Quote:Original post by Washu

Quote:Original post by Anonymous Poster
There is really only *one* true reason where obfuscation for the Java or .NET platform becomes of vital importance, and that is dealing with algorithm rich technology wherein you use this technology to compete with other, similar applications.

For example, if your painting application has a unique, innovative method of performing red eye reduction, your application becomes a target for disassembly and evaluation. Nobody is going to C&P the code into their own application, but they are going to model the general functions of your algorithms when they implement their own, similar functionality.

*That* is what you need to worry about if you're delievering a performant product.

More specifically, you obfuscate it (or code it in a particular way) such that when you bring up a lawsuit against a company then the third party evaluator can examine the binary and code to determine if they have infringed upon your IP (Dr. Dobbs had a whole series on how some of the testing is performed).

Obfuscating code won't protect it, it won't protect your algorithms, and it won't prevent people from stealing your software. It will stop n00bs though, but then again, once a "crack" is released for software, those n00bs will just download it. It's a sad sad world. This is true of any language and any platform. Even hardware dongles aren't foolproof.

This is very true. But what I'm looking for something that literly converts your code to native code. It is nearly impossible to decompile the code to a high level language.

I agree obfuscating a peice of software will protect it.. to a certain extent. I can't believe .NET has NO WAY of protecting your source code AT ALL.. a real way. Without all this 'obfuscate' crap.

Is there a way to convert MSIL to NATIVE CODE? Without using Salamander's protector which is way over priced.

Is there any *free* or *cheap* programs that can compile MSIL to NATIVE? I been searching google this whole weekend so far with no results.

I tried NGEN but this is not what I need.

Quote:Original post by Washu

Quote:Original post by tmack
Is there a way to convert MSIL to NATIVE CODE? Without using Salamander's protector which is way over priced.

Is there any *free* or *cheap* programs that can compile MSIL to NATIVE? I been searching google this whole weekend so far with no results.

I tried NGEN but this is not what I need.

How is native code safer? You realize that most programs today that have copy protection are unmanaged (aka native code) and yet they get cracked just as easily. Ngen will do what you want (turn the MSIL into native code), you just need to do it at install time.

But you can't decompile native code BACK TO THE ORIGINAL SOURCE CODE... correct me if I am wrong.


NGEN does turn msil into native code, but I just did it to one of my programs and used .NET Reflector to decompile it and it still shows all the source code.

Quote:Original post by tmack
But you can't decompile native code BACK TO THE ORIGINAL SOURCE CODE... correct me if I am wrong.

So? You can't decompile MSIL code, as you put it, "BACK TO THE ORIGINAL SOURCE CODE", not even for debug builds.

A good release build has been optimized, the code has been reordered, loops unrolled, common code merged, poor algorithm choices in loops reordered, constants folded in, dead code elimiated, to name a few. Each of these (except perhaps dead code elimiation) makes it harder to reverse engineer.

Compare your source against your compiled release and debug builds, opened using ildasm. (ildasm is in the SDK\v1.1\Bin directory of your install)

Next, assume you use a program like dotfuscator on the release build. Now all your strings are encrypted, your MSIL objects are all overloaded versions of 'a', once those are taken they become overloaded versions of 'b', then 'c', and so on. It's not exactly friendly to reverse engineer.

Compare those dotfuscated (or whatever tool you prefer) results against the release build.

The results are as difficult to reverse engineer as the machine level versions using available tools.

I cant believe someone made a thread mentioning "obsucation" and no one mention IOCCC (International Obfuscated C Code Contest)

for those who dont know it is a contest of programmers who code something (usually interesting and non-trivial) and which is not obvious when looking at the code itself (hence "obfuscated").

I used to look at the contest entries and try to figure out what they do... Its so hard to understand even programs that are just a line or two!! honestly I would prefer compiling and figuring out the assembly!! (mostly because they use alot of precompiler tricks). It is plain C but so wrongly written its as protected as can be (without having encryption).

search for it in google! the winners with hints and spoilers (which hint/tell what the program is doing if you cant compile) are on the webpage. it shows exactly how not to write code.

so (to make my post relevant) if you want to protect your C# code you can copy some of their techniques and make your program open source :)


Iftah.

Quote:Original post by Washu

Quote:Original post by tmack
But you can't decompile native code BACK TO THE ORIGINAL SOURCE CODE... correct me if I am wrong.


NGEN does turn msil into native code, but I just did it to one of my programs and used .NET Reflector to decompile it and it still shows all the source code.

That's because NGEN stores it in the GAC, it doens't overwrite your original executable. As for decompiling to the original source code, no, you can't do that with native code. Then again, most cracks/hacks are made without DECOMPILING THE CODE AT ALL.

