obfuscation

[éric]

I am interested to know what some of you are using to obfuscate your .NET CF
projects?
I have tried a few demo products and most seem to fail because of sqlce
references? Even the ones that claim to be complient with CF.

As a second issue... is obfuscation really that necessary? how easy would it
be for someone to reverse engineer an application? if my app does not really
contain some encryption algorithym I don't want stolen, should I care about
obfuscation? Lets say for arguments sake I create an image button... there
is no mystery there... just some work that has to be done... would it be
more trouble for someone the image button from reverse engineering or from
actually writing and testing some of their own code?

Thanks for your thoughts and suggestions

Regards,

éric

 

[Chris Tacke, eMVP]

I use xenocode for obfuscation and haven't had a problem.

Reverse engineering really isn't any work if you have a tool like Anakrino
or Salamander - you basically feed it a DLL and it gives you C#.

 

[éric]

Thanks Chris... I will download xenocode today!

I use xenocode for obfuscation and haven't had a problem.

Reverse engineering really isn't any work if you have a tool like Anakrino
or Salamander - you basically feed it a DLL and it gives you C#.

--
Chris Tacke, eMVP
Co-Founder and Advisory Board Member
www.OpenNETCF.org
---
Windows CE Product Manager
Applied Data Systems
www.applieddata.net


..NET would

 

[Ginny Caughey [MVP]]

éric,

You can get Anakrino here http://www.saurik.com/net/exemplar/ and see for
yourself what somebody could do with a release build of any EXE or DLL you
create. But there's also the question of how likely you think it is that
somebody might bother to take Anakrino's output and clean it up enough to
reuse it.

 

[éric]

Well the application is not likely to be used or sold commercialy but it may
be sold to a competitor in our industry [agriculture] so I guess I should
obfuscate it

I tried xenocode earlier today... not much luck... am I doing something
wrong or is the exe too big and complexe?

the xenocode processes the file without error but it no longer works on the
device after obfuscation... are there special considerations for CF? I
looked on their site but found no reference to CF.

Regards,

éric

 

[Neville Lang]

éric,

Just before I was to release my app publicly, I had a look at the issue of
obfuscation. VS 2003 itself contains a disassembler, ILDASM.EXE, located in
\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin and I was
shocked when I ran MyApp.EXE through it - there was my code for all to see!

After checking around various trial versions, I ended up purchasing Xenocode
Enterprise and was happy to see my code protected. This product will also
prevent ILDASM from running but I do not know about other disassemblers,
however, I feel a little better knowing that I have some protection.

Regards,
Neville Lang

 

[Daniel]

I run some of my code trough http://www.remotesoft.com/salamander/ and all I
can say no obfuscation can help .

Code is decompiled and nicely presented with nice variable names and even
solution file can be created so you can work on source and recompile it

We actually needed this feature because we lost some of our earlier source
code.

Dan

 

[éric]

good point! )

I run some of my code trough http://www.remotesoft.com/salamander/ and all I
can say no obfuscation can help .

Code is decompiled and nicely presented with nice variable names and even
solution file can be created so you can work on source and recompile it

We actually needed this feature because we lost some of our earlier source
code.

Dan

 

[Chris Tacke, eMVP]

I use both Salamander and Xenocode. While obfuscation isn't any panacea
that makes your code theft-proof, it makes it a lot more work to reverse
engineer. If you use your public methods as simple wrappers for internal
methods, the obfuscation really makes it hard to read.

-Chris