K
kids_pro
With the reflector tool .exe, .dll can be decompile?
how can we secure our work?
how can we secure our work?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Richard Blewett [DevelopMentor]
1) Don't give anyone your code (may sound stupid but this is the only sure fire way - people call your functionality by remote invocation of some type).
After 1) it all comes down to can we make this cost more to reverse engineer than the benfit from reverse engineering it.
2) Obfuscate - Demeanor, Dotfuscator and there are others will mange your code to make it very unreadable and much harder to decompile
3) Compile teh sensitive bits in unmanaged code and use interop to talk to them - this makes things as hard as if you'd not moved to managed code
4) Don't bother - is your code actually that valuable in the details of each method or only in the architecture and structure of the code in general. The vast majority of applications fall into this category I would argue. For example, I don't think being able to rverse engineer Word would get me much because the real IP is in the structure of the code in the large, not in the small.
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<#[email protected]>
With the reflector tool .exe, .dll can be decompile?
how can we secure our work?
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date: 10/09/2004
[microsoft.public.dotnet.languages.csharp]
After 1) it all comes down to can we make this cost more to reverse engineer than the benfit from reverse engineering it.
2) Obfuscate - Demeanor, Dotfuscator and there are others will mange your code to make it very unreadable and much harder to decompile
3) Compile teh sensitive bits in unmanaged code and use interop to talk to them - this makes things as hard as if you'd not moved to managed code
4) Don't bother - is your code actually that valuable in the details of each method or only in the architecture and structure of the code in general. The vast majority of applications fall into this category I would argue. For example, I don't think being able to rverse engineer Word would get me much because the real IP is in the structure of the code in the large, not in the small.
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<#[email protected]>
With the reflector tool .exe, .dll can be decompile?
how can we secure our work?
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date: 10/09/2004
[microsoft.public.dotnet.languages.csharp]
R
Russell Mangel
IMHO
If your library or program is valuable and complex, and rare. It will be
reverse-engineered no matter what you do.
Worrying about someone looking at your source code is paranoia.
Usually a casual snooper will use a reflection tool to see how good the
software really is, in many cases the software is not high quality and the
hacker could write the software better, and so he will not care about the
component.
Know this:
Most medium-large companies will not purchase software components, without
the full source code. Lets say that some one writes a razzle-dazzle
component and they decide to sell it to company XYZ. This company XYZ spends
6 months of development using your component. Then the worst happens, there
is a bug in the component, they try to contact the company who wrote the
component and it is out of business. As you can see, no smart developer
would ever allow this situation.
Write your software, and sell it with the source code. (You can always ask
twice the price, and include the source code.) Chances are they will find a
problem and teach the author a few ideas on how to build it better.
Bye!
Russ
If you are still not convinced, then you can purchase RemoteSoft's product,
and remove all the metadata from the assembly.
This will slow them down, but they'll still get it if it's good software.
If your library or program is valuable and complex, and rare. It will be
reverse-engineered no matter what you do.
Worrying about someone looking at your source code is paranoia.
Usually a casual snooper will use a reflection tool to see how good the
software really is, in many cases the software is not high quality and the
hacker could write the software better, and so he will not care about the
component.
Know this:
Most medium-large companies will not purchase software components, without
the full source code. Lets say that some one writes a razzle-dazzle
component and they decide to sell it to company XYZ. This company XYZ spends
6 months of development using your component. Then the worst happens, there
is a bug in the component, they try to contact the company who wrote the
component and it is out of business. As you can see, no smart developer
would ever allow this situation.
Write your software, and sell it with the source code. (You can always ask
twice the price, and include the source code.) Chances are they will find a
problem and teach the author a few ideas on how to build it better.
Bye!
Russ
If you are still not convinced, then you can purchase RemoteSoft's product,
and remove all the metadata from the assembly.
This will slow them down, but they'll still get it if it's good software.