"Which is why they are using a de-compiler in the first place. They wanted
to know
something about the code."
So the fact that people are buying Decompliers, and using other means to
look at obfuscated files, then there must be some other people writing
software that must "be of some value".
( Incidentally, I've had a job trying to get some of the commercial
decompliers to reverse some strongly obfuscated assemblies I've created. But
still I would not have faith in these assemblies remaining obfuscated in the
future)
Its fine to give the DevExpress model as an example. But there are many
different types of software and niche markets that are forced to operate in
different ways. - I suspect, the reason many people would like to peek into
commercial assemblies is to look at how a certain function is being
performed, but more likely, to see if they can overcome any license control
the program may have.
I don't want to get into a flame with you over obfuscators. I can see where
you are coming from, particuarly with the extra points you added in the
second reply. And agree on certain points. But in order to give the original
poster a balanced view on how good obfuscators are, then I do feel that some
of your original remarks were a little excessive. - But hey we are all
entitled to our own views.
My own view on .net is that it does offer some good things for Windows
Application Developers. But the biggest let down is being how transparent
the application code is. But this is something developers will have to weigh
up. Obfuscators can help to make things harder for prying eyes to look at,
but may not be the total solution
Jim
"Russell Mangel" <russell@tymer.net> wrote in message
news:eO6W%23qQmGHA.4700@TK2MSFTNGP02.phx.gbl...[color=blue]
>
> "Jim" <nospam@noSpam.comSpam> wrote in message
> news:Cgtng.217677$8W1.122602@fe1.news.blueyonder.c o.uk...[color=green]
>>" All the obfuscator does is renames variables. In fact if you are a poor
>>programmer, it is easier to reverse the
>> obfuscated version..."
>>
>> Really? - I thought many of the better ones do a few other tricks too.[/color]
>
> Sure they do, and they think they have created something *cool* and
> inovative. I suppose that if you look at the obfuscated code "literally"
> it does look tricky. People that are not accustomed to reversing
> obfuscated code will be lost. Because they lack the skills
> to understand the essence of reversing. Which is why they are
> using a de-compiler in the first place. They wanted to know
> something about the code.
>[color=green]
>> How does an obfuscated program that trips up the likes of reflector and
>> other commercial decompilers, and with what comes out having very similar
>> overloaded names become easier than looking at the original unobfuscated
>> assembly?[/color]
>
> My original statement on this had two meanings. First, I was being a
> cynical
> aimed at poor developers who use terrible variable naming. Forget about
> that.
> What I really meant was that, most of the time when you are reversing,
> you don't really care about the variable/class names. If you try to read
> obfuscated
> code in this way, it means that you don't understand how to properly
> reverse obfuscated code. So I suppose this is why the vendors of
> obfuscators think
> they have value as they have stopped the *copy/paste* thief.
>
> The analogy that comes to mind is:
> Remember the famous story about the Unix administrator who thought it was
> funny that people were downloading the encrypted password file....
> The administrator was laughing about how stupid these people were,
> as surely everyone knew it was impossible to reverse the encrypted
> password file. Technically he was right, but once he learned what the
> hackers where doing with the encrypted password. He didn't think it
> was so funny. They simply ran a dictionary attack and discovered
> weak passwords. Major security hole!
>
> If you are really interested in reversing, let me know and I will post
> more info.
>[color=green]
>>
>> I'm not a fan of Obfuscators myself, but they do help to raise the bar
>> some.
>>
>> " It is unlikely that what-ever you are protecting has been written well
>> enough to be of value."
>>
>> Well, if thats the case, then I doubt if the person would be selling many
>> licenses for the software either, but I would guess it is the revenue
>> stream the author is trying to get some sort of protection against, at
>> least bringing it back to native code levels again. - This is difficult
>> to achive in .net, but good obfuscators can help bring it nearer.
>>[/color]
>
> To be clear, my comments were directed at a person, which I assumed
> to be a single person developer, not a corporate development team, with a
> professionally written software product.
>[color=green]
>> But if the person is really worried about things, I'd suggest going back
>> to native code compilation, or writing mixed mode assemblies, using .net
>> for only parts of the application.[/color]
>
> Technically you are correct. But would now greatly increase your product's
> release date. In my opinion, you are better off loosing some revenue and
> getting the product delivered.
>
> In closing.
>
> Take notice to one Software Company, which I really think has a great
> business model.
http://www.devexpress.com/
> Developer Express is really smart.
> 1. They offer an excellant product.
> 2. They sell the software with the source code for $1299.00.
> 3. It has been engineered by some very bright people. I know cus I looked
> at the source code.
>
> Notice what they have done.
> They completely eliminated the threat of reverse engineering, and gave you
> the source code.
> No way could anyone reverse-engineer this software for $1299.00.
>
> They also release frequently to make the previous source-code
> irrelevant... Who want's buggy software?
>
> Russell Mangel
>
>
>
>
>
>[/color]
