.NET Application Protection
4.5 (3 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
141 students enrolled
Wishlisted Wishlist

Please confirm that you want to add .NET Application Protection to your Wishlist.

Add to Wishlist

.NET Application Protection

Prevent hackers from stealing your applications
4.5 (3 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
141 students enrolled
Last updated 4/2017
English
Curiosity Sale
Current price: $12 Original price: $50 Discount: 75% off
30-Day Money-Back Guarantee
Includes:
  • 1 hour on-demand video
  • 22 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand how a .NET applications can be hacked.
  • Implement several techniques to protect your .NET applications.
  • Create a hardware Key protection key protection for your applications
  • Learn how to implement online activation to your applications
  • Understand and apply code obfuscation
View Curriculum
Requirements
  • Basic level of .NET programming
Description

Overview:

This course aims to Introduce .NET programmers to the main concepts of application hacking, and what they can do to add a protection layer for their applications in order to prevent or decrease the possibility of hacking their applications.

Part 1  : 

we will have a brief introduction about .NET programming and about the security limits that it contains, and we will cover why .NET applications can be easily hacked, also we will introduce you to our sample application that we will use in this course to apply our labs on.

Part 2 :
we will cover the steps that a hacker goes into while he tries to hack an application.

1-Code Decompilation or reverse engineering.

2-Code analysis.

3-Alter and rebuild a hacked version.

and we will show each step alone in a special lecture ,applying each on our sample application. 

Part 3 :

We will cover application protection techniques from both sides :

Copy protection and code protection.

Then we will cover 2 of the main copy protection techniques :

1- Hardware dependent copy protection , we will show you how to create a hardware id that users will use to register your application, in a way if your application is copied to another computers , then it will not work.

2-Online activation technique, we will show you how to make your application contact another server which must be online to be registered, we will simulate this technique by using SQL server database and a small application to manage.

3-And in the bonus section we will have an overview of an advanced copy protection technique which is Asymmetric encryption protection with license file.

Then after applying copy protection , we will show you how to protect you source code from reverse engineering by obfuscating the source code.

After applying each protection technique we will test our application to see how everything is working great.

Also we will see how to merge assemblies using ILMerge tool , and we will apply assembly signing and we will learn how can it improve our application security.

This course is for beginners to introduce them to the world of Application hacking and protection.

It's the first step for any programmer or computer scientist who need to know about application hacking and protection.


Who is the target audience?
  • Programmers who want to know how to protect their applications before publishing.
  • Security Admins who like to enter the field of application protection.
  • Software owners who need to have a full understanding about protecting their software.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
30 Lectures
01:03:42
+
Introduction
4 Lectures 06:51

This course will be divided into two main parts :

The first part will discuss the concept of hacking applications

In the second part, we will discuss the concept of protecting applications.

Preview 00:49


1-web, mobile and enterprise applications are mostly being programmed in .NET

Also, .Net is being used in developing traditionally native software such as scientific, engineering and other intensive Network and graphic processing applications.

2-The main Disadvantage of .net is the security hole that it contains. 

3-Why .NET can be easily hacked ?

Being a managed language distributed as an intermediate-level byte code, .NET is highly susceptible to reverse engineering and tampering attacks. 

Preview 02:26

1-The fact is that achieving 100 % protection for your applications is almost impossible.

2- Number 2 facts says, if Achieving 100 % protection is somehow impossible, this does not mean to distribute your applications with no protection.

3-Software protection and hacking are always in a challenge, what we must achieve is a type of protection that makes the application harder to be hacked and away of amateur and unprofessional hackers, this the first point, the second point is to protect your application from totally being stolen, in which if somebody hacked your application they will not be able to distribute a damaged or altered version of it.

Protection is unmet challenge
01:37

In this lecture we will explain a little bit about the sample application that we are going to use in this course in our testing labs.

But before we start and as an introductory note:

In this course we will use VB.net as our programming language, but the concepts we are talking about here in this course, are divided into two categories, some are general to all programming languages and some are specific only for .net framework.

So even if you are working with other programming languages you will find something that will help you here in our course.

Preparing our example application
01:59

Section 1 Quize
4 questions
+
Application Hacking Techniques
4 Lectures 17:09

In this lecture we will describe the 3 steps of hacking an application.


    1. The first step is Source code recovery
    2. The second step is Code analysis and comprehension 
    3. The third step is Altering and rebuilding the application


      Preview 01:32

      In this session: we will go into the first step and we will show you how to decompile a .NET application and get its source code. As we said there are many tools hackers use to achieve this job and many are free.

