• 12
• 14
• 13
• 10
• 11

# [.net] .NET Decompile Protection

This topic is 4577 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

EDIT: Since all applications are compiled to MSIL, they can be easily converted BACK to any .NET language (C#, VB.NET) I'm looking for a program that can convert MSIL to Native Code. This way, if someone trys to decompile it-- they can't because it's converted to native code. Is there program to convert MSIL to Native code? Anything besides Salamander .NET Protector (way over priced!) [Edited by - tmack on October 10, 2005 8:10:35 PM]

##### Share on other sites
With Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...

cheers

##### Share on other sites
Quote:
 Original post by ernowWith Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...cheers

I know.

Obfuscator's do not protect the source code. They are used to make decompiling harder for newbies. It's not much harder for someone who knows what they are doing.

I'm not talking about the way C/C++ is compiled.. or anything. .NET converts the code to MSIL, which can be translated back into C#/VB/etc

##### Share on other sites
As long as the CLR is running MSIL you can always read MSIL. MSIL can 'always' be translated into C# or VB or any other CLS compliant language. The only way to stop that is to put decryption technology in the CLR compilers so the msil could be distributed encrypted...

Edit: in a way obfuscaters DO protect source code... ever tried to understand obfucated code?

Cheers

##### Share on other sites
I am still learning .net. From what I've read, obfuscaters protect the source code to a certain extent.

I don't find obfuscaters as a proper way to secure a .NET program.

I was trying to figure out if VS2k5 has better protection.. or am I wasting my time?

I really, seriously, want to know the point of .NET if it can be so easily decompiled.

##### Share on other sites
Take a look at this:
http://www.remotesoft.com/salamander/
A web-based version of Salamander's .NET Decompiler.

Look closely at this option:
"de-obfuscate(turn any obfuscated code into recompilable format)"

So NO, I would not say obfuscating the source is secure. I could be wrong, though. But I decompiled at least 5 different .NET applications with no problem.

##### Share on other sites
Well, as an exercise, try decompiling an obfuscated app and try to recompile it. That'll be the best way for you to understand that process.

Next, it obviously depends on what you are doing, but another great trick to prevent users from hacking external assemblies that your apps depend on is to sign them with a strong name key and use code access security to demand that all linked assemblies have the key. You cannot get the private key even with a disassembler, so as long as you keep you strong name key file private you can stop code injection, etc..

Hope that helps!

~Graham

##### Share on other sites
Quote:
 Original post by tmackI really, seriously, want to know the point of .NET if it can be so easily decompiled.

Are you serious, or was that just a knee-jerk response?

##### Share on other sites
Quote:
Original post by Anonymous Poster
Quote:
 Original post by tmackI really, seriously, want to know the point of .NET if it can be so easily decompiled.

Are you serious, or was that just a knee-jerk response?

I'm very serious. Think of it like this.

I'm developing a very large application with several other people, say 3 or 4 people that.. uhm.. helps you manage a database.

We choose C#.

We build this application, and start selling it- $199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name. We're losing out on thousands and thousands of dollars!! Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++. #### Share this post ##### Link to post ##### Share on other sites Quote:  Original post by tmackWe build this application, and start selling it-$199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name. We're losing out on thousands and thousands of dollars!!Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++.

When have "protections" ever stopped software from being pirated?

Code doesn't need to be decompiled. Crackers got by with disasseblers just fine.