What I'm getting at here is not the ability to hack/crack your program.

Sorry, I explained it in a bad way. What I DO mean is it's like releasing your software as open source since there's no real way to protect it. Someone can edit your source code, remove your protections, and then recompile it. I kinda made a bad example, sorry. I was not saying .NET is UNSECURE meaning someone can easily develop a crack or hack for it. I meant unsecure, as in, the ability to decompile it to a high level language (C#, VB.NET, etc)

Ok you can obstrucate it, but really, why doesn't Microsoft let us compile to native code?

Why can't we make our final program have the ability to run without .NET? What I mean is merge all of the required files from .NET framework into either the software's installer, into the actual software (although the exe would get very big), into the softwares folder, or put it in the system folder-- just like Microsoft's Installer does for VB6... installs all the required files into the system folder.

What I'm getting at here is, .NET is like programming in a open-source enviroment and I'm NOT liking this AT ALL. Today I decided to drop C# (only use it for ASP.NET), and develop my level editor in C++ using DEVC++.

I'm not looking to program in open source. I've done this before, only to realize newbies take it as their own and reuse it without giving credit at all.

What I want is something that converts my .NET program directly into NATIVE code rather then MSIL.

The reason for my post is because I do not want people stealing my DX9 rendering code, network code, or anything of that sort. Yea, they can do it in assembly but what newbie is really going to bother with that?

I want to protect my SOURCE CODE. My application will cost money. So there will be no protections.. I was only using that as an example. I want to protect my algorithms, basically, for math format, network, etc. I planned on developing all my tools for my engine (in C++) in C#, so I can develop GUIs really fast. That plan is being wiped and we're in the process of recoding the level editor in C++.

Basically, I want my C# program to be compiled the same exact way that C++ is compiled. IS this possible?



[Edited by - tmack on October 10, 2005 8:01:27 PM]

Quote:Original post by tmack
What I'm getting at here is not the ability to hack/crack your program.

Sorry, I explained it in a bad way. What I DO mean is it's like releasing your software as open source since there's no real way to protect it. Someone can edit your source code, remove your protections, and then recompile it.

I'm sorry, how does this differ from native code?

Quote:
Ok you can obstrucate it, but really, why doesn't Microsoft let us compile to native code?

I think you misunderstand what .NET is. It is a platform that you develop ON, deploy ON, run ON.

Quote:
Why can't we make our final program have the ability to run without .NET?

See above.

Quote:
What I mean is merge all of the required files from .NET framework into either the software's installer, into the actual software (although the exe would get very big), into the softwares folder, or put it in the system folder-- just like Microsoft's Installer does for VB6... installs all the required files into the system folder.

This already happens (sort of). The only restriction is that it happens once (when the .net runtime is installed). Are you saying that you would like to have multiple .net runtimes installed, one for each application? Can you please elaborate why this is a good idea?

Quote:
What I'm getting at here is, .NET is like programming in a open-source enviroment and I'm NOT liking this AT ALL.

I think you are definitely abusing the term 'open source'. Feel free to release .net bytecode under a restrictive license and not worry about people legally browsing your source code.

Quote:
Today I decided to drop C# (only use it for ASP.NET), and develop my level editor in C++ using DEVC++.

This sounds like a technology decision that you ended up making on an irrational whim. Can you definitively say that your current choices will allow you to be more effective as a software developer, both now and in the future? This is the question you should ask yourself. If you did consider this, and decided that C# was unsuitable because .NET has an intermediary bytecode format that people can abuse, then I would recommend that you reconsider your criteria for evaluating languages.

Quote:
I'm not looking to program in open source. I've done this before, only to realize newbies take it as their own and reuse it without giving credit at all.

That very well may be a fact. Fortunately, .NET is not released under a restrictive license locking you into open source development, so the option of closed source is available in its fullest.

Quote:
What I want is something that converts my .NET program directly into NATIVE code rather then MSIL.

You might be interested in the .NET framework, it is available for download from MSDN. It comes with a JIT compiler, which does exactly what you want.

Quote:
Basically, I want my C# program to be compiled the same exact way that C++ is compiled. IS this possible?

Hmm, C++ and C# have different syntax and semantics, so there will probably be some subtle differences. I really haven't worked on compilers for either language, so I cant tell you, but you might want to check out GCC and Mono, both are open source and you can inspect how similar the compilers are.

No. C# is not C++. You are, frankly, mad if you think you can get all the features of .NET (no, not just 'C#', .NET in general) and still compile to machine code.

