This isn't directly a C# question, so I apologize for being somewhat off
topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string encryption. This is
necessary because a non-open source component will include some encryption
code.
My question is, does anyone have any experience with obfuscators using
string encryption, and more importantly, because this is open source, people
will actually have access to the rest of the source code in the project. I
guess what I'm concerned about is, if you had on your left, the source code
and on your right, the obfuscated code, would it be fairly easy to match
them up in such a way that you'd be able easily determine which section is
the part that isn't open source?
And furthermore, how secure is the string encryption in these obfuscators?
Thanks.
Pete
5  1365 
considering that obfuscation is but a small barrier to a good reverse
engineer, I would venture to say that having the source code for much of the
project would probably reduce the obfuscation to a trivial impediment for
determined people.
also keep in mind that a good reverse engineer, who uses SoftICE and the
other tools of the trade well, doesn't have much problem reverse engineering
native code (which is certain more obfuscated than dotnet code with
metadata) and can even accomplish his task when fairly strong encryption has
been applied.
I don't know if this tool is applicable to your situation or not, but I've
heard that Salamander is one of the best tools... http://www.remotesoft.com/linker/
"Pete Davis" <pd******@NOSPA M.hotmail.com> wrote in message
news:go******** ************@gi ganews.com... This isn't directly a C# question, so I apologize for being somewhat off
topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string encryption. This is
necessary because a non-open source component will include some encryption
code.
My question is, does anyone have any experience with obfuscators using
string encryption, and more importantly, because this is open source,
people will actually have access to the rest of the source code in the project. I
guess what I'm concerned about is, if you had on your left, the source
code and on your right, the obfuscated code, would it be fairly easy to match
them up in such a way that you'd be able easily determine which section is
the part that isn't open source?
And furthermore, how secure is the string encryption in these obfuscators?
Thanks.
Pete
You have a good point. A really determined hacker will break it, and I'm not
too concerned about that. I mean, we're talkin about a game, not a bank
account or a list of credit card numbers. So I think there's going to be a
serious limit to the amount of determination someone is going to put into
hacking it.
I was reading about Salamander Protector on their site after I posted. It
looks really excellent. It's also a bit over my price range. I mean, this is
an open source project. I was actually willing to spend the $500 for an
obfuscator with string encryption, but $1900 is quite a different story.
Still trying to think of clever ways of handling this, but I'm running out
of ideas.
Pete
"Mr. Mountain" <mt*****@mediao ne.net> wrote in message
news:5tOwd.2133 22$V41.196794@a ttbi_s52... considering that obfuscation is but a small barrier to a good reverse
engineer, I would venture to say that having the source code for much of
the project would probably reduce the obfuscation to a trivial impediment for
determined people.
also keep in mind that a good reverse engineer, who uses SoftICE and the
other tools of the trade well, doesn't have much problem reverse
engineering native code (which is certain more obfuscated than dotnet code with
metadata) and can even accomplish his task when fairly strong encryption
has been applied.
I don't know if this tool is applicable to your situation or not, but I've
heard that Salamander is one of the best tools...
http://www.remotesoft.com/linker/
"Pete Davis" <pd******@NOSPA M.hotmail.com> wrote in message
news:go******** ************@gi ganews.com... This isn't directly a C# question, so I apologize for being somewhat off
topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string encryption. This
is necessary because a non-open source component will include some
encryption code.
My question is, does anyone have any experience with obfuscators using
string encryption, and more importantly, because this is open source,
people will actually have access to the rest of the source code in the project.
I guess what I'm concerned about is, if you had on your left, the source
code and on your right, the obfuscated code, would it be fairly easy to match
them up in such a way that you'd be able easily determine which section
is the part that isn't open source?
And furthermore, how secure is the string encryption in these
obfuscators?
Thanks.
Pete
if you want ideas, try http://www.woodmann.com/crackz/
Maybe the author of this site will give you some good suggestions
"Pete Davis" <pd******@NOSPA M.hotmail.com> wrote in message
news:l5******** ************@gi ganews.com... You have a good point. A really determined hacker will break it, and I'm
not too concerned about that. I mean, we're talkin about a game, not a bank
account or a list of credit card numbers. So I think there's going to be a
serious limit to the amount of determination someone is going to put into
hacking it.
I was reading about Salamander Protector on their site after I posted. It
looks really excellent. It's also a bit over my price range. I mean, this
is an open source project. I was actually willing to spend the $500 for an
obfuscator with string encryption, but $1900 is quite a different story.
Still trying to think of clever ways of handling this, but I'm running out
of ideas.
Pete
"Mr. Mountain" <mt*****@mediao ne.net> wrote in message
news:5tOwd.2133 22$V41.196794@a ttbi_s52... considering that obfuscation is but a small barrier to a good reverse
engineer, I would venture to say that having the source code for much of the project would probably reduce the obfuscation to a trivial impediment
for determined people.
also keep in mind that a good reverse engineer, who uses SoftICE and the
other tools of the trade well, doesn't have much problem reverse
engineering native code (which is certain more obfuscated than dotnet code with
metadata) and can even accomplish his task when fairly strong encryption
has been applied.
