MSIL code

[Tony Johansson]

Hi!

I just wonder about this Reflector tool.
If I made a dll in .NET can then a person that have this DLL look at all the
source code by using the Reflector tool ?
I mean can he/she recreate all the source code.

If I instead have a DLL unmanaged code for example made in C++ is it here
possible look at the source code by using some kind of tool.
I mean something that remind of Reflector ?

//Tony

 

[James Finch]

Since .NET programs and libraries are compiled to MSIL, basically yes.
Anyone can use .NET Reflector to view your source code almost as you
wrote it. You can use various tools (Dotfuscator, etc.) to make the code
more difficult to interpret, but if someone really wants to reverse
engineer your code they will. It's that simple. You can make it more or
less difficult but never impossible.

When programs are written in C and C++ they are compiled to native
machine code and are rather more difficult to reverse engineer than
MSIL, but still never impossible. If you wish to protect your .NET code
so that some idiot doesn't take credit for your work, the best you can
do is use obfuscation techniques to make the code so difficult to
understand that it would be easier for them to write an application from
scratch that does the same thing. There are commercial tools available
to make this process easier and also provide string encryption, etc.

James Finch (MCDST)

 

[Family Tree Mike]

Since .NET programs and libraries are compiled to MSIL, basically yes.
Anyone can use .NET Reflector to view your source code almost as you
wrote it. You can use various tools (Dotfuscator, etc.) to make the code
more difficult to interpret, but if someone really wants to reverse
engineer your code they will. It's that simple. You can make it more or
less difficult but never impossible.

When programs are written in C and C++ they are compiled to native
machine code and are rather more difficult to reverse engineer than
MSIL, but still never impossible. If you wish to protect your .NET code
so that some idiot doesn't take credit for your work, the best you can
do is use obfuscation techniques to make the code so difficult to
understand that it would be easier for them to write an application from
scratch that does the same thing. There are commercial tools available
to make this process easier and also provide string encryption, etc.

James Finch (MCDST)

Many would say the best you could do is to create web services so that
the heart of your code is remote and thus inaccessible. True that they
could reverse engineer the client that connects to your service, but
they cannot identify an algorithm that maybe you wanted protected which
is housed on the server.

 

[Willem van Rumpt]

Hi!

I just wonder about this Reflector tool.
If I made a dll in .NET can then a person that have this DLL look at all the
source code by using the Reflector tool ?
I mean can he/she recreate all the source code.

If I instead have a DLL unmanaged code for example made in C++ is it here
possible look at the source code by using some kind of tool.
I mean something that remind of Reflector ?

Any compiled code available to a third party can be reverse engineered,
the only factor involved is time.

If you want to be sure that your code doesn't fall into other hands, the
only option is to not deliver it to those hands.

However, before considering switching languages, complex obfuscation and
encryption techniques, there's one important point that lots of people
seem to forget:

Most code written is not rocket science, and is easier to write
yourself, than to reverse engineer.

Don't let it worry you too much.

 

[Tony Johansson]

I was just curious!!

//Tony

Any compiled code available to a third party can be reverse engineered,
the only factor involved is time.

If you want to be sure that your code doesn't fall into other hands, the
only option is to not deliver it to those hands.

However, before considering switching languages, complex obfuscation and
encryption techniques, there's one important point that lots of people
seem to forget:

Most code written is not rocket science, and is easier to write yourself,
than to reverse engineer.

Don't let it worry you too much.

 

[Rudy Velthuis]

However, before considering switching languages, complex obfuscation
and encryption techniques, there's one important point that lots of
people seem to forget:

Most code written is not rocket science, and is easier to write
yourself, than to reverse engineer.

Exactly! Fully agreed. Many people seem to forget that.

 

[Peter Duniho]

Hi!

I just wonder about this Reflector tool.
If I made a dll in .NET can then a person that have this DLL look at all the
source code by using the Reflector tool ?
I mean can he/she recreate all the source code.

If I instead have a DLL unmanaged code for example made in C++ is it here
possible look at the source code by using some kind of tool.
I mean something that remind of Reflector ?

You got a lot of good replies, but more specifically to your question:
yes, there are tools that "decompile" unmanaged code back to other
languages, such as C++. They work best when you know the original
tools/languages used to create the unmanaged, compiled native code, just
as Reflector works best when you tell it what version of .NET was used
and what language.

