avoid easy decompiling

[--== Alain ==--]

Hi,

Using the .NET reflector tool, i know that a DLL or EXE developed in
..NET platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET
reflector to decompile your code or at least to avoid people to see
clearly the code of you DLL or EXE ?

thanks a lot,
Al.

 

[Dave Sexton]

Hi Al,

You can obfuscate your code, but I wouldn't recommend it for most real-world
applications or even third-party components since even the best obfuscation
can still be reverse engineered.

C# Programming Tools
§ Obfuscators
http://msdn2.microsoft.com/en-us/vcsharp/aa336818.aspx#obfuscators

Here's some information about why obfuscation may or may not be a good
choice for your program:

Security through obscurity
http://en.wikipedia.org/wiki/Security_through_obscurity

 

[Ben Voigt]

Hi,

Using the .NET reflector tool, i know that a DLL or EXE developed in .NET
platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET reflector
to decompile your code or at least to avoid people to see clearly the code
of you DLL or EXE ?

The only real way to protect your code is to use a web service so your
customers never get their hands on it. You can also deploy embedded devices
if network access isn't guaranteed. Any time you allow the user to run your
code on their system, they can inspect it.

 

[Dave Sexton]

Hi Peter,

There is a second class of obfuscators that are really "recompilers" and
these actually change your .NET assemblies into true machine code (like
C++).
Even that isn't impossible to reverse engineer. Remotesoft offers one, and
there may be others.
Peter

I'm curious to know if they actually add any extra protection or if they're
just the same as creating a native image using NGEN after using, for
example, Dotfuscator. Don't they still have to include the metadata for the
CLR, which defeats the purpose of using machine language to add protection?

 

[Jon Skeet [C# MVP]]

Using the .NET reflector tool, i know that a DLL or EXE developed in
.NET platform can be decompiled and therefore code is available for all.

I would like to know if exist a way how to avoid tools like .NET
reflector to decompile your code or at least to avoid people to see
clearly the code of you DLL or EXE ?

See http://www.pobox.com/~skeet/csharp/obfuscation.html

 

[Dave Sexton]

Hi Peter,

Thanks for the link

Very scary stuff. The .NET Framework isn't even required on a machine that
will run the "linked" program since the dependant FCLs are actually
rewritten into the program and obfuscated themselves. No mention of
metadata though so I wonder how reflection would actually work and since the
framework isn't required I wonder if CAS even works at all.

I can see that being useful if I needed to hide, say, the recipe for a nuke
in my program's code. Other than that I think it makes more sense to move
forward in application development and reap the benefits of writing managed
code such as platform independence and JIT compilation.