Decompiler.NET reverse engineers your CLS compliant code

[Nak]

Hi Daniel,

While I appreciate that you are rather fervent about this, you are really
starting to push the point here. Up to this point I have seen no behaviour
by Jungle Creatures outside of supporting their product(and suggesting it
when people ask about decompilers).

Not that I ever denied that, I just absolutly hate that method of
advertising and that is what I percieved it to be. That isn't what the
newsgroup was intended for. If by any chance it wasn't a sales push then as
mr "Vortex" is a possible client or end user of JungleCreatures /
Decompiler.NET, they should conduct their chit chat elsewhere. This isn't a
forum for JungleCreatues to offer support on their products is it?

Your comments on this thread have been inappropriate, as have several
others(CJ Taylor and Brian Henry come to mind), and you comprise what I
would consider those who should go away, atleast from this thread.

Yup, my comments can be *very* inappropriate at times, but I am not
leaving this newsgroup, I've been here long enough now and respect many of
the hard working participants. Just because I am not an MVP, or CJ or
Brian, that is the only reason you are making this statement, which
personally I believe to be unfair. But expected from an MVP, no offence but
sometimes they can get a little too authorative, the status doesnt come with
a uniform does it?

Believe it or not, I am a regular of this group and do not always get
irate by this kind of thing, but sometimes I do. If *you* don't like what
you read, put it in your "block list".

The original poster is frustrating, to be sure, but you are being just as
bad. This is not a forum for conspiracy theories or for bashing other
people, even if they make a product you don't care for.

Oh well, pots and kettles, but you are not the referee, so there is no
need to start blowing your whistle.

At the moment "mate" *I* don't even make products I care for, it's been
one of those days!

Nick.

 

[Daniel O'Connell [C# MVP]]

Hi Daniel,


Not that I ever denied that, I just absolutly hate that method of
advertising and that is what I percieved it to be. That isn't what the
newsgroup was intended for. If by any chance it wasn't a sales push then
as mr "Vortex" is a possible client or end user of JungleCreatures /
Decompiler.NET, they should conduct their chit chat elsewhere. This isn't
a forum for JungleCreatues to offer support on their products is it?

Not per se, however it *is* a forum for support and discussion of the
framework, and in some cases supporting a tool related to the framework is
appropriate. Mr. Pierce, in my experiance, has not posted outside of that
particular set of rules.

Yup, my comments can be *very* inappropriate at times, but I am not
leaving this newsgroup, I've been here long enough now and respect many of
the hard working participants. Just because I am not an MVP, or CJ or
Brian, that is the only reason you are making this statement, which
personally I believe to be unfair. But expected from an MVP, no offence
but sometimes they can get a little too authorative, the status doesnt
come with a uniform does it?

No, there is no uniform. There are nifty lapel pins and an ID card though.

Actually, authoritarian behaviour isn't uncommon among MVP's, however it is
not because they *are* mvps, but because before becoming mvp's they were
highly community minded, including trying to contain the spread of
falsehoods. Most are a little less heavy handed than I am, however.

Also, for the record, I'll bring this up with anyone who behaves like this.
You aren't the first, and I doubt the last, who I will call out for such
behavior. An MVP label(or even an MSFT one) isn't going to deter me from
that.
MVP's tend *not* to start these kind of issues, but they are certainly not
immune.

I personally think your behaviour has been rank and that you don't deserve a
terrible amount of respect from your posts. They are inflamatory, uncalled
for, and intolerably rude.

Believe it or not, I am a regular of this group and do not always get
irate by this kind of thing, but sometimes I do. If *you* don't like what
you read, put it in your "block list".

I am well aware you are a regular, but that doesn't excuse you from behaving
badly.

And, for what its worth, I don't use a block list. Everyone has a right to
have their say and to deal with the feedback from it. You are welcome to
continue with your harrasement, I certainly can't stop you, but I certainly
am not going to bow out while you act up. I will say, when I feel it is
appropriate, my thoughts on your posts.

Oh well, pots and kettles, but you are not the referee, so there is no
need to start blowing your whistle.

Nor is there a need for you to harrass people. Live with it.

 

[Jonathan Pierce]

Tell me a reason why I should decompile an application if I already have its

source code.

Aside from the obvious reason for recovering lost source code,
I'll give you 3 more good ones.

Our Decompiler.NET product uses decompilation as a baseline for
implementing other features.