      In our lab we will use .NET Reflector as our decompiling tool.


      Step 1 : Code Decompilation
      03:57

      In the previous session we showed you how you can get the source code out of a .NET application very easily using .Net Reflector.

      In this session we will go into the second step which is the process of analyzing the code to find valuable information or some vulnerability  that we can use to hack the application. But before that we are going to create a simple serial number protection for our application to see how code analysis will help hackers to detect and break the protection

      Step 2 : Code Analysis
      05:59

      In the last session we discussed the code analysis process and we implemented a small lab and showed how it works.

      The last step is altering process and rebuilding a hacked version of the application.

      We will show two different ways a hacker may use to regenerate the application: the first way is altering the serial number, and regenerating another serial number.

      The second way is to remove the security code in our application and rebuild a full registered version that doesn’t implement any security. 

      Before we start , you must now that .Net reflector and  other  decompilers by default don’t have the ability to alter the source code and save it , to do that we must install an addon called reflexeal .

      Reflexeal allows you to alter the code and save it even without rebuilding the application , we will see how to do that in this Lecture

      Preview 05:41

      Section 2 Quize
      5 questions
      +
      Protecting our Application
      2 Lectures 03:29

      Okay now we will start discussing the main part of this course which is:

      Protecting our .NET applications

      Before we start, you must know an important point.

      Any application has two protection types, the first type is code protection which is defending

      from reverse engineering and decompilation,and the second type is copy protection.

      Application copy protection means that if someone had your application legally,how to prevent him from selling or distributing your application to others illegally.

      we will implement a lab to demonstrate this issue.






      Preview 01:52

      In this session we will discuss different techniques used to implement copy protection.

      Maybe there is many techniques used in this field, in this course we will discuss the main 5 techniques and we will implement a lab on each one.

      The technique that we are going to learn are : 

      1. Hardware Dependent Key protection
      2. Online activation
      3. Asymmetric Key protection (License File)







      Copy Protection Techniques
      01:37
      +
      Hardware Dependent Key Protection
      7 Lectures 15:05

      In this lecture we will have an overview about the Hardware Dependent Key protection

      Overview
      00:53

      In this lecture we will implement the File Encryption and decryption file , and we will generate our license file that will hold the registration state of the application.

      Preview 03:13

      Now we will create our application registration form that will be used by the user to register the application.

      Step 2 : Creating the registration form
      02:32

      In this lecture we will create the Generate hardware ID Method that will generate a unique hardware ID for the computer running the application .

      The Method code is found in the resources of this lecture, also i added a brief explanation of WMI that is used in the Generation process.

      And i added a simple application that can help you in using WMI to Generate your custom hardware ID.


      Step 3 : Generating the Hardware ID
      02:52

      Now we will add the main 2 methods , The TryRegister() Method that is responsible for registering the application if the User serial number was correct.

      and the second method is the Validation method that is used to validate if the application is registered by reading the Encrypted License File. 

      Both methods are attached to the resources of this lecture.

      Step 4 : Registration and Validation methods
      02:54

      In this lecture we will develop a small application that will help us in generating serial numbers for users.

      The source code of the application is in the resources of this lecture.

      Step 5 : Creating the Serial number generator
      01:31

      Now after we finished the process, we will test the application protection in this lecture

      Step 6 : Testing our protection
      01:10
      +
      Online Activation Protection
      7 Lectures 10:51

      Before we implement the Online activation method, we will have an overview in this lecture

      Overview
      00:58

      Before we start implementing the online validation technique and as we said before we are going to move the copy protection code to a separate library , this helps if you have multiple applications that you want to apply the protection on.and in this course we are showing you this in order to have an idea of different scenarios.



      Preview 02:35

      In this lecture we will create the database that will hold the registration information of our application, this database will be mssql. and its a simulation for our central server.

      Step 1 : Creating the database
      01:33

      Now we will implement the interface that will manage the database created before, so we can add ,delete , update the records in the database.

      Step 2 : Creating the Activate Server manager
      01:53

      In this lecture we will implement the method that will validate the application info entered by the user .

      Step 3 : Creating the Online registration Method
      01:40

      Now we will modify the registration form to be suitable with our new registration method.

      Step 4 : Modifying the registration Form
      00:33

      After we finished implementing our online copy protection technique we will test our application now.

      Step 5 : Testing our protection
      01:39

      Quiz
      3 questions
      +
      Code protection
      3 Lectures 05:20

      After we have implemented copy protection for our application, now we want to implement code protection, because as we explained in section 2, if the application is not code protected then it can be very easily hacked.

