473,836 Members | 1,412 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Decompiling C#?!?!? Where is the privacy?

I found a few days ago that was possible to decompile any program developed
in C#

That is a huge failure.... It's not aceptable that a company that pays a lot
for visual studio and pays to the employees to develop new product, and then
all the code is exposed....

I found that the decompilers are pretty good, and have options like
deObfuscate....

There is any solution to this..., Isn't there a way to dificult the access
to the source code?

Hope that this will be a hot topic here in the news groups because it's a
poblem that will affect all of us
Dec 16 '05
18 1810
Just as a further note regarding this issue, software is copyrighted, in the
same way that books, movies, and music are copyrighted. The purpose of
copyright laws is to provide a means of legal redress to the owner of the
intellectual property in the event that someone copies it or plagiarizes it
in some way. It is important to note that there would be no need for
copyright laws if these types of things were not able to be copied.

Again, reverse-engineering is something that has been around for as long as
software has been around. If a computer can read the binary instructions and
execute them, so can a human being, with the aid of a computer. There are
myriads of decompilers and other software for analyzing software on the
market. Some people make their living using this sort of software.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
You can lead a fish to a bicycle,
but it takes a very long time,
and the bicycle has to *want* to change.

"Richard Grimes" <ri******@mvps. org> wrote in message
news:O1******** ******@tk2msftn gp13.phx.gbl...
Doug H wrote:
Remember too if someone does copy your code, you'll be able to tell as
well by decompiling theirs ;)


<snigger> don't most EULAs stipulate that you are not allowed to reverse
engineer the code?

I sold a product once that allowed users to add their own help into MSDN
library (the VS6 version). My company released it to the internet as a
beta product. A few weeks later a competitor (about 100,000 times bigger
than us) released a beta product of their own, doing the same thing as our
product. It was funny, the same mistakes in the XML that we produced also
appeared in theirs, we didn't have to resort to decompiling or
disassembling to determine what code had influenced theirs <g>.

We got in touch with president of that company and after a few long phone
calls he expressed an interest in licencing our technology. Then a few
weeks later Microsoft announced that they would use a different technology
in their next version of MSDN library and our dreams of pot loads of cash
disappeared. :-(

Richard
--
Fusion Tutorial: http://www.grimes.demon.co.uk/workshops/fusionWS.htm
Security Tutorial:
http://www.grimes.demon.co.uk/workshops/securityWS.htm

Dec 18 '05 #11
You should have knowledge of several layers below the one you are working
on. This is not optional. If you are a .NET developer and don't know what
IL is then I gotta agree with Nicholas... It's like not knowing you have
blood running through your veins ;)

--

Derek Davis
dd******@gmail. com

"Mario Charest" <po********@127 .0.0.1> wrote in message
news:J0******** ************@we ber.videotron.n et...

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard .caspershouse.c om> wrote
in message news:ue******** ******@tk2msftn gp13.phx.gbl...
I hate to be so blunt, but if your company already bought Visual
Studio and dedicated yourself to .NET without knowing this, then that is
an error on your part. The fact that assemblies are in IL is a basic
tenant of .NET, and is difficult to overlook, let alone miss completely.


I wonder how many people will have missed this. I know I did ;)

Dec 18 '05 #12
If the fact that people can figure out how your software works is a
problem for your business, then you're doing something wrong. As others
have pointed out, any program can be reverse engineered. Any
expectation of keeping your code private is lost the moment you
distribute it to someone else.

C# and other .NET languages leave a lot of information in the compiled
file that make reverse engineering easier, but the same information
also makes debugging easier, makes useful features like Reflection
work, and allows the CLR to run your program more efficiently. The
tradeoff is well worth it, since all you're really losing is a false
sense of security.

Jesse

Dec 18 '05 #13
Chris Priede wrote:
Hi,

Diogo Alves - Software Developer wrote:
I found a few days ago that was possible to decompile
any program developed in C#

Any program, developed, in anything, can be decompiled / disassembled. The
ease of doing so and the resemblance of the reversed code to the original
may vary some, but anything that can be interpreted by a computer in order
to execute can also be interpreted by humans to see how it works.


The ease of recovering "useful" source and the degree of resemblance to the
original *are* what matter, though. Truisms to the effect that "anything can be
decompiled" are just red herrings somwhere off to the side that point.
That is a huge failure.... It's not aceptable that a company that
pays a lot for visual studio and pays to the employees to develop
new product, and then all the code is exposed....

...and what? :) Are you sure your code is all that interesting? It is the
whole product and the effort to put it together that has value, not any of
the thousands of lines of code taken out of context and usually containing
techniques that are well documented elsewhere. If you have invented a new,
valuable algorithm that you wish to protect and license -- patent it.


The shipped executable encapsulates all those lines of code and is the end
product of all that effort. So in a real enough sense it is the "the whole
product". Else who would bother de-engineering anything? It doesn't have to
incorporate any "new valuable algorithms" to be an investment worth protecting,
either.

What it seems to come down to is 1) it's apparently relatively easy to recover
"useful" source from a .net executable AND 2) to make it relatively hard one
must spend bucks on (ref Joanna) a *good* obfuscator. If Microsoft supplied a
*good* obfuscator with VS, this might be somewhat easier for folks like the OP
to swallow. So why don't they?

BTW, I agree of course that the OP should have known what he was buying.

-rick-
Dec 18 '05 #14
On this topic, my boss reckons he is gonna rewrite something he did in
C# back as a managed C++ DLL because he thinks that he can protect the
IP that way.
But from the mass amounts of response in this thread alone, it sounds
like that even his DLL will be reverse engineerable.
If so, can someone give me an indicator of how, tools, or even a
supporting topic from MS or anywhere reputable?

(You see, I don't know much C++ and I don't want him to change the DLL
so I need you to help me convince him to leave it as C# !!!!)

Many thanks,
Steven Nagy

Dec 19 '05 #15
Hi,

Rick Lones wrote:
The ease of recovering "useful" source and the degree of resemblance to
the original *are* what matter, though.
Only if you are interested in full source, which is usually _not_ the object
of interest in reverse engineering.
The shipped executable encapsulates all those lines of code and is the end
product of all that effort. So in a real enough sense it is the "the
whole product". Else who would bother de-engineering anything?


In my experience, it was always for very specific (and tiny) portions of the
code. The question was always "How did they do X?", where X was something
unique, inner workings of which were not apparent from that which could be
casually observed.

Most often, people resort to reverse engineering to clarify some details in
the process of creating a compatible product, e.g. capable of working with
competitor's undocumented format data files or interoperating with it in
some other way. This is in the "grey area" legally -- or at least difficult
to pursue.

If there is any demand for decompiling whole applications, I am not aware of
it. Perhaps clients of custom written software might sometimes be looking
for such when the original developer disappears or the relationship turns
sour, but I'd hope no one selling software would be insane enough to expect
to get away with decompiling a competitor's product and reusing major
portions of it in their own.

--
Chris Priede
Dec 19 '05 #16
Steven Nagy wrote:
On this topic, my boss reckons he is gonna rewrite something he did in
C# back as a managed C++ DLL because he thinks that he can protect the
IP that way.
Ummm, why choose *managed* C++? The code will *still* be compiled to IL
which can be decompiled. Reflector will decompile IL to managed C++, or
to make it easier to read, C#. So compiling to managed C++ has no effect
whatsoever on protecting IP.

If your bosss said compile as unmanaged C++ then I might understand the
sentiment. However, you can still disassemble the code to x86
assembler...

No one will want to decompile *all* of your code, there is no point
because they may as well just sell your app under their own name.
Instead, the IP thieves will want to get the secrets of your special
algorithm. That will reduce considerably the amount of code that they
will need to analyse. At that point it *might* be economic for them to
analyse x86 code.

The point about decompiling is that it reduces the time that it takes
people to learn about your code. Moving to unmanaged code will merely
lengthen the amount of time, it will not remove it completely. (Its like
cryptography: you apply enough protection to make it uneconomic to break
the code.)
But from the mass amounts of response in this thread alone, it sounds
like that even his DLL will be reverse engineerable.
If so, can someone give me an indicator of how, tools, or even a
supporting topic from MS or anywhere reputable?

(You see, I don't know much C++ and I don't want him to change the DLL
so I need you to help me convince him to leave it as C# !!!!)


The only solution is to patent the code and then sue anyone who steals
it.

Richard
--
Fusion Tutorial: http://www.grimes.demon.co.uk/workshops/fusionWS.htm
Security Tutorial:
http://www.grimes.demon.co.uk/workshops/securityWS.htm
Dec 19 '05 #17
> If so, can someone give me an indicator of how, tools, or even a
supporting topic from MS or anywhere reputable?
Google "Decompiler Software"

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
You can lead a fish to a bicycle,
but it takes a very long time,
and the bicycle has to *want* to change.

"Steven Nagy" <le*********@ho tmail.com> wrote in message
news:11******** **************@ g43g2000cwa.goo glegroups.com.. . On this topic, my boss reckons he is gonna rewrite something he did in
C# back as a managed C++ DLL because he thinks that he can protect the
IP that way.
But from the mass amounts of response in this thread alone, it sounds
like that even his DLL will be reverse engineerable.
If so, can someone give me an indicator of how, tools, or even a
supporting topic from MS or anywhere reputable?

(You see, I don't know much C++ and I don't want him to change the DLL
so I need you to help me convince him to leave it as C# !!!!)

Many thanks,
Steven Nagy

Dec 19 '05 #18
You can totally block decompilers with encryption techniques. A tool
that does this is currently in beta at http://assemblylockbox.gibwo.com

Jan 4 '06 #19

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
1787
by: P. Obbard | last post by:
Hi all, How can I create a privacy policy for a cookie? I have an invisible image loading on a 3rd-party hosted site to help me watch traffic, but the cookie I'm using is being rejected by IE6 browsers on their default Security setting because I lack a privacy policy. How can I add a privacy policy to the cookie I'm creating (with ASP)? Thanks!
3
1580
by: Gree | last post by:
A question to those of you who design sites... What is a good online resource for getting legal disclaimers and privacy policies for a web site? ...and are they necessary? Can I just copy-n-paste from another site? I'm trying to find out what i can here before spending a heap of cash on a lawyer (if i even need one) Thanks.
11
1919
by: Deano | last post by:
Just wondering if there is a tool or method that will allow me to compare the state of my database before and after I decompile it. The last time I decompiled a few fields lost default values and some event code wasn't firing anymore. I know that sounds unusual but this was definitely the case. I would like to decompile again but am reluctant to do so if it causes any more problems. I would like to test what the decompile does to my...
10
1835
by: Hermit Dave | last post by:
Hi, Depending upon their security settings some users can not login due to their machine's Privacy Settings some how blocking the cookie (no privacy policy available)... which is encrypted... what i would like is someone to tell me how to set privacy policy for the cookie.. i know its probably not related to asp.net but googling didnt help much.. even on msdn wasnt helpful much... maybe i was searching with the wrong keywords... any...
6
3325
by: MLH | last post by:
Can decompiling an A97 mdb result in fixing minor nasties that may be responsible for some premature terminations of A97 (We are sorry. MS Access 97 needs to close.... messages). I've found the following recommendation and was wondering if any of you have used the technique and why you did? To decompile start Access with the /decompile switch. To do this from windows do a Start, Run and then where it asks for the name of the program to...
6
3195
by: Zytan | last post by:
I ran through the VB Guided Tour some time ago. In particular, the "Managing Your Records: Using Data in Your Program" section: http://msdn2.microsoft.com/en-us/library/t25kbx0s(VS.80).aspx This explains how to create a SQL database, which is stored as an .mdf file: http://msdn2.microsoft.com/en-us/library/ms172599(VS.80).aspx It is just 4 or 5 addresses being stored. However, the database is 2,240 KB in size! To store 5 addresses? ...
8
4351
by: Torben Laursen | last post by:
Hi I need to be sure that my C# code is as hard as possible to decompile. Can anyone tell what is the best tool for that job? Also will this be a part of Visual Studio 2008? It seems natural to me that the .net framework came with a solution so other people could not see your source code
14
1826
by: Grant | last post by:
I've seen a couple of articles on the internet that VB.NET applications can be decompiled very easy. For those who have had experience with this, is it true? What steps can be taken to avoid this? I am using VB.NET Express but am willing to buy something (within reason) to prevent easy decompiling. Any suggestions are much appreciated.
8
2157
bilibytes
by: bilibytes | last post by:
Hi everyone, I'm facing a database design problem. I want to make a sort of networking solution for the clients of my site in which they would be able to share or keep private some of their contact information. so if i have a table like this: CREATE TABLE `users_retailers_account_info` ( `id` bigint(15) unsigned NOT NULL auto_increment, `email` varchar(255) NOT NULL default 'N/A',
0
9820
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9671
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10549
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10592
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9376
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6979
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5650
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4456
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4019
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.