1. We implement our obfuscator feature using our decompiler
technology.
2. You may want to translate an assembly to a different source
language such as decompiling a compiled VB.NET assembly to C#. Using
decompilation to accomplish this works much better than parser based
implentations.
3. Our decompiler improves you code by simplifying branching,
identifying high level statements like using, lock, and foreach, and
most recently, we have added some automatic refactoring capabilities
that generate interfaces for your public and internal members, factory
classes, encapsulate fields with generated properties and replace
their references, and general scoping tightening like recognizing
internal classes and members that can be made private. We are planning
to add support for other common design patterns such as generating
visitor classes for duplicating instance hierarchies.

Jonathan

 

[kids_pro]

Will reverse engineers give me a better code that the one I did?

 

[pop-server]

Attempts to decompile
it or bypass our license enforcement strategy are also a violation of
our license agreement and we utilize the legal system to protect our
proprietary intellectual property.

You also make a comment admitting that you at least attempted to decompile
our source code.

What else did you mean by: "By the way, the codes a bit dirty!"

We are a commercial company and will utilize legal processes as necessary to
protect our intellectual property. You may consider this a warning since you
have already implied that you have attempted to decompile our product's
source code in violation of our license agreement which you agreed to when
you downloaded and again when you installed the product.

You will be one of the first suspected if any attempts are made to crack or
distribute cracked versions of our product.

Jonathan

 

[Cor Ligthert]

I don't have to realize, I know, what is wrong with this addition?

 

[Jon Skeet [C# MVP]]

I am not sure if you are talking about the Obfuscator Comunity Edition
version 1.1.... that comes with the .NET Visual Studio. I am not able to
use that. (Am I missing something?)

I'm talking about following the suggestion of obfuscating the release
mode dll and then decompiling. You can do that with any obfuscator -
there are lots of them around, and most have demo versions.

That's fair enough for me.

I discovered that most Symbols can be obfuscated, but I need to insist
on the enums:
[Enum].GetName(...)
returns the Symbol used in the enum as a string
so, the original Symbol is stored in the exe or dll, it can be decrypted.

Everyone that is not Obfuscating the evidence knows that it can be
decrypted or deobfuscated (whatever you name it).

That depends on the obfuscator. I would imagine some obfuscators
*could* obfuscate the enum values, if you really wanted it to and if
you were sure you didn't need to use Enum.Parse etc.

How many security or IPR-sensitive enum values do you normally run
across, out of interest? I can't remember the last time I saw one... If
no obfuscators currently on the market do this, I suspect it's because
there's no perceived need for it.

I noticed that you are an MPV, I don't know you, it is the first time I
see your nick name, so you should not understand the following question
as any sort of attack to you.
Can you explain as clear as the post I read from you, what checks does
Microsoft do when nomeating MVPs? Being more clear: is Microsoft ready
to put its hand on Bible to say that each of MVPs are not hackers or
malware people?

(I am not talking about you, I repeat to avoid misunderstandings)

No - it clearly doesn't have the time or energy to investigate people
to a huge extent. If someone is revealed to be a software pirate or
anything similar, however, I believe they would be kicked out of the
programme immediately.

 

[Jon Skeet [C# MVP]]

You are correct that enum values can't directly be obfuscated since
they are implemented as public literal fields. Since they are literal,
references to their values can substituted at compile time.

Presumably an obfuscator which was given sufficient licence by the user
could still obfuscate the enum though? If the user said, "I really
don't care what effects it has on anything else, my application is
entirely self-contained and I never use Enum.Parse/ToString" I don't
see why it couldn't be obfuscated. Surely just replacing Foo.XXX with
Foo.YYY everywhere in the code would work, wouldn't it?

 

[Nak]

Hi,

You also make a comment admitting that you at least attempted to decompile
our source code.
What else did you mean by: "By the way, the codes a bit dirty!"

It was a flippant remark which went with the rest of the post.

I have *never* decompiled anything, except been shocked by how well the
Reflector plugin can get my program back to source. That is all, I have no
desire for decompilation, if you cant take a tounge in cheek attitude
towards a tounge in cheek post then you need to lighten up a little!

We are a commercial company and will utilize legal processes as necessary
to protect our intellectual property. You may consider this a warning
since you have already implied that you have attempted to decompile our
product's source code in violation of our license agreement which you
agreed to when you downloaded and again when you installed the product.

LOL, you obviously have *no* idea of the legal system to be making
statements like that. You could not prove either way from my post regarding
the matter. HAHAHA, I have *never* even downloaded your "aplette" so how
could I decompile it? or agree to an EULA? Get a life! I have reflector and
for the purposes I need it, it's the perfect program for me. So I suggest
you calm down and stop making statements that you obviously believe are so
true, that puts you in the same ball park as me in the legal system!

You will be one of the first suspected if any attempts are made to crack
or distribute cracked versions of our product.

Ever heard of scandalous remarks?

Jonathan

A) Get a life
B) Get a life
C) Shut up!

