PC Review


Reply
Thread Tools Rating: Thread Rating: 1 votes, 1.00 average.

how to protect code

 
 
--== Alain ==--
Guest
Posts: n/a
 
      26th Dec 2006
Hi,

Using the .NET reflector tool, i know that a DLL or EXE developed in
..NET platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET
reflector to decompile your code or at least to avoid people to see
clearly the code of you DLL or EXE ?

thanks a lot,
Al.
 
Reply With Quote
 
 
 
 
Bruno van Dooren [MVP VC++]
Guest
Posts: n/a
 
      26th Dec 2006
> Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
> platform can be decompiled and therefore code is available for all.
>
> I would like to know if exist a way how to avoid tools like .NET reflector
> to decompile your code or at least to avoid people to see clearly the code
> of you DLL or EXE ?


Do a search for dotNET obfuscator or .NET obfuscator.
The community edition of this tool is included with Visual Studio I think.
The goal of this tool is to make your code as unreadable as possible, for
example by replacing all variable names with variations of a, A, aA, Aa and
doing the same for method names etc.

Of course you have to ask yourself: 'is it necessary?'. If your code does
not contain trade secrets of special algorithms, it might not be worth it.

Being able to decompile assemblies can be useful for developers for finding
out what an assembly is exactly doing. This can be very valuable during a
debugging session.

--

Kind regards,
Bruno van Dooren
(E-Mail Removed)
Remove only "_nos_pam"


 
Reply With Quote
 
 
 
 
Bruce
Guest
Posts: n/a
 
      26th Dec 2006
Bruno van Dooren [MVP VC++] wrote:

> Of course you have to ask yourself: 'is it necessary?'. If your code does
> not contain trade secrets of special algorithms, it might not be worth it.
>
> Being able to decompile assemblies can be useful for developers for finding
> out what an assembly is exactly doing. This can be very valuable during a
> debugging session.
>



Bruno,

I have an assembly that implements the Garmin Protocol. I am planning
on selling this assembly. The protocol can be very complicated. I
would not want someone to reverse engineer my code and just build their
own assembly. Don't you think it is worth obfuscating it?



--
Bruce E. Stemplewski
GarXface OCX and C++ Class Library for the Garmin GPS
www.stempsoft.com
 
Reply With Quote
 
Tom Walker
Guest
Posts: n/a
 
      27th Dec 2006
> I have an assembly that implements the Garmin Protocol. I am planning on
> selling this assembly. The protocol can be very complicated. I would not
> want someone to reverse engineer my code and just build their own
> assembly. Don't you think it is worth obfuscating it?


Microsoft Research has a non-obfuscated .NET assembly that can be used to
download data from a Garmin device. I'm not sure if it supports uploading
to a Garmin device. It is available here:
http://www.wwmx.org/Download.aspx
After installing the TrackDownload application you will have an assembly
named Microsoft.GPS.GarminDevice.dll in your Program Files. Take a look at
it using Reflector. You might not need to write your own assembly.

 
Reply With Quote
 
Bruno van Dooren [MVP VC++]
Guest
Posts: n/a
 
      27th Dec 2006
>> Of course you have to ask yourself: 'is it necessary?'. If your code does
>> not contain trade secrets of special algorithms, it might not be worth
>> it.
>>
>> Being able to decompile assemblies can be useful for developers for
>> finding out what an assembly is exactly doing. This can be very valuable
>> during a debugging session.
>>

> I have an assembly that implements the Garmin Protocol. I am planning on
> selling this assembly. The protocol can be very complicated. I would not
> want someone to reverse engineer my code and just build their own
> assembly. Don't you think it is worth obfuscating it?


In this case, yes.
An implementation of a complex algorithm is certainly worth protecting.

But a lot of assemblies do not need it. For example, Using Lutz reflector,
you can view the CLR assemblies in decompiled C# code.
This is extremely useful if you get weird exceptions, or have security
problems etc.
Because it allows you -the developer- to see exactly what's going on.
So there is a case for not obfuscating too.

--

Kind regards,
Bruno van Dooren
(E-Mail Removed)
Remove only "_nos_pam"


 
Reply With Quote
 
--== Alain ==--
Guest
Posts: n/a
 
      27th Dec 2006
Hi Bruno,

What about people who develop assemblies and would like to sell them ?
if everybody is able to look into their code, the patents costs have not
value and it becomes more an open source.

I'm very surprised that MS allow open source for developing and by the
way, it means to make the market to open source.

There is really no way to protect my assembly code from being
duplicated/copied ?

Al.

Bruno van Dooren [MVP VC++] wrote:
>> Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
>> platform can be decompiled and therefore code is available for all.
>>
>> I would like to know if exist a way how to avoid tools like .NET reflector
>> to decompile your code or at least to avoid people to see clearly the code
>> of you DLL or EXE ?

