies are used to hide these keys so that they can't be found easily?
The reasons those secret keys were so easily discovered is because they were hidden in software.
Avoid hiding secrets in software at all cost - obfuscation will only get you so far. Ask yourself this: How well can I hide a key in software from someone with full access to the disassembly, user mode and kernel mode debuggers, and no day job? It's only a matter of time before it gets cracked.
这篇关于如何在代码中隐藏秘密密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!