Nick.
(And may I say this is totally without prejudice!)

 

[Jonathan Pierce]

... If
I've never seen a request for this before, but now that it has been
mentioned, I went ahead and added the feature to the next version of our
built-in obfuscator capability in Decompiler.NET. Since enums fields compile
to public static literal fields, the implementation instead replaces
internal or private enums with structs and their fields with internal const
fields and substitutes their references with the enum's underlying type.
Enums types that are declared pubic are left unmodified to retain their
public interface for external calling assemblies.

Jonathan

 

[Jonathan Pierce]

Presumably an obfuscator which was given sufficient licence by the user

could still obfuscate the enum though? If the user said, "I really

don't care what effects it has on anything else, my application is

entirely self-contained and I never use Enum.Parse/ToString" I don't

see why it couldn't be obfuscated. Surely just replacing Foo.XXX with

Foo.YYY everywhere in the code would work, wouldn't it?

Hi Jon,

I must have been extremely tired when I thought about the enum value issue.
Thank you for keeping me sane. You are correct that obfuscators can just
rename the enum field names for internal and private types like any other
class or struct. There was a bug in my obfuscator implementation that caused
it to not obfuscate field names for public fields on internal and private
types, enums or not. When I saw the fields not obfuscated, I was half asleep
and decided to implement replacing them with structs, instead of thinking
about why they weren't obfuscated. This just proves that I am able to code
while not fully awake, but should avoid it.

Thanks again for questioning my implementation and the supportive posts that
you have made to this thread.

Jonathan

 

[Jonathan Pierce]

Nak,

It's good to see that you have decided to not pursue further attempts to
decompile our products.

Your post do appear to contradict each other though, since you stated:

1. I have *never* even downloaded your "aplette" so how
could I decompile it? or agree to an EULA?

2. "By the way, the codes a bit dirty!" in the context of suggesting: "
should use a different decompiler to

decompile your little aplette"

This is clearly a reference to our code and not your own code that you
looked at in Reflector. If you were commenting about dirty code that wasn't
ours, why did you include the statement in a post whose entire contents was
related to commenting about what you should do with our code. You further
confirm that you were referring to our code in this statement directly
responding to my inquiry about your implication: "I will call your
application an "aplette" until I am blue in the face"

Clearly, you made comments about "dirty code" in the context of referring to
decompiled source code from our product which you confirmed that you were
using the term "aplette" to refer to our application in the same post where
you made the comment that you should "decompile your little aplette" and
your statement about the code that you observed when you actually did
"decompile our little aplette" in order to assert "By the way, the codes a
bit dirty!". Not only did you admit that you did download and attempt to
decompile our product, but you then continued to make harmful and libelous
statements about our implementation "By the way, the codes a bit dirty!".in
a public forum that can clearly have a direct impact on our target market's
perception of our product, and subsequently directly damage us financially.

If you were not referring to our code when you claimed that you were, then
your are now admitting that your written posting in a public forum was
intentionally made with the intent of "actual malice" consistent with
Justice William Brennen's famous clarification on libel law as it relates to
statements made about public figures as it relates to first amendment rights
of free speech.

"A public official can win a libel lawsuit
under the First Amendment, wrote Brennan, only if he
or she can prove "actual malice" on the part of the
defendant, where proof of "actual malice" is defined
as proof that the statement was made with "knowledge
that it was false or with reckless disregard of
whether it was false or not."

You may want to consult your lawyer before continuing to further incriminate
yourself in public forums.

Jonathan

 

[Nak]

You sir, are a twat, and I am glad that I have never downloaded your
"aplette", I do not require your "aplette". So get over it!!!!!!

If you don't want to believe me, then that's fine by me, but it's a fact, a
hard cold one, it's a shame it isn't in the shape of a fish so that I can
slap it about your face!

Read the following, it's obfuscted using my very own ASCII obfuscator, see
if you can guess what it says,

iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!

Nick.
(Without predjudice)

 

[Jonathan Pierce]

You sir, are a twat, and I am glad that I have never downloaded your
"aplette", I do not require your "aplette". So get over it!!!!!!

If you don't want to believe me, then that's fine by me, but it's a fact,
a hard cold one, it's a shame it isn't in the shape of a fish so that I
can slap it about your face!

Read the following, it's obfuscted using my very own ASCII obfuscator, see
if you can guess what it says,

iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!iD1DNtD0wnl0AdY0ur"4p1e77e"!!!!

Nick,

This is a serious issue for us that directly affects our company's revenue.

