Reverse Engineering....

P

Paul Aspinall

I have been developing apps in C#...

Until recently, I was not concerned about the compilation to IL step, which
many people had been concerned about. However, having spent a few hours
using ILDASM and Refelector, I am very concerned about the ease at which my
code can be reverse engineered....

This does not really seem like a very good 'feature' for marketing
commercial products on the platform.

My question is.... Is Obfuscation really only the best way to protect my
code??

I know that no code is 100% safe, and reverse engineering on x86 native was
also possible..... However, the RE available under .Net is 'so easy', that
it seems like all code comes complete with source!!!

Surely there is something to prevent this under .NET??

I know it doesn't really fit with the .NET strategy, but what about a C# /
..NET to native x86 compiler??

Thanks



Paul
 
J

Jon Skeet [C# MVP]

Paul Aspinall said:
I have been developing apps in C#...

Until recently, I was not concerned about the compilation to IL step, which
many people had been concerned about. However, having spent a few hours
using ILDASM and Refelector, I am very concerned about the ease at which my
code can be reverse engineered....
Click to expand...

Why, out of interest? What particular element concerns you?

See http://www.pobox.com/~skeet/csharp/faq/#obfuscation for my general
thoughts and a few links to get you started.
 
L

laimis

Hey,

many people are concerned about the easy at which any person can read
your application source code. Here is my experience with all of this:

1. Obfuscation really helps to shun away beginners up to upper just
above intermediate developers. You see a good obfuscator renames
variables and names to unicode type characters that cannot be handled
easily when looking as ascii or show up as boxes in reflector. The best
thing to do is let one of your devs from other team or a person not
familiar wiht the code try to figure out what the code does by looking
at the obfuscated version. If it takes more than couple hours, you just
got rid off 80% of "crackers". In my case, to RE such code, the best is
to have ur own system and renaming on piece of paper as you go down the
program list, which helps a lot.

2. Most of your code in your app is not magic, so you don't care if
someone can see it. One alternative to hiding your secret code is to
implement it in native dll and then pinvoke it. THis is just an option,
and some of the .net framework is done that way. Again, this just makes
things harder because as we know, everything can be RE, it is just much
harder to RE native code.

If you disagree with me, or would like to throw in your opinion, I would
love to hear it. I am learning too :)

Laimis
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Software protection(copying or reverse engineering etc) 2
C# .NET 4 Framework freeware program security question 3
UMLE00501 on dotnet framework delegates when reverse engineering 4
DotNet, is that possible to prevent reverse engineering? 8
A General-Purpose Lexer and Parser for .NET 10
CLR bug? 1
Whats the Deal with Visual C++.Net? 21
Help me understand 5

Top