Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers.
What does Microsoft suggest using to disable or at the least make it
impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar 15 1304
There is only one way to stop someone reverse engineering your binary - don't give them the binary, only provide remote access. Once you have given them your binary then you are in a battle as to the cost in reverse engineering compared with the benefit they will get from reverse engineering.
For example, reverse engineering an industrial strength cryptography algorithm gives ytooiu nothing as the algorithm is public knowledge (in general) and the cryptography, just by its nature is hard to crack. Reverse engineering MS Word would not give you a huge amout of information about howq Word works as its complexity lives at the macro level not within each method. So many application just provide no benefit from reverse engineering.
If you must supply the binary and it does have IP in teh code (like a new video CODEC) then you have two options: obfuscation or building the sensitive operation in non-managed code and using interop. The latter takes the reverse engineering difficulty to the same level as the world before .NET.
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BD**********************************@microsoft.co m>
Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers.
What does Microsoft suggest using to disable or at the least make it
impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
There is only one way to stop someone reverse engineering your binary - don't give them the binary, only provide remote access. Once you have given them your binary then you are in a battle as to the cost in reverse engineering compared with the benefit they will get from reverse engineering.
For example, reverse engineering an industrial strength cryptography algorithm gives ytooiu nothing as the algorithm is public knowledge (in general) and the cryptography, just by its nature is hard to crack. Reverse engineering MS Word would not give you a huge amout of information about howq Word works as its complexity lives at the macro level not within each method. So many application just provide no benefit from reverse engineering.
If you must supply the binary and it does have IP in teh code (like a new video CODEC) then you have two options: obfuscation or building the sensitive operation in non-managed code and using interop. The latter takes the reverse engineering difficulty to the same level as the world before .NET.
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BD**********************************@microsoft.co m>
Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers.
What does Microsoft suggest using to disable or at the least make it
impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Thanks Richard.
What obfuscation software does Microsoft provide? suggest?
Thanks,
Yama
"Richard Blewett [DevelopMentor]" <ri******@NOSPAMdevelop.com> wrote in
message news:OL**************@tk2msftngp13.phx.gbl... There is only one way to stop someone reverse engineering your binary - don't give them the binary, only provide remote access. Once you have given them your binary then you are in a battle as to the cost in reverse engineering compared with the benefit they will get from reverse engineering.
For example, reverse engineering an industrial strength cryptography algorithm gives ytooiu nothing as the algorithm is public knowledge (in general) and the cryptography, just by its nature is hard to crack. Reverse engineering MS Word would not give you a huge amout of information about howq Word works as its complexity lives at the macro level not within each method. So many application just provide no benefit from reverse engineering.
If you must supply the binary and it does have IP in teh code (like a new video CODEC) then you have two options: obfuscation or building the sensitive operation in non-managed code and using interop. The latter takes the reverse engineering difficulty to the same level as the world before .NET.
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BD**********************************@microsoft.co m>
Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Thanks Richard.
What obfuscation software does Microsoft provide? suggest?
Thanks,
Yama
"Richard Blewett [DevelopMentor]" <ri******@NOSPAMdevelop.com> wrote in
message news:OL**************@tk2msftngp13.phx.gbl... There is only one way to stop someone reverse engineering your binary - don't give them the binary, only provide remote access. Once you have given them your binary then you are in a battle as to the cost in reverse engineering compared with the benefit they will get from reverse engineering.
For example, reverse engineering an industrial strength cryptography algorithm gives ytooiu nothing as the algorithm is public knowledge (in general) and the cryptography, just by its nature is hard to crack. Reverse engineering MS Word would not give you a huge amout of information about howq Word works as its complexity lives at the macro level not within each method. So many application just provide no benefit from reverse engineering.
If you must supply the binary and it does have IP in teh code (like a new video CODEC) then you have two options: obfuscation or building the sensitive operation in non-managed code and using interop. The latter takes the reverse engineering difficulty to the same level as the world before .NET.
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<BD**********************************@microsoft.co m>
Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
There is nothing that is going to make it 100% impossible, but as you
probably know there are obfuscators available to make the job more
difficult.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Tue, 9 Nov 2004 16:15:06 -0800, "Yama"
<Ya**@discussions.microsoft.com> wrote: Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
There is nothing that is going to make it 100% impossible, but as you
probably know there are obfuscators available to make the job more
difficult.
--
Scott http://www.OdeToCode.com/blogs/scott/
On Tue, 9 Nov 2004 16:15:06 -0800, "Yama"
<Ya**@discussions.microsoft.com> wrote: Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Hi Yama!
