how to protect code

Discussion in 'Microsoft VC .NET' started by --== Alain ==--, Dec 26, 2006.

  1. Hi,

    Using the .NET reflector tool, i know that a DLL or EXE developed in
    ..NET platform can be decompiled and therefore code is available for all.

    I would like to know if exist a way how to avoid tools like .NET
    reflector to decompile your code or at least to avoid people to see
    clearly the code of you DLL or EXE ?

    thanks a lot,
    Al.
     
    --== Alain ==--, Dec 26, 2006
    #1
    1. Advertisements

  2. > Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
    > platform can be decompiled and therefore code is available for all.
    >
    > I would like to know if exist a way how to avoid tools like .NET reflector
    > to decompile your code or at least to avoid people to see clearly the code
    > of you DLL or EXE ?


    Do a search for dotNET obfuscator or .NET obfuscator.
    The community edition of this tool is included with Visual Studio I think.
    The goal of this tool is to make your code as unreadable as possible, for
    example by replacing all variable names with variations of a, A, aA, Aa and
    doing the same for method names etc.

    Of course you have to ask yourself: 'is it necessary?'. If your code does
    not contain trade secrets of special algorithms, it might not be worth it.

    Being able to decompile assemblies can be useful for developers for finding
    out what an assembly is exactly doing. This can be very valuable during a
    debugging session.

    --

    Kind regards,
    Bruno van Dooren

    Remove only "_nos_pam"
     
    Bruno van Dooren [MVP VC++], Dec 26, 2006
    #2
    1. Advertisements

  3. --== Alain ==--

    Bruce Guest

    Bruno van Dooren [MVP VC++] wrote:

    > Of course you have to ask yourself: 'is it necessary?'. If your code does
    > not contain trade secrets of special algorithms, it might not be worth it.
    >
    > Being able to decompile assemblies can be useful for developers for finding
    > out what an assembly is exactly doing. This can be very valuable during a
    > debugging session.
    >



    Bruno,

    I have an assembly that implements the Garmin Protocol. I am planning
    on selling this assembly. The protocol can be very complicated. I
    would not want someone to reverse engineer my code and just build their
    own assembly. Don't you think it is worth obfuscating it?



    --
    Bruce E. Stemplewski
    GarXface OCX and C++ Class Library for the Garmin GPS
    www.stempsoft.com
     
    Bruce, Dec 26, 2006
    #3
  4. --== Alain ==--

    Tom Walker Guest

    > I have an assembly that implements the Garmin Protocol. I am planning on
    > selling this assembly. The protocol can be very complicated. I would not
    > want someone to reverse engineer my code and just build their own
    > assembly. Don't you think it is worth obfuscating it?


    Microsoft Research has a non-obfuscated .NET assembly that can be used to
    download data from a Garmin device. I'm not sure if it supports uploading
    to a Garmin device. It is available here:
    http://www.wwmx.org/Download.aspx
    After installing the TrackDownload application you will have an assembly
    named Microsoft.GPS.GarminDevice.dll in your Program Files. Take a look at
    it using Reflector. You might not need to write your own assembly.
     
    Tom Walker, Dec 27, 2006
    #4
  5. >> Of course you have to ask yourself: 'is it necessary?'. If your code does
    >> not contain trade secrets of special algorithms, it might not be worth
    >> it.
    >>
    >> Being able to decompile assemblies can be useful for developers for
    >> finding out what an assembly is exactly doing. This can be very valuable
    >> during a debugging session.
    >>

    > I have an assembly that implements the Garmin Protocol. I am planning on
    > selling this assembly. The protocol can be very complicated. I would not
    > want someone to reverse engineer my code and just build their own
    > assembly. Don't you think it is worth obfuscating it?


    In this case, yes.
    An implementation of a complex algorithm is certainly worth protecting.

    But a lot of assemblies do not need it. For example, Using Lutz reflector,
    you can view the CLR assemblies in decompiled C# code.
    This is extremely useful if you get weird exceptions, or have security
    problems etc.
    Because it allows you -the developer- to see exactly what's going on.
    So there is a case for not obfuscating too.

    --

    Kind regards,
    Bruno van Dooren

    Remove only "_nos_pam"
     
    Bruno van Dooren [MVP VC++], Dec 27, 2006
    #5
  6. Hi Bruno,

    What about people who develop assemblies and would like to sell them ?
    if everybody is able to look into their code, the patents costs have not
    value and it becomes more an open source.

    I'm very surprised that MS allow open source for developing and by the
    way, it means to make the market to open source.

    There is really no way to protect my assembly code from being
    duplicated/copied ?

    Al.

    Bruno van Dooren [MVP VC++] wrote:
    >> Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
    >> platform can be decompiled and therefore code is available for all.
    >>
    >> I would like to know if exist a way how to avoid tools like .NET reflector
    >> to decompile your code or at least to avoid people to see clearly the code
    >> of you DLL or EXE ?

