0

I have a C code project, I want to use .so lib to verify certificate for valid.

I know there is a way to crack .so file by using below tools:

1.IDA_Pro_v6.8_and_Hex-Rays_Decompiler_

2.WinHex

3.ARM_ASM

enter image description here

enter image description here

enter image description here

so, in my opinion, the .so is not a good way to encrypt key verify code.

so is there any good way to avoid cracking?

EDIT-01

The code will be used by our users in their server, the .so lib is for verifying certificate valid of them, I mean the .so lib may be cracked by hacker. So, I am looking for a way to avoid crack.

244boy
  • 935
  • 2
  • 6
  • 8
  • 1
    You can always decode a Binary…. So what is the issue? – LvB Jul 15 '21 at 14:56
  • 3
    If the attacker controls machine there's nothing more you can do. Sure, you can obfuscate it, to make it harder, but ultimately an attacker that controls the execution of a piece of software can change how it executes. – vidarlo Jul 15 '21 at 16:14
  • 1
    If you know that the library will be a potential attack target why do you dynamically link your program to it? Make everything one large static binary executable. Additional self-tests, anti-debugging measures and obfuscation can make binary manipulation a little bit harder. – Robert Jul 15 '21 at 17:28
  • Are you verifying the certificate validity for yourself, or for the user of the software? If the second, it doesn't matter if they manipulate the library (.so) (or even swap it out for a dummy version). If the first, yes, writing software that serves multiple parties interests (yours and theirs) at the same time is hard. – Slartibartfast Jul 16 '21 at 02:22
  • @Slartibartfast Check my edit. I want to avoid user to crack our software. – 244boy Jul 16 '21 at 07:34
  • why you say it doesn't matter if they manipulate the library(.so)? – 244boy Jul 16 '21 at 07:35
  • @244boy It's impossible. If there was a way to prevent software being cracked, that worked 100% of the time, there would be no cracked software. –  Jul 16 '21 at 09:41
  • @244boy DRM is hard, and costs a lot of money. I think there are companies that will sell you their software for doing this, but I'll point out that by doing this, you are entering into an adversarial relationship with your customers... perhaps not ideal. – Slartibartfast Jul 23 '21 at 04:40

0 Answers0