Decompile .NET

[Guest]

Hi all
I am wondering how to protect .NET applications from being decompiled or in
other word prevent it from reverse engineering
I hope of any one can help
Thx all

 

[John Duval]

There are products that will do this for you... do a search on
"obfuscator", you should find a bunch of options like these:

http://www.xenocode.com/
http://www.dotfuscator.com/
http://www.remotesoft.com/
etc...

My understanding is that these products don't provide absolute
protection from reverse engineering (i.e. it's still possible to crack
with some effort).

John

 

[Guest]

Thx
but I already know this technique , and I don't want to move my problem to
other parity to sole it for me, I want to make my own technique in preventing
..NET Code from being decompiled, and if obfuscatation is the the only way to
make this protection I want to make my protection

thx again for your interest

 

[Jon Skeet [C# MVP]]

but I already know this technique , and I don't want to move my problem to
other parity to sole it for me, I want to make my own technique in preventing
.NET Code from being decompiled, and if obfuscatation is the the only way to
make this protection I want to make my protection

Forgive me for being blunt, but that sounds like a really bad idea to
me. To do obfuscation well is pretty difficult, and professional tools
are likely to do a better job and be more reliable than rolling your
own version.

Of course, if you're looking into getting into the obfuscator market,
that's a different matter.

Jon

 

[Guest]

Thx Jon
I agree with u that its Difficult to make my own protection technique but
that is better than give others to obfuscate and my application and in the
same time can decompile what they have done
I think u got my point
thx again for your response

 

[Guest]

What is that stuff that you are trying to protect so vigorously?
Are you working on military or invent new video/audo processing algorigthms?

Is it really so importat to be protected?

Take into account that realeased games (written in unmanaged code) are
craked in the day of release.
It's impossible to get absolute protection.

Obfuscators gave u reasonable level of protection for those who are not
familiar with cracking, nothing else.

PS: Jon exposed his point of view on this matter in his article
http://www.yoda.arachsys.com/csharp/obfuscation.html I completly argee with
him

Thx Jon
I agree with u that its Difficult to make my own protection technique but
that is better than give others to obfuscate and my application and in the
same time can decompile what they have done
I think u got my point
thx again for your response

--
WBR,
Michael Nemtsev :: blog: http://spaces.msn.com/laflour

"At times one remains faithful to a cause only because its opponents do not
cease to be insipid." (c) Friedrich Nietzsche

 

[Guest]

You are right , and I am not making something to valuable and secure, I just
want to learn how to make my own protection and help others that want to make
protection that is all
and I know that prevent software from reverse engineering is impossible
but just want to make it difficult to be decompiled

thx for your interest

 

[Jon Skeet [C# MVP]]

You are right , and I am not making something to valuable and secure, I just
want to learn how to make my own protection and help others that want to make
protection that is all

You say that you want to help others - but you've effectively rejected
the help that existing products provide. Why would anyone be more
willing to trust your obfuscator than you are to trust existing ones?

Jon

 

[Jon Skeet [C# MVP]]

I agree with u that its Difficult to make my own protection technique but
that is better than give others to obfuscate and my application and in the
same time can decompile what they have done

What makes you think they would be able to decompile the code
afterwards (to anything useful)? Any obfuscator that provides a "back
door" is likely to quickly fall out of favour with the market.

Jon

 

[Guest]

I didn't say that I want to make my obfuscator , I just want to make a
technique for protecting code from being decompiled , and I don't want make a
software for that I want to make a research in this topic , and provide
others with the methods that they can customize to protect their code as
possible as we can do
that's all
and another point about Commercial obfuscators, if there is an obfuscator
there is a big probability to find a DeObfuscator

thx all

 

[Jon Skeet [C# MVP]]

I didn't say that I want to make my obfuscator , I just want to make a
technique for protecting code from being decompiled , and I don't want make a
software for that I want to make a research in this topic , and provide
others with the methods that they can customize to protect their code as
possible as we can do

So you don't plan on actually building the software to do this?

and another point about Commercial obfuscators, if there is an obfuscator
there is a big probability to find a DeObfuscator

Well, obfuscation typically involves losing information. A
"deobfuscator" is as unrealistic as something which can take a hashcode
and build you the original object. A tool may try to undo a *few* of
the techniques of obfuscation, but the basic technique of making as
many names as possible unhelpful is a fundamentally lossy one.

Jon

 

[Lebesgue]

Hey man, wake up! Your comments are absolutely irrelevant and inconsistent
all the time.

Do you have any idea what the obfuscators are doing? Even the simplest ones
are messing up the variable and method names. This is irreversible, so
without having some kind of time machine, no one can build a DeObfuscator
even against the simplest obfuscator which just changes names.


"Just close your eyes and see"

 

[Guest]

May I am sleeping , but I already know that obfuscation can change the names
of the variables and routines that is not new for me
but the case i had stated here and u didnt got it is that the one who makes
the obfuscation pattern can DeObfuscate what he did
May i am not aware enough of the topic but this is my understnding
if u know the right cocept just learn us if u please

Thx

 

[Adam Clauss]

"Just close your eyes and see"

May I am sleeping , but I already know that obfuscation can change the
names
of the variables and routines that is not new for me
but the case i had stated here and u didnt got it is that the one who
makes
the obfuscation pattern can DeObfuscate what he did

Really? So lets you look at my obfuscated code and see:

class Class1
{
public void method1()
{
...
}
}


You are able to tell me what Class1 and method1 were originally named?

 

[Lebesgue]

No, he can't, but the one who wrote the obfuscator can! ))


and is also familiar with the concept of changing names. He certainly has
some kind of time machine.

 

[Guest]

i think u dont understand, you are the one who made the obfusication , so u r
the one should able DeOfusicate
i think u need the other comments carefully , u dont understand what we r
talking about
sorry!

 

[Willem van Rumpt]

i think u dont understand, you are the one who made the obfusication , so u r
the one should able DeOfusicate
i think u need the other comments carefully , u dont understand what we r
talking about
sorry!

I think the point he tries to demonstrate is that obfuscation doesn't
have to be two way street. There's nothing that says the obfuscation
process must be able to deterministically reverse the process.

 

[Lebesgue]

Just tell me, are you more than 13 years old?

"Just close your eyes and see"

 

[Jon Skeet [C# MVP]]

i think u dont understand, you are the one who made the obfusication , so u r
the one should able DeOfusicate
i think u need the other comments carefully , u dont understand what we r
talking about sorry!

At least three people have now told you that you can't "deobfuscate".
It's worth paying attention rather than assuming they are wrong. (It's
possible they are all wrong, but unlikely in my experience.)

Obfuscation is inherently a one-way process. While the person who
actually runs the tool over the code may end up of a map from the
original name to the obfuscated name, the information is only present
in that map - so unless that map falls into the wrong hands, it is
impossible to go from the obfuscated version to the non-obfuscated
version.

So, unless you're suggesting that obfuscation technology companies have
secret "call home" backdoors whereby whenever you obfuscate some code
with their products, it gives them the map, they can't "deobfuscate"
your code.

Jon

 

[Adam Clauss]

Yes, I do understand, I'm afraid you do not understand. The error is in
your assumption that because I obfuscated it, that I can un-obfuscate it.
That is wrong. I could take two completely different sets of code and come
up with the code I showed you. It is IMPOSSIBLE to reverse the procedure.