What are protect dll functions with key solutions?

Question

I searched a bit through stackoverflow and can't find the exact examples of approaches of how to prevent someone to use dll.

Consider a dll with some exported function, that creates com-like object:

extern "C" _declspec(dllexport)void factory(void **obj)
{
    Object *object = new Object();
    *obj = object;
}

Obvious idea that comes to mind is to add second argument as a key:

extern "C" _declspec(dllexport)void factory(void **obj, const char *key)
{
    if(strcmp(key, "just a secret here as a const string"))
         return;
    Object *object = new Object();
    *obj = object;
}

But I think it would be extremely easy to decompile it and get the secret. Well, I can manually obfuscate it a bit:

extern "C" _declspec(dllexport)void factory(void **obj, const char *key)
{
    if(key[0] != 256 - 59 || key[1] != sqrt(16) || key[2] != 'g')
         return;
    Object *object = new Object();
    *obj = object;
}

Yet, I think this is also easy to disassembler.

Does anyone one more secure way to license the dll?

_"Does anyone one more secure way to license the dll?"_ - **hold on**: _take a step back_: what is your threat-model? do you have _actionable intelligence_ that makes a solid business-case that DRM is necessary? — Dai, Sep 30 '22 at 18:01
Many applications have licensing systems set up. Most of them license the application and don't worry about any DLLs. This simplifies the licensing process, especially if you have more than one application that shares the DLL. (Think about 3 licenses here: App1, App2 and shared DLL) — Thomas Matthews, Sep 30 '22 at 18:04
@Dai, I'm sorry, maybe I didn't understand the question, but it looks like You asking is there something so important, so I decided to waste the time. — Ngdgvcb, Sep 30 '22 at 18:05
Indeed, the object factory is usually where licensing is enforced in COM. See [the `IClassFactory2` interface](https://learn.microsoft.com/en-us/windows/win32/api/ocidl/nn-ocidl-iclassfactory2) So even though your COM-alike design doesn't use COM interfaces, this agrees with your design decision to put the license check in the factory. (@ThomasMatthews: Have a look at the way COM does it, COM components are indeed licensed) — Ben Voigt, Sep 30 '22 at 18:05
@Ngdgvcb I'm asking **why** you're trying to implement your own DRM. — Dai, Sep 30 '22 at 18:06
@Dai, I rather asking about existing. The reason why I implementing my own is because I do not know about existing — Ngdgvcb, Sep 30 '22 at 18:07
Did you know people can just edit your DLL and delete the checks? They can change if(whatever) to if(false) — user253751, Sep 30 '22 at 18:10
@user253751: Exactly. It isn't necessary to learn any licensing secrets, only to patch over the checking. Although there are some known methods for making that a lot more difficult as well... a fun read is https://www.ign.com/articles/2013/04/29/eight-of-the-most-hilarious-anti-piracy-measures-in-video-games — Ben Voigt, Sep 30 '22 at 18:11
@user253751, yeah, this is the reason why I was asking about the obfuscation method too — Ngdgvcb, Sep 30 '22 at 18:11
@BenVoigt, cool, so do You know how, that COM interface method does it? — Ngdgvcb, Sep 30 '22 at 18:12
@Ngdgvcb: It's a contract, not an implementation. The interface allows the license binary data to be anything. So shared secret is possible, public keypair cryptography is possible, etc. — Ben Voigt, Sep 30 '22 at 18:15
@BenVoigt, You mean it is just a helper interface for COM developers, that they need to implement by they own, with their security technics? — Ngdgvcb, Sep 30 '22 at 18:17
@Ngdgvcb: Yes, the interface leaves the choice of technique up to individual developers. — Ben Voigt, Sep 30 '22 at 18:18

What are protect dll functions with key solutions?

0 Answers0