>
> Do a search for dotNET obfuscator or .NET obfuscator.
> The community edition of this tool is included with Visual Studio I think.
> The goal of this tool is to make your code as unreadable as possible, for
> example by replacing all variable names with variations of a, A, aA, Aa and
> doing the same for method names etc.
>
> Of course you have to ask yourself: 'is it necessary?'. If your code does
> not contain trade secrets of special algorithms, it might not be worth it.
>
> Being able to decompile assemblies can be useful for developers for finding
> out what an assembly is exactly doing. This can be very valuable during a
> debugging session.
>

 
Reply With Quote
 
Ben Voigt
Guest
Posts: n/a
 
      27th Dec 2006

"--== Alain ==--" <(E-Mail Removed)> wrote in message
news:ugy$(E-Mail Removed)...
> Hi Bruno,
>
> What about people who develop assemblies and would like to sell them ?
> if everybody is able to look into their code, the patents costs have not
> value and it becomes more an open source.


Patents are based on disclosure, not secrecy.

>
> I'm very surprised that MS allow open source for developing and by the
> way, it means to make the market to open source.
>
> There is really no way to protect my assembly code from being
> duplicated/copied ?


Sure... keep it to yourself, load it inside hardware where the user can't
see it, etc. Running on a user's general purpose computer essentially
guarantees them access to the code in some language or other (even optimized
"native" code can still be easily understood with the right tools).

>
> Al.
>
> Bruno van Dooren [MVP VC++] wrote:
>>> Using the .NET reflector tool, i know that a DLL or EXE developed in
>>> .NET platform can be decompiled and therefore code is available for all.
>>>
>>> I would like to know if exist a way how to avoid tools like .NET
>>> reflector to decompile your code or at least to avoid people to see
>>> clearly the code of you DLL or EXE ?

>>
>> Do a search for dotNET obfuscator or .NET obfuscator.
>> The community edition of this tool is included with Visual Studio I
>> think.
>> The goal of this tool is to make your code as unreadable as possible, for
>> example by replacing all variable names with variations of a, A, aA, Aa
>> and doing the same for method names etc.
>>
>> Of course you have to ask yourself: 'is it necessary?'. If your code does
>> not contain trade secrets of special algorithms, it might not be worth
>> it.
>>
>> Being able to decompile assemblies can be useful for developers for
>> finding out what an assembly is exactly doing. This can be very valuable
>> during a debugging session.
>>



 
Reply With Quote
 
Bruno van Dooren [MVP VC++]
Guest
Posts: n/a
 
      27th Dec 2006
> What about people who develop assemblies and would like to sell them ?
> if everybody is able to look into their code, the patents costs have not
> value and it becomes more an open source.


No, because the customer is not allowed to to use your patents..

> I'm very surprised that MS allow open source for developing and by the
> way, it means to make the market to open source.


This has nothing to do with open source. First of all, open source is about
sharing and distribution of source code.
You distribute a binary. Sure, the end user can decompile it, but it does
not contain any comments. The code is also machine generated, so it might
not look exactly like the original.
And I doubt that you are allowed to distribute the decompiled sources, since
you do not have a license agreement, and it is a direct derivative of the
binary assembly.

For the majority of assemblies, a vendor gains nothing from obfuscating the
assemblies. Don't you think Microsoft would have obfuscated the CLR
assemblies otherwise?

> There is really no way to protect my assembly code from being
> duplicated/copied ?


Yes there is. Use a .NET obfuscator.
It is not perfect, but native code has the same problem.
It is perfectly possible (though a bit harder) to decompile machine code
from dlls or exes.

--

Kind regards,
Bruno van Dooren
(E-Mail Removed)
Remove only "_nos_pam"


 
Reply With Quote
 
Banned
Join Date: Nov 2009
Posts: 79
 
      22nd Jul 2011
Sure, you need to obfuscate your .net assemblies. Obfuscation changes your code in various ways (renaming, flow obfuscation, string hiding) so that even if decompilers are able to view your code, it would not make sense. Have a look at Crypto Obfuscator for protection your assemblies.
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to protect desired area of workbook and protect code. avveerkar Microsoft Excel Discussion 4 13th Jan 2006 03:44 AM
Can protect worksheet then workbook but not Protect and Share in code ctmom@comcast.net Microsoft Excel Programming 5 9th Aug 2005 03:26 PM
Lock and protect cells without protect the sheet Christian Microsoft Excel Programming 6 28th Dec 2004 05:50 PM
Excel - protect sheet vs. protect workbook =?Utf-8?B?RGlydGJ5a2VEaXZh?= Microsoft Excel Misc 3 1st Sep 2004 02:10 AM
Protect a paragraph or Field like 'protect section' Sandeep Sharma Microsoft Word Document Management 3 6th Feb 2004 11:54 AM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 02:04 AM.