    >
    > Do a search for dotNET obfuscator or .NET obfuscator.
    > The community edition of this tool is included with Visual Studio I think.
    > The goal of this tool is to make your code as unreadable as possible, for
    > example by replacing all variable names with variations of a, A, aA, Aa and
    > doing the same for method names etc.
    >
    > Of course you have to ask yourself: 'is it necessary?'. If your code does
    > not contain trade secrets of special algorithms, it might not be worth it.
    >
    > Being able to decompile assemblies can be useful for developers for finding
    > out what an assembly is exactly doing. This can be very valuable during a
    > debugging session.
    >
     
    --== Alain ==--, Dec 27, 2006
    #6
  7. --== Alain ==--

    Ben Voigt Guest

    "--== Alain ==--" <> wrote in message
    news:ugy$...
    > Hi Bruno,
    >
    > What about people who develop assemblies and would like to sell them ?
    > if everybody is able to look into their code, the patents costs have not
    > value and it becomes more an open source.


    Patents are based on disclosure, not secrecy.

    >
    > I'm very surprised that MS allow open source for developing and by the
    > way, it means to make the market to open source.
    >
    > There is really no way to protect my assembly code from being
    > duplicated/copied ?


    Sure... keep it to yourself, load it inside hardware where the user can't
    see it, etc. Running on a user's general purpose computer essentially
    guarantees them access to the code in some language or other (even optimized
    "native" code can still be easily understood with the right tools).

    >
    > Al.
    >
    > Bruno van Dooren [MVP VC++] wrote:
    >>> Using the .NET reflector tool, i know that a DLL or EXE developed in
    >>> .NET platform can be decompiled and therefore code is available for all.
    >>>
    >>> I would like to know if exist a way how to avoid tools like .NET
    >>> reflector to decompile your code or at least to avoid people to see
    >>> clearly the code of you DLL or EXE ?

    >>
    >> Do a search for dotNET obfuscator or .NET obfuscator.
    >> The community edition of this tool is included with Visual Studio I
    >> think.
    >> The goal of this tool is to make your code as unreadable as possible, for
    >> example by replacing all variable names with variations of a, A, aA, Aa
    >> and doing the same for method names etc.
    >>
    >> Of course you have to ask yourself: 'is it necessary?'. If your code does
    >> not contain trade secrets of special algorithms, it might not be worth
    >> it.
    >>
    >> Being able to decompile assemblies can be useful for developers for
    >> finding out what an assembly is exactly doing. This can be very valuable
    >> during a debugging session.
    >>
     
    Ben Voigt, Dec 27, 2006
    #7
  8. > What about people who develop assemblies and would like to sell them ?
    > if everybody is able to look into their code, the patents costs have not
    > value and it becomes more an open source.


    No, because the customer is not allowed to to use your patents..

    > I'm very surprised that MS allow open source for developing and by the
    > way, it means to make the market to open source.


    This has nothing to do with open source. First of all, open source is about
    sharing and distribution of source code.
    You distribute a binary. Sure, the end user can decompile it, but it does
    not contain any comments. The code is also machine generated, so it might
    not look exactly like the original.
    And I doubt that you are allowed to distribute the decompiled sources, since
    you do not have a license agreement, and it is a direct derivative of the
    binary assembly.

    For the majority of assemblies, a vendor gains nothing from obfuscating the
    assemblies. Don't you think Microsoft would have obfuscated the CLR
    assemblies otherwise?

    > There is really no way to protect my assembly code from being
    > duplicated/copied ?


    Yes there is. Use a .NET obfuscator.
    It is not perfect, but native code has the same problem.
    It is perfectly possible (though a bit harder) to decompile machine code
    from dlls or exes.

    --

    Kind regards,
    Bruno van Dooren

    Remove only "_nos_pam"
     
    Bruno van Dooren [MVP VC++], Dec 27, 2006
    #8
  9. --== Alain ==--

    LogicNP

    Joined:
    Nov 21, 2009
    Messages:
    79
    Likes Received:
    0
    Sure, you need to obfuscate your .net assemblies. Obfuscation changes your code in various ways (renaming, flow obfuscation, string hiding) so that even if decompilers are able to view your code, it would not make sense. Have a look at Crypto Obfuscator for protection your assemblies.
     
    LogicNP, Jul 22, 2011
    #9
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wael Bakr
    Replies:
    1
    Views:
    1,746
    mdgray
    Jul 10, 2003
  2. SteadySteps

    Unreachable code error for exception handling code

    SteadySteps, Oct 8, 2003, in forum: Microsoft VC .NET
    Replies:
    4
    Views:
    756
    SteadySteps
    Oct 10, 2003
  3. SteadySteps

    Unreachable code error for exception handling code

    SteadySteps, Oct 8, 2003, in forum: Microsoft VC .NET
    Replies:
    1
    Views:
    277
    Bo Persson
    Oct 8, 2003
  4. David Elliott

    Calling C++.NET code from C#.NET code

    David Elliott, Oct 31, 2003, in forum: Microsoft VC .NET
    Replies:
    1
    Views:
    174
    David Elliott
    Oct 31, 2003
  5. Klaus Bonadt

    How to pass CString from unmanaged code to managed code?

    Klaus Bonadt, Feb 3, 2004, in forum: Microsoft VC .NET
    Replies:
    7
    Views:
    879
    Ronald Laeremans [MSFT]
    Feb 9, 2004
Loading...

Share This Page