"Yama" schrieb What obfuscation software does Microsoft provide? suggest?
Microsoft does not provide any obfuscation software. However Microsoft
distributes a "community" version of Dotfuscator from PreEmtive Solutions
together with Visual Studio 2003.
You'll find more info here: http://www.gotdotnet.com/team/dotfuscator/
Cheers
Arne Janning
Hi Yama!
"Yama" schrieb What obfuscation software does Microsoft provide? suggest?
Microsoft does not provide any obfuscation software. However Microsoft
distributes a "community" version of Dotfuscator from PreEmtive Solutions
together with Visual Studio 2003.
You'll find more info here: http://www.gotdotnet.com/team/dotfuscator/
Cheers
Arne Janning
Everything can be reverse engineered or brute forced given time, desire, and
money - including native win32 exes and public key crypto. That will not
change I don't think. What you hope for is to make it so painful to do so,
that people don't try or just give up. I have XenoCode 2003 version and am
now at 2005. I really like this startup and their product. I was able to
crash a decompiler that was boasting about how they could decompile any .net
assembly using the defaults. It is also really easy to use and includes
signing, and building one exe from many assemblies with point and click or
command line. They have things like string encryption, control flow
obfuscation, and something to crash ILASM and others if someone tries to use
that. TMK, it is about as good as it gets in obfuscators today. Try the
trial and use Reflector on the resulting assembly to see what it does or
does not do. hth
--
William Stacey, MVP http://mvp.support.microsoft.com
"Yama" <Ya**@discussions.microsoft.com> wrote in message
news:BD**********************************@microsof t.com... Gentlemen,
I realized that code security can easily be corrupted by cheap
decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Everything can be reverse engineered or brute forced given time, desire, and
money - including native win32 exes and public key crypto. That will not
change I don't think. What you hope for is to make it so painful to do so,
that people don't try or just give up. I have XenoCode 2003 version and am
now at 2005. I really like this startup and their product. I was able to
crash a decompiler that was boasting about how they could decompile any .net
assembly using the defaults. It is also really easy to use and includes
signing, and building one exe from many assemblies with point and click or
command line. They have things like string encryption, control flow
obfuscation, and something to crash ILASM and others if someone tries to use
that. TMK, it is about as good as it gets in obfuscators today. Try the
trial and use Reflector on the resulting assembly to see what it does or
does not do. hth
--
William Stacey, MVP http://mvp.support.microsoft.com
"Yama" <Ya**@discussions.microsoft.com> wrote in message
news:BD**********************************@microsof t.com... Gentlemen,
I realized that code security can easily be corrupted by cheap
decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Hi,
We also use Xenocode and I've found it very good, there're also other
products from RemoteSoft and the PreEmptive one that somebody else mentioned
(which also has a paid for version). They all do a fairly similar job, I
think. But, as has been said before, if someone really, really, really wants
to look at your source code they will, in any language. The question is why
would they, and how much effort are they willing to put into it?
Steve
"William Stacey [MVP]" <st***********@mvps.org> wrote in message
news:Oa****************@tk2msftngp13.phx.gbl... Everything can be reverse engineered or brute forced given time, desire, and money - including native win32 exes and public key crypto. That will not change I don't think. What you hope for is to make it so painful to do so, that people don't try or just give up. I have XenoCode 2003 version and am now at 2005. I really like this startup and their product. I was able to crash a decompiler that was boasting about how they could decompile any .net assembly using the defaults. It is also really easy to use and includes signing, and building one exe from many assemblies with point and click or command line. They have things like string encryption, control flow obfuscation, and something to crash ILASM and others if someone tries to use that. TMK, it is about as good as it gets in obfuscators today. Try the trial and use Reflector on the resulting assembly to see what it does or does not do. hth
-- William Stacey, MVP http://mvp.support.microsoft.com
"Yama" <Ya**@discussions.microsoft.com> wrote in message news:BD**********************************@microsof t.com... Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Hi,
We also use Xenocode and I've found it very good, there're also other
products from RemoteSoft and the PreEmptive one that somebody else mentioned
(which also has a paid for version). They all do a fairly similar job, I
think. But, as has been said before, if someone really, really, really wants
to look at your source code they will, in any language. The question is why
would they, and how much effort are they willing to put into it?
