[.net] .NET Decompile Protection
Author
EDIT: Since all applications are compiled to MSIL, they can be easily converted BACK to any .NET language (C#, VB.NET)
I'm looking for a program that can convert MSIL to Native Code. This way, if someone trys to decompile it-- they can't because it's converted to native code.
Is there program to convert MSIL to Native code? Anything besides Salamander .NET Protector (way over priced!)
[Edited by - tmack on October 10, 2005 8:10:35 PM]
With Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...
cheers
cheers
Author
Quote:Original post by ernow
With Visual Studio comes a community edition of an obfuscator. That is a way of preventing decompilation. However, whatever you do to code, in the end it has to go to the CPU, and therefore will 'allways' be readable. Perhaps in the (near) future CPU will have hardware support for decrypting code before running it...
cheers
I know.
Obfuscator's do not protect the source code. They are used to make decompiling harder for newbies. It's not much harder for someone who knows what they are doing.
I'm not talking about the way C/C++ is compiled.. or anything. .NET converts the code to MSIL, which can be translated back into C#/VB/etc
As long as the CLR is running MSIL you can always read MSIL. MSIL can 'always' be translated into C# or VB or any other CLS compliant language. The only way to stop that is to put decryption technology in the CLR compilers so the msil could be distributed encrypted...
Edit: in a way obfuscaters DO protect source code... ever tried to understand obfucated code?
Cheers
Edit: in a way obfuscaters DO protect source code... ever tried to understand obfucated code?
Cheers
Author
I am still learning .net. From what I've read, obfuscaters protect the source code to a certain extent.
I don't find obfuscaters as a proper way to secure a .NET program.
Now, I've been reading about Visual Studio 2005. Right now I'm downloading it via my MSDN subscription.
I was trying to figure out if VS2k5 has better protection.. or am I wasting my time?
I really, seriously, want to know the point of .NET if it can be so easily decompiled.
I don't find obfuscaters as a proper way to secure a .NET program.
Now, I've been reading about Visual Studio 2005. Right now I'm downloading it via my MSDN subscription.
I was trying to figure out if VS2k5 has better protection.. or am I wasting my time?
I really, seriously, want to know the point of .NET if it can be so easily decompiled.
Author
Take a look at this:
http://www.remotesoft.com/salamander/
A web-based version of Salamander's .NET Decompiler.
Look closely at this option:
"de-obfuscate(turn any obfuscated code into recompilable format)"
So NO, I would not say obfuscating the source is secure. I could be wrong, though. But I decompiled at least 5 different .NET applications with no problem.
http://www.remotesoft.com/salamander/
A web-based version of Salamander's .NET Decompiler.
Look closely at this option:
"de-obfuscate(turn any obfuscated code into recompilable format)"
So NO, I would not say obfuscating the source is secure. I could be wrong, though. But I decompiled at least 5 different .NET applications with no problem.
Well, as an exercise, try decompiling an obfuscated app and try to recompile it. That'll be the best way for you to understand that process.
Next, it obviously depends on what you are doing, but another great trick to prevent users from hacking external assemblies that your apps depend on is to sign them with a strong name key and use code access security to demand that all linked assemblies have the key. You cannot get the private key even with a disassembler, so as long as you keep you strong name key file private you can stop code injection, etc..
Hope that helps!
~Graham
Next, it obviously depends on what you are doing, but another great trick to prevent users from hacking external assemblies that your apps depend on is to sign them with a strong name key and use code access security to demand that all linked assemblies have the key. You cannot get the private key even with a disassembler, so as long as you keep you strong name key file private you can stop code injection, etc..
Hope that helps!
~Graham
Quote:Original post by tmack
I really, seriously, want to know the point of .NET if it can be so easily decompiled.
Are you serious, or was that just a knee-jerk response?
Author
Quote:Original post by Anonymous PosterQuote:Original post by tmack
I really, seriously, want to know the point of .NET if it can be so easily decompiled.
Are you serious, or was that just a knee-jerk response?
I'm very serious. Think of it like this.
I'm developing a very large application with several other people, say 3 or 4 people that.. uhm.. helps you manage a database.
We choose C#.
We build this application, and start selling it- $199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name.
We're losing out on thousands and thousands of dollars!!
Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++.
Quote:Original post by tmack
We build this application, and start selling it- $199. People start buying. The 'warez' people get ahold of it. They decompile it (pass the protections we used with the tools mentioned above). They find all the security holes, disable the application protection and rerelease it under a new name.
We're losing out on thousands and thousands of dollars!!
Why has Microsoft done this? Why haven't they developed a PROPER way to compile the code, that can NOT be decompiled? Or at least give it protection of C/C++.
When have "protections" ever stopped software from being pirated?
Code doesn't need to be decompiled. Crackers got by with disasseblers just fine.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
