Making the ZIP only open able by my software

May 11, 2010 at 8:21 AM
I would like to try to make the ZIP openable only by my software. In other words I don't want it opened in winzip, winrar, etc. I also don't want it easily repaired. Do I need to modify the source code? I plan on integrating the source code into my project so I have one less file to distribute. I haven't looked into the code yet. I'm using C#. Thanks! And good job :)
Coordinator
May 11, 2010 at 10:47 AM

DotNetZip makes zip files.

If you want it to make something other than a zipfile, then you have some options:

  • encrypt it, after producing the archive. 
  • simply scramble it - as with a ROT13 transform
  • add some rubbish data bytes to the front of it - this is more of a "data hiding" approach.
  • Don't use DotNetZip

Based on your brief statement of requirements, I don't think it would make sense, for your purposes, to modify DotNetZip.

There is no way to make any file "only openable" by your software.  All software can be reverse-engineered.  Especially if you use .NET.  The best you can hope for is to make it difficult to open a file by other software.  Making a file "not openable by winzip" is easy, using any of the methods I described above.  Making a file "not openable by a determined hacker" is impossible.

As for integrating the source code into your project, in order to avoid the need to distribute a file - I recommend against that, too.  There are better options.

 

 

May 14, 2010 at 12:48 PM

Thanks for your response, Cheeso.

I was thinking about adding a few rubbish bytes to the front of it, just some basic padding. I don't need to "secure it" I just don't want it opened up by common ZIP tools.

Basically, it stores several files used by my program (I would love to explain but NDA :() . I use serialization to write to a memorystream, then save it into the ZIP file. It's not a big deal if they CAN open it in ZIP, but it would be nice to be able to disable that part..

 

Coordinator
May 14, 2010 at 2:02 PM

One way to render it opaque is to compress the zip file itself with DeflateStream or ZlibStream.   Neither of those have clear markers and the bytes will appear to be random to the casual observer.  To unpack you'd need to first decompress with DeflateStream or ZlibStream, then read in the zip file.

if you merely add a few padding bytes, the zip signatures will still be visible. The offsets will be "wrong", so the file won't be readable as-is, by normal zip tools, but a zip-fix tool would have no problem removing the padding and getting the proper offsets.  Compressing or otherwise transforming the data would obscure the zip signatures. 

 

May 15, 2010 at 6:50 AM

If you just pad some bytes in front it, someone might be able to see PK byte in front of the file (using hex viewer or so). The best way I think is to encrypt it, my blog http://www.innosia.com explains how to use windows cryptography (CryptoAPI), you can try it and let me know.