      To protect our code we use a method called Obfuscation.

      Obfuscation makes the assemblies and the executable unreadable with Decompiling tools that we explained before in section 2 , there are several obfuscation tools available and some are free,

      Here is a list of some Obfuscators that you can use: 

      DotFuscator. This can be integrated with visual studio in the build process, and have a community edition which is free.

      Obfuscar:

      This is a powerful Obfuscator with the advantage of being open source

      Euzfuscator: this is a very powerful Obfuscator and it has many advanced techniques like renaming, string encryption, unreadable characters and many others, but the main drawback that is not free

      Confuser

      This also a good obfuscator that you can use , its free and open source, we will use confuser in this course to protect our code


      Code Protection - Overview
      01:17

      Welcome again,

      Merging assemblies is a very important step before code obfuscation,

      Firstly, what we mean by merging assemblies


      is to merge sensitive License related assemblies into you main executable

      But why we must do that, and not obfuscate each alone?

      Simply, because when we obfuscate an assembly, the public APIs of that assembly must remain unobfuscated


      so they can be used by other assemblies, thus the obfuscation will be less effective if we keep the sensitive assemblies separate from the main executable.

      How to merge assemblies

      For assembly merging we will use


      Microsoft IL Merge tool  which is command line free tool used to perform .Net assembly merging

      You can download IL merge from the link attached to this lecture or you can download the

      zipped file of the application  that I attached too ,also I put another GUI version of IL Merge that will make the process easier

      As a small note, to make the assembly merge effective , we will use the

      Press

      /internalize flag in IL merge which will make the public APIs in the merged assembly internal so they will be obfuscated too.

       

      Okay let’s now merge our assemblies in our application to prepare them for obfuscation.

      Merging assemblies
      02:25

      let's now protect our code by applying code obfuscation on our application source code.

      Protecting our code using obfuscation
      01:38

      Quiz
      2 questions
      +
      Bonus Section
      3 Lectures 04:57

      As we said before we will have an overview about Asymmetric key protection technique .

      but we will not apply it since its out of the level of this course, it is an advanced topic.

      Technique 3 : Asymmetric key protection technique - Overview
      02:06

      In this lecture we will explain what is signing assemblies and how to apply on our application assemblies.

      Strong Naming and signing assemblies
      01:32

      As a summary of our course :

      We had a small introduction about .NET programming and security


      We learned how hackers can hack your application by explaining  the three steps application  hacking process then we learned how we can implement both code and copy protecting for our applications.

      And the last lecture was an implementation to a secured trial version of our application


      This course is for beginners in this field, and a way to introduce you to the world of application hacking and protection.

      Just as a small recommendation , when you want to protect your application  , be accurate in selecting the best type of protection that ensures security but in the same time you must think of users using your application , you must make it simple and easy for them ,and don’t forget that developing a free version of your application will always be a good way to decrease your application hacking risk in one side , and in the other it’s a good advertising for you full or enterprise version of you application.


      Summary and recommendations
      01:19
      About the Instructor
      Hassan Aboul hassan
      4.1 Average rating
      102 Reviews
      7,306 Students
      6 Courses
      Computer scientist

      The most thing that I don't love to do, is talking about myself, but here in udemy I am obliged to do, I fell in love with computers when I was 8 yeas old, I made a full windows installation at 9.I tried my best to learn topics related to computers as much as I can, I learned programming, network and server administration, Hacking and security, computer maintenance, virtualization, Linux and even adobe and Autodesk graphic and design products.

      All my life is the computer , until the day I am writing this biography, I have more than 8 years experience in Network and server administration, more than 6 years in .NET, JAVA, C++ Programming, and of course Database design and administration.

      I used to teach these materials for 4 years in my company until I decided to move  my experience to the world, I teach several free courses on youtube, and now I am releasing high-quality courses here in udemy
      Besides that, I studied psychology, philosophy, and cosmology.Also, I know 3 languages, English, Arabic & Persian.


      I hope that you will learn a lot out of my courses.
      And I will be very glad to help anybody, just contact me I will be with you.


      Qualifications and education

      ★ BS in computer science

      ★ Masters in computer science

      ★ MCSA 2003-2008-2012-2016

      ★ MCSE 2003-2008-2012-2016

      ★ VMware VCP

      ★ VMware VCAP

      ★ Cisco CCNP

      ★ A+,Network+,Security+,Server+

      ★ CEH

      ★ C#,VB,ASP,C++,JAVA 

      ★ SQL Server administration




      * Please note discounts may be slightly higher than advertised amount due to rounding and currency conversion.