I don't know if this tool is applicable to your situation or not, but
I've heard that Salamander is one of the best tools...
http://www.remotesoft.com/linker/
"Pete Davis" <pd******@NOSPA M.hotmail.com> wrote in message
news:go******** ************@gi ganews.com... This isn't directly a C# question, so I apologize for being somewhat
off topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string encryption. This
is necessary because a non-open source component will include some encryption code.
My question is, does anyone have any experience with obfuscators using
string encryption, and more importantly, because this is open source,
people will actually have access to the rest of the source code in the
project. I guess what I'm concerned about is, if you had on your left, the source code and on your right, the obfuscated code, would it be fairly easy to
match them up in such a way that you'd be able easily determine which
section is the part that isn't open source?
And furthermore, how secure is the string encryption in these obfuscators?
Thanks.
Pete
Pete Davis wrote:
I was actually willing to spend the $500 for an obfuscator with string encryption, but $1900 is quite a different
story.
Pete,
Our obfuscation feature in our Decompiler.NET product includes string
encryption as well as some other advanced features like the ability to
factor out the bodies of public members so they can be obfuscated
without hiding their public APIs. It is also priced at your $500 price
point and we provide unlimited free support and upgrades. We use the
product on itself for each version we ship. The product includes both
full obfuscation and full decompilation capabilities. The decompiler
feature of the generates high level readable source code that also
compiles and runs correctly. You can download a free trial version and
try it out for yourself at http://www.junglecreatures.com/
email: su*****@junglec reatures.com
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/
Pete Davis wrote:
I was actually willing to spend the $500 for an obfuscator with string encryption, but $1900 is quite a different
story.
Pete,
Our obfuscation feature in our Decompiler.NET product includes string
encryption as well as some other advanced features like the ability to
factor out the bodies of public members so they can be obfuscated
without hiding their public APIs. It is also priced at your $500 price
point and we provide unlimited free support and upgrades. We use the
product on itself for each version we ship. The product includes both
full obfuscation and full decompilation capabilities. The decompiler
feature of the generates high level readable source code that also
compiles and runs correctly. You can download a free trial version and
try it out for yourself at http://www.junglecreatures.com/
email: su*****@junglec reatures.com
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Tim Mulholland |
last post by:
Hello all,
Our company is trying to write some code in C#/.NET that we don't want an
end user to be able to see. The algorithms are not that complex, but are
sensitive such that if a user could decompile them, they'd be able to bypass
alot of things we don't want them to bypass.
We've looked at some obfuscators and, although they make it more confusing,
they certainly don't make it impossible for someone to figure out if they
have enough...
|
by: Tim Mulholland |
last post by:
This thread is intended to be more of a discussion thread - because i value
the opinions of the posters in this newsgroup, and especially the MVPs like
Nicholas Paladino and Jon Skeet (thanks to all of you for your help over the
years).
My company has been toying with moving alot of our applications to .NET/C#
(which makes me _very_ happy). I've successfully gotten them to start new
projects using C# and we have been very happy with the...
|
by: Oleg Subachev |
last post by:
What good obfuscators/protectors for .NET are on the market now ?
--
Best regards,
Oleg Subachev
subachev@ural.ru
|
by: Homer Simpson |
last post by:
Hi Everyone,
How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?
Thanks,
Scott
|
by: Susan Baker |
last post by:
We are currently developing a commercial application which we are
writing mostly in C# (at least the front end).
The apparent ease at which code is reverse engineered gives me sleepless
nights (I come from a C/C++ background). It appears that signing
assembles and using role based security policies etc have limited
benefits if an end user can easily reverse engineer the binaries and
"side step" any implemented security policies.
I may...
| | |
by: Oenone |
last post by:
I've been working on migration of my company's VB6 ASP system to VB2005 over
the last year or so, and am currently presenting my findings and recommended
course of action to our management team. One of the concerns that has been
raised is with regard to the .dll files that form our service being placed
into a directory within the publically available web site (i.e., the bin
directory).
We have long held the view that private files...
|
by: korund |
last post by:
I want encrypt javascript code in web page, however, browser need fully
recognize it.. There any many Javascript Obfuscators in the Net. Is
there some good and handy utility(or script) among them that can be
recommended?(freeware)
|
by: Eric Renken |
last post by:
So I have a question we are looking at obfuscators. I am trying to push for
dotfuscator from www.preemptive.com, but management is thinking about
xenocode from www.xenocode.com. Has anyone used these applications? I am
looking for a comparison or pluses minuses of either. I really don't have a
preference, but I want to chose the right piece of software to protect our
code.
Eric Renken
|
by: Sharon |
last post by:
For some reason I have a problem with Stunnix, are there any other
similar obfuscators?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