Steve
"William Stacey [MVP]" <st***********@mvps.org> wrote in message
news:Oa****************@tk2msftngp13.phx.gbl... Everything can be reverse engineered or brute forced given time, desire, and money - including native win32 exes and public key crypto. That will not change I don't think. What you hope for is to make it so painful to do so, that people don't try or just give up. I have XenoCode 2003 version and am now at 2005. I really like this startup and their product. I was able to crash a decompiler that was boasting about how they could decompile any .net assembly using the defaults. It is also really easy to use and includes signing, and building one exe from many assemblies with point and click or command line. They have things like string encryption, control flow obfuscation, and something to crash ILASM and others if someone tries to use that. TMK, it is about as good as it gets in obfuscators today. Try the trial and use Reflector on the resulting assembly to see what it does or does not do. hth
-- William Stacey, MVP http://mvp.support.microsoft.com
"Yama" <Ya**@discussions.microsoft.com> wrote in message news:BD**********************************@microsof t.com... Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar
Dotfuscator Community Edition is not really an industrial strength obfuscator you would need either to upgrade to the Professional version or use another product as stated.
Another one you might want to look at is Demeanor from Wise Owl Consulting http://www.wiseowl.com/Products/products.aspx
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<uL**************@TK2MSFTNGP15.phx.gbl>
Hi,
We also use Xenocode and I've found it very good, there're also other
products from RemoteSoft and the PreEmptive one that somebody else mentioned
(which also has a paid for version). They all do a fairly similar job, I
think. But, as has been said before, if someone really, really, really wants
to look at your source code they will, in any language. The question is why
would they, and how much effort are they willing to put into it?
Steve
Dotfuscator Community Edition is not really an industrial strength obfuscator you would need either to upgrade to the Professional version or use another product as stated.
Another one you might want to look at is Demeanor from Wise Owl Consulting http://www.wiseowl.com/Products/products.aspx
Regards
Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk
nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<uL**************@TK2MSFTNGP15.phx.gbl>
Hi,
We also use Xenocode and I've found it very good, there're also other
products from RemoteSoft and the PreEmptive one that somebody else mentioned
(which also has a paid for version). They all do a fairly similar job, I
think. But, as has been said before, if someone really, really, really wants
to look at your source code they will, in any language. The question is why
would they, and how much effort are they willing to put into it?
Steve
A free version of DOTfuscator is included in VS 2003. Tools / Dotfuscator
Community Edition.
The free version is limited in that it basically renames assemblies;
however, that's not too bad for a freeware application. It's also a good
place to start playing around with the utility.
Bob
"Yama" <Ya**@discussions.microsoft.com> wrote in message
news:BD**********************************@microsof t.com... Gentlemen,
I realized that code security can easily be corrupted by cheap decompilers. What does Microsoft suggest using to disable or at the least make it impossible for the intruder to reverse engineer DLLs or EXEs.
Thanks,
Yama Kamyar This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ira Baxter |
last post by:
Semantic Designs is completing PHP5 source code formatters
and obfuscators. We are interested in finding Beta customers
to test these out. Requirements: You must be using PHP5!
Contact...
|
by: saitou |
last post by:
As far as i know ngen produce native code but you can`t run
it without original assmebly, because it needs manifest. Is
it posible to cut("somehow") manifest from assembly, or rather
leave...
|
by: wilsonidv |
last post by:
Daer All:
I have studied C language for just 2~3 months.
I'd like to know the critical parts of C, focusing on these.
Could anyone has many experiences tell me, please.
Thanks and Regards.
|
by: Pete Davis |
last post by:
This isn't directly a C# question, so I apologize for being somewhat off
topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string...
|
by: Oleg Subachev |
last post by:
What good obfuscators/protectors for .NET are on the market now ?
--
Best regards,
Oleg Subachev
subachev@ural.ru
| |
by: petermichaux |
last post by:
Hi,
I tried the following and everything worked fine.
element.style.position="relative";
Then I tried to make the CSS rule important and it didn't work. The
positioning was all wrong in...
|
by: korund |
last post by:
I want encrypt javascript code in web page, however, browser need fully
recognize it.. There any many Javascript Obfuscators in the Net. Is
there some good and handy utility(or script) among them...
|
by: Eric Renken |
last post by:
So I have a question we are looking at obfuscators. I am trying to push for
dotfuscator from www.preemptive.com, but management is thinking about
xenocode from www.xenocode.com. Has anyone used...
|
by: Sharon |
last post by:
For some reason I have a problem with Stunnix, are there any other
similar obfuscators?
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |