Jump to content
  • Advertisement
Sign in to follow this  
tmack

[.net] .NET Decompile Protection

This topic is 4666 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

EDIT: Since all applications are compiled to MSIL, they can be easily converted BACK to any .NET language (C#, VB.NET) I'm looking for a program that can convert MSIL to Native Code. This way, if someone trys to decompile it-- they can't because it's converted to native code. Is there program to convert MSIL to Native code? Anything besides Salamander .NET Protector (way over priced!) [Edited by - tmack on October 10, 2005 8:10:35 PM]

Share this post


Link to post
Share on other sites
Advertisement
With Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...

cheers

Share this post


Link to post
Share on other sites
Quote:
Original post by ernow
With Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...

cheers


I know.

Obfuscator's do not protect the source code. They are used to make decompiling harder for newbies. It's not much harder for someone who knows what they are doing.

I'm not talking about the way C/C++ is compiled.. or anything. .NET converts the code to MSIL, which can be translated back into C#/VB/etc



Share this post


Link to post
Share on other sites
As long as the CLR is running MSIL you can always read MSIL. MSIL can 'always' be translated into C# or VB or any other CLS compliant language. The only way to stop that is to put decryption technology in the CLR compilers so the msil could be distributed encrypted...

Edit: in a way obfuscaters DO protect source code... ever tried to understand obfucated code?

Cheers

Share this post


Link to post
Share on other sites
I am still learning .net. From what I've read, obfuscaters protect the source code to a certain extent.

I don't find obfuscaters as a proper way to secure a .NET program.

Now, I've been reading about Visual Studio 2005. Right now I'm downloading it via my MSDN subscription.

I was trying to figure out if VS2k5 has better protection.. or am I wasting my time?

I really, seriously, want to know the point of .NET if it can be so easily decompiled.

Share this post


Link to post
Share on other sites
Take a look at this:
http://www.remotesoft.com/salamander/
A web-based version of Salamander's .NET Decompiler.

Look closely at this option:
"de-obfuscate(turn any obfuscated code into recompilable format)"

So NO, I would not say obfuscating the source is secure. I could be wrong, though. But I decompiled at least 5 different .NET applications with no problem.

Share this post


Link to post
Share on other sites
Well, as an exercise, try decompiling an obfuscated app and try to recompile it. That'll be the best way for you to understand that process.

Next, it obviously depends on what you are doing, but another great trick to prevent users from hacking external assemblies that your apps depend on is to sign them with a strong name key and use code access security to demand that all linked assemblies have the key. You cannot get the private key even with a disassembler, so as long as you keep you strong name key file private you can stop code injection, etc..

Hope that helps!

~Graham

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by tmack
I really, seriously, want to know the point of .NET if it can be so easily decompiled.



Are you serious, or was that just a knee-jerk response?

Share this post


Link to post
Share on other sites
Quote:
Original post by Anonymous Poster
Quote:
Original post by tmack
I really, seriously, want to know the point of .NET if it can be so easily decompiled.



Are you serious, or was that just a knee-jerk response?


I'm very serious. Think of it like this.

I'm developing a very large application with several other people, say 3 or 4 people that.. uhm.. helps you manage a database.

We choose C#.

We build this application, and start selling it- $199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name.

We're losing out on thousands and thousands of dollars!!

Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++.



Share this post


Link to post
Share on other sites
Quote:
Original post by tmack
We build this application, and start selling it- $199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name.

We're losing out on thousands and thousands of dollars!!

Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++.


When have "protections" ever stopped software from being pirated?

Code doesn't need to be decompiled. Crackers got by with disasseblers just fine.

Share this post


Link to post
Share on other sites

This topic is 4666 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!