If you didn't download our product, then you are still guilty of making
libelous statements with "actual malice" regarding our product and subject
to legal ramifications with regards to U.S. and international libel laws.
You may want to be more careful in your future postings regarding our
products, our company, or other companies and products in newsgroups since
your postings are not immune to legal prosecution if we or others decide to
pursue the issue against you.

Jonathan

 

[Herfried K. Wagner [MVP]]

Jay,

You don't use backup software or check in to Visual Source safe often enough
and inadvertently delete the source to your project.

I still think that this is a very weak reason for buying a decompiler,
because you will still have to restore comments etc.

 

[Jonathan Pierce]

Will reverse engineers give me a better code that the one I did?

Yes, in many cases it will. Our product simplifies your branching by
combining condition sequences, inserting return, break, and continue
statements, recoginizing high level statement sequences like foreach,
using, lock, etc that you may not have originally written, and the
latest refactoring features use the code model to recognize and
anaylze your code and consistently reorganize it and generate
additions to implement common design patterns for you and tighten
scoping, as well as make your code more flexible by replacing concrete
instances with factory instantiated interface instances so that you
can implement additional implementations of the interface without
changing the calling code. We also include an option for generating
properties for your public and internal fields, make the fields
private, and replace the field references with the corresponding
properties. We are also planning support for recognizing other common
design patterns and applying them according to your preferences. You
should read the famous design patterns book by the gang of 4 to better
understand what we are planning on automating in addition to our
general statement sequence optimizations.
http://www.amazon.com/exec/obidos/t...104-1901124-1060765?v=glance&s=books&n=507846

Jonathan

 

[CJ Taylor]

Big ol' Ack!

MVP's do tend to get a bit of an authority complex with their fancy title.

Do I do a bit of mud slinging, yep. I don't deny that. I tried being nice,
I tried explaining it. And like I do with many others in this group,
especially newbies I take the time to try to explain it.

The OP was convinced, and would not have it any other way that none of us
had ever heard of obfusiciation. Even after we told him so... Arguing
exports and symbols and a few other buzz words.

As for Jonathan. I don't know, there seemed to be a lot of promotion. You
can't expect us to sit here and read the same tired crap over and over
though. We use the news groups as well, therefore allowed to voice our
opinion. In whatever manner it may be.

Am I an MVP? Nope. Do I care that I am? No... I like developing, scratch
that.. I love developing.. I love to learn.. I love to see others learn...
I don't need a flashy title with a virtual badge to go with it so I can tell
people what they can talk about on a public forum.

 

[CJ Taylor]

BTW,

I made one off color remark. If you look through my posts I am either
talking to other people, or attempting to explain that we all knew and
compare it to something like RSA.

So the next time you decide to whip out your MVP lapel pin and ID badge make
sure your clear on how many off color comments I make.

 

[Nak]

As for Jonathan. I don't know, there seemed to be a lot of promotion.

You
can't expect us to sit here and read the same tired crap over and over
though. We use the news groups as well, therefore allowed to voice our
opinion. In whatever manner it may be.

I agree intently.

Am I an MVP? Nope. Do I care that I am? No... I like developing,
scratch
that.. I love developing.. I love to learn.. I love to see others
learn...
I don't need a flashy title with a virtual badge to go with it so I can
tell
people what they can talk about on a public forum

Well said, MVP's are great, but they shouldnt think that non MVP's arent
capable of being MVP's too. I still stand very firm on my opinion of what
an MVP is, simply a way for Microsoft to give the end users of their
products support without having to actually pay anyone. But that's another
story completely.

Nick.

 

[Jonathan Pierce]

As for Jonathan. I don't know, there seemed to be a lot of promotion.
You
can't expect us to sit here and read the same tired crap over and over
though. We use the news groups as well, therefore allowed to voice our
opinion. In whatever manner it may be.

CJ,

This thread was originated by an independant user who has no affiliation
with our company, but was pointing out his concerns regarding his perception
of security risks related to his awareness of the completeness of our
product's ability to generate correct and high-level source code from
unobfuscated assemblies.
The title of the thread mentions our product directly and was not influenced
in any way by our company. We read the newsgroups as well and seeing the
thread was the first that we had heard about this user. One posts on this
and other threads are always technical in nature and directly responsive and
relevant to the thread subject and provide answers and suggestions for
addressing the questions or issues initiated by the post that we are
responding to. Like other vendors, when our product directly answers the
user's question or provides a feature that meets his needs as described in
his post, we suggest our product as a solution and describe the features
that address the concerns of the author of the post. If you don't want to
read references to our product, than you probably should stop reading thread
posts whose subject directly mentions it and was started by a legitimate
independant newsgroup user who is expressing his concerns over the
capabilities of .NET decompilation and obfuscation tools and their issues in
the correct newsgroup relevant to such concerns.

Jonathan