No offense, but your argument is pathetic - you keep reiterating the same point over and over again, and I believe it is starting to grate on our nerves. We already debunked your rationale for this, so there's very little being argumentative about the issue can accomplish for you.

So, to answer your question: no, you cannot compile C# straight down to machine code. It requires the .NET runtime much in the same way that Java requires the JRE. ;)

Quote:Original post by The Reindeer Effect

Quote:Original post by tmack
What I'm getting at here is not the ability to hack/crack your program.

Sorry, I explained it in a bad way. What I DO mean is it's like releasing your software as open source since there's no real way to protect it. Someone can edit your source code, remove your protections, and then recompile it.

I'm sorry, how does this differ from native code?

You cannot decompile native code to the original source code.

Quote:

Quote:
Ok you can obstrucate it, but really, why doesn't Microsoft let us compile to native code?

I think you misunderstand what .NET is. It is a platform that you develop ON, deploy ON, run ON.

I'm highly aware of this, but there is no way to protect your application (except obstrucation). What I mean is there is no way to NOT ALLOW PEOPLE DECOMPILE THE SOURCE CODE TO THE ORIGINAL LANGUAGE (C#, VB.NET)

Quote:

Quote:
Why can't we make our final program have the ability to run without .NET?

See above.

Quote:
What I mean is merge all of the required files from .NET framework into either the software's installer, into the actual software (although the exe would get very big), into the softwares folder, or put it in the system folder-- just like Microsoft's Installer does for VB6... installs all the required files into the system folder.

This already happens (sort of). The only restriction is that it happens once (when the .net runtime is installed). Are you saying that you would like to have multiple .net runtimes installed, one for each application? Can you please elaborate why this is a good idea?

Quoted from Remotesoft's website:
"Simple and Fast Deployment without full Microsoft .NET Framework Installation sample code

The mini-deployment tool puts together the minimum set of CLR runtime files and dependent assemblies that can be simply copied to a single folder on a target machine, and your application runs as if the whole framework is installed. Since the installation is isolated into a single folder, there will be no conflicts with future .NET installation. When linking is used for the dependent assemblies, it will further reduce the file size."
Source: http://remotesoft.com/linker

Quote:

Quote:
What I'm getting at here is, .NET is like programming in a open-source enviroment and I'm NOT liking this AT ALL.

I think you are definitely abusing the term 'open source'. Feel free to release .net bytecode under a restrictive license and not worry about people legally browsing your source code.

If you compile a .net application, and apply no way to protect it, it basically IS open source.

Quote:

Quote:
Today I decided to drop C# (only use it for ASP.NET), and develop my level editor in C++ using DEVC++.

This sounds like a technology decision that you ended up making on an irrational whim. Can you definitively say that your current choices will allow you to be more effective as a software developer, both now and in the future? This is the question you should ask yourself. If you did consider this, and decided that C# was unsuitable because .NET has an intermediary bytecode format that people can abuse, then I would recommend that you reconsider your criteria for evaluating languages.

My decision is based on two things:
1. Framework is big for users who have dialup (20MB!), and if they don't have it, they HAVE to download it. I wasn't worried about this at first, but it is a very good thing to think over... there are some people stuck with 56k.
2. The program is compiled to MSIL, meaning someone can decompile it back to C#.

I do not need to reconsider.

Quote:

Quote:
I'm not looking to program in open source. I've done this before, only to realize newbies take it as their own and reuse it without giving credit at all.

That very well may be a fact. Fortunately, .NET is not released under a restrictive license locking you into open source development, so the option of closed source is available in its fullest.

How can you close source a peice of software if it can be easily decompiled to original form? You can even easily convert the code to the language of your choice! C#, Delphi, VB.NET.

Quote:

Quote:
What I want is something that converts my .NET program directly into NATIVE code rather then MSIL.

You might be interested in the .NET framework, it is available for download from MSDN. It comes with a JIT compiler, which does exactly what you want.

There is NO need to make smart comments like that. If you have sense, you know that I am looking to distribute my application in NATIVE CODE and not in MSIL. If it is in native code, a newbie can not decompile the code to a high level language.

Quote:

Quote:
Basically, I want my C# program to be compiled the same exact way that C++ is compiled. IS this possible?

Hmm, C++ and C# have different syntax and semantics, so there will probably be some subtle differences. I really haven't worked on compilers for either language, so I cant tell you, but you might want to check out GCC and Mono, both are open source and you can inspect how similar the compilers are.

Ah yes, by the "exact way" I mean "compiled to native code" and not "MSIL".

Last time I checked, C++ is not compiled to MSIL.