..NET MSIL is especially easy to decompile a la Reflector, because so
little of the optimization happens during the C#-to-IL stage and because
so much of the original information is still present (variable names,
meta-data for data structures, etc.). But even the unmanaged
decompilation tools can do a remarkably good job.

Pete

 

[Tony Johansson]

You got a lot of good replies, but more specifically to your question:
yes, there are tools that "decompile" unmanaged code back to other
languages, such as C++. They work best when you know the original
tools/languages used to create the unmanaged, compiled native code, just
as Reflector works best when you tell it what version of .NET was used and
what language.

.NET MSIL is especially easy to decompile a la Reflector, because so
little of the optimization happens during the C#-to-IL stage and because
so much of the original information is still present (variable names,
meta-data for data structures, etc.). But even the unmanaged
decompilation tools can do a remarkably good job.

Pete

Hi!

Is it possible to say that MSIL can in a way be understood as a language of
it's own just to get a better understanding of MSIL.

//Tony

 

[Peter Duniho]

Is it possible to say that MSIL can in a way be understood as a language of
it's own just to get a better understanding of MSIL.

I'm not sure I understand the question. But yes, MSIL is absolutely a
language in and of itself. It is the low-level instruction code used by
Microsoft's "common language infrastructure".

It would be silly to write code in MSIL itself, because of the several
excellent high-level language choices available. But certainly there's
some value in understanding MSIL as a language unto itself; doing so
gives one a greater and deeper insight into what actually happens when
you write specific kinds of code inthe higher-level languages.

Pete

 

[Arne Vajhøj]

Many would say the best you could do is to create web services so that
the heart of your code is remote and thus inaccessible. True that they
could reverse engineer the client that connects to your service, but
they cannot identify an algorithm that maybe you wanted protected which
is housed on the server.

It can be a fine solution.

But it does have some implications regarding being connected,
performance etc..

Arne

 

[Arne Vajhøj]

Is it possible to say that MSIL can in a way be understood as a language of
it's own just to get a better understanding of MSIL.

MSIL is the assembler language for the CLR.

You can write manually MSIL code if you want to.

..NET comes with the ILASM utility to assemble it.

Example:

C.il
----

..assembly extern mscorlib {}

..assembly C
{
.ver 1:0:0:0
}

..class public C extends [mscorlib]System.Object
{
.method public specialname rtspecialname instance void .ctor() cil
managed
{
ret
}
.method public hidebysig instance void M() cil managed
{
ldstr "This also works"
call void [mscorlib]System.Console::WriteLine(string)
ret
}
}

Test.cs
-------

using System;

public class Test
{
public static void Main(string[] args)
{
C o = new C();
o.M();
}
}

Build & run
-----------

C:\>ilasm /dll C.il

Microsoft (R) .NET Framework IL Assembler. Version 2.0.50727.3053
Copyright (c) Microsoft Corporation. All rights reserved.
Assembling 'C.il' to DLL --> 'C.dll'
Source file is ANSI

Assembled method C::.ctor
Assembled method C::M
Creating PE file

Emitting classes:
Class 1: C

Emitting fields and methods:
Global
Class 1 Methods: 2;

Emitting events and properties:
Global
Class 1
Writing PE file
Operation completed successfully

C:\>csc /r:C.dll Test.cs
Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.1
for Microsoft (R) .NET Framework version 3.5
Copyright (C) Microsoft Corporation. All rights reserved.


C:\>Test
This also works

Arne

 

[Arne Vajhøj]

I just wonder about this Reflector tool.
If I made a dll in .NET can then a person that have this DLL look at all the
source code by using the Reflector tool ?
I mean can he/she recreate all the source code.

He/she can create source code that compiles to the same binary as
your source code.

What will be missing is:
- comments
- names of local variables

Plus what is not the original source code:
- documentation
- the knowledge of the developers that write the code

For the typical business app then the missing parts is
sufficient to make it more costly to reverse engineer the entire
binary in a form that is maintainable than it is to create
source code from scratch.

But it does also mean that it takes about 10 seconds to
find embedded passwords or other secrets in the code.

Passwords/keys should be entered not embedded in the code.

And security should not rely on the algorithm being secret.

If I instead have a DLL unmanaged code for example made in C++ is it here
possible look at the source code by using some kind of tool.
I mean something that remind of Reflector ?

A lot more difficult.

Under normal circumstances nobody would even try to
decompile a large native binary.

But if the gain by doing it is sufficient high, then
someone will do it.

Arne