how to protect code

[--== Alain ==--]

Hi,

Using the .NET reflector tool, i know that a DLL or EXE developed in
..NET platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET
reflector to decompile your code or at least to avoid people to see
clearly the code of you DLL or EXE ?

thanks a lot,
Al.

 

[Bruno van Dooren [MVP VC++]]

Using the .NET reflector tool, i know that a DLL or EXE developed in .NET

platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET reflector
to decompile your code or at least to avoid people to see clearly the code
of you DLL or EXE ?

Do a search for dotNET obfuscator or .NET obfuscator.
The community edition of this tool is included with Visual Studio I think.
The goal of this tool is to make your code as unreadable as possible, for
example by replacing all variable names with variations of a, A, aA, Aa and
doing the same for method names etc.

Of course you have to ask yourself: 'is it necessary?'. If your code does
not contain trade secrets of special algorithms, it might not be worth it.

Being able to decompile assemblies can be useful for developers for finding
out what an assembly is exactly doing. This can be very valuable during a
debugging session.

--

Kind regards,
Bruno van Dooren
(e-mail address removed)
Remove only "_nos_pam"

 

[Bruce]

Of course you have to ask yourself: 'is it necessary?'. If your code does
not contain trade secrets of special algorithms, it might not be worth it.

Being able to decompile assemblies can be useful for developers for finding
out what an assembly is exactly doing. This can be very valuable during a
debugging session.

Bruno,

I have an assembly that implements the Garmin Protocol. I am planning
on selling this assembly. The protocol can be very complicated. I
would not want someone to reverse engineer my code and just build their
own assembly. Don't you think it is worth obfuscating it?

 

[Tom Walker]

I have an assembly that implements the Garmin Protocol. I am planning on

selling this assembly. The protocol can be very complicated. I would not
want someone to reverse engineer my code and just build their own
assembly. Don't you think it is worth obfuscating it?

Microsoft Research has a non-obfuscated .NET assembly that can be used to
download data from a Garmin device. I'm not sure if it supports uploading
to a Garmin device. It is available here:
http://www.wwmx.org/Download.aspx
After installing the TrackDownload application you will have an assembly
named Microsoft.GPS.GarminDevice.dll in your Program Files. Take a look at
it using Reflector. You might not need to write your own assembly.

 

[Bruno van Dooren [MVP VC++]]

Of course you have to ask yourself: 'is it necessary?'. If your code does

I have an assembly that implements the Garmin Protocol. I am planning on
selling this assembly. The protocol can be very complicated. I would not
want someone to reverse engineer my code and just build their own
assembly. Don't you think it is worth obfuscating it?

In this case, yes.
An implementation of a complex algorithm is certainly worth protecting.

But a lot of assemblies do not need it. For example, Using Lutz reflector,
you can view the CLR assemblies in decompiled C# code.
This is extremely useful if you get weird exceptions, or have security
problems etc.
Because it allows you -the developer- to see exactly what's going on.
So there is a case for not obfuscating too.

--

Kind regards,
Bruno van Dooren
(e-mail address removed)
Remove only "_nos_pam"

 

[--== Alain ==--]

Hi Bruno,

What about people who develop assemblies and would like to sell them ?
if everybody is able to look into their code, the patents costs have not
value and it becomes more an open source.

I'm very surprised that MS allow open source for developing and by the
way, it means to make the market to open source.

There is really no way to protect my assembly code from being
duplicated/copied ?

Al.

 

[Ben Voigt]

Hi Bruno,

What about people who develop assemblies and would like to sell them ?
if everybody is able to look into their code, the patents costs have not
value and it becomes more an open source.

Patents are based on disclosure, not secrecy.

I'm very surprised that MS allow open source for developing and by the
way, it means to make the market to open source.

There is really no way to protect my assembly code from being
duplicated/copied ?

Sure... keep it to yourself, load it inside hardware where the user can't
see it, etc. Running on a user's general purpose computer essentially
guarantees them access to the code in some language or other (even optimized
"native" code can still be easily understood with the right tools).

 

[Bruno van Dooren [MVP VC++]]

What about people who develop assemblies and would like to sell them ?

if everybody is able to look into their code, the patents costs have not
value and it becomes more an open source.

No, because the customer is not allowed to to use your patents..

I'm very surprised that MS allow open source for developing and by the
way, it means to make the market to open source.

This has nothing to do with open source. First of all, open source is about
sharing and distribution of source code.
You distribute a binary. Sure, the end user can decompile it, but it does
not contain any comments. The code is also machine generated, so it might
not look exactly like the original.
And I doubt that you are allowed to distribute the decompiled sources, since
you do not have a license agreement, and it is a direct derivative of the
binary assembly.

For the majority of assemblies, a vendor gains nothing from obfuscating the
assemblies. Don't you think Microsoft would have obfuscated the CLR
assemblies otherwise?

There is really no way to protect my assembly code from being
duplicated/copied ?

Yes there is. Use a .NET obfuscator.
It is not perfect, but native code has the same problem.
It is perfectly possible (though a bit harder) to decompile machine code
from dlls or exes.

--

Kind regards,
Bruno van Dooren
(e-mail address removed)
Remove only "_nos_pam"

 

[LogicNP]

Sure, you need to obfuscate your .net assemblies. Obfuscation changes your code in various ways (renaming, flow obfuscation, string hiding) so that even if decompilers are able to view your code, it would not make sense. Have a look at Crypto Obfuscator for protection your assemblies.