By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,087 Members | 1,513 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,087 IT Pros & Developers. It's quick & easy.

How to protect my source code from reverse engineering

P: n/a
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't bleave
it in fact but after trying it i was surprised that i could retrieve my code
from my applications after i compile it so i need to know to prevent this
from happening to my applications
Thanx in advance
Nov 16 '05 #1
Share this Question
Share on Google+
15 Replies


P: n/a
Do a search on ".NET obfuscator".

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:BC**********************************@microsof t.com...
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't
bleave
it in fact but after trying it i was surprised that i could retrieve my
code
from my applications after i compile it so i need to know to prevent this
from happening to my applications
Thanx in advance

Nov 16 '05 #2

P: n/a
Thanx but the funny thing at this site for example
http://www.remotesoft.com/salamander/obfuscator.html
that they also provide a decompiler that can decrypt the code that have been
encrypted with there obfuscator
is there is any better solutions?
thanx in advance

"Michael C#" wrote:
Do a search on ".NET obfuscator".

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:BC**********************************@microsof t.com...
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't
bleave
it in fact but after trying it i was surprised that i could retrieve my
code
from my applications after i compile it so i need to know to prevent this
from happening to my applications
Thanx in advance


Nov 16 '05 #3

P: n/a

Fady Anwar wrote:
Thanx but the funny thing at this site for example
http://www.remotesoft.com/salamander/obfuscator.html
that they also provide a decompiler that can decrypt the code that have been encrypted with there obfuscator
is there is any better solutions?


Fady,
This question has been discussed many times in these forums.
Obfuscators sufficiently rename members so that the decompiled code is
not readable or very usable as a source codebase. Obfuscation is not
intented to hide sensitive data which should be kept server side.

We also sell a combination .NET Decompiler/Obfuscator product that
provides both capabilities. We use the product on itself to protect the
versions we ship. You can download a free trial version our
Decompiler.NET product from our web site at
http://www.junglecreatures.com/ and see the obfuscation and
decompilation capabilities in the browser user interface that we
provide.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

Nov 16 '05 #4

P: n/a
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text
thanx anyway

"jp*****@nyc.rr.com" wrote:

Fady Anwar wrote:
Thanx but the funny thing at this site for example
http://www.remotesoft.com/salamander/obfuscator.html
that they also provide a decompiler that can decrypt the code that

have been
encrypted with there obfuscator
is there is any better solutions?


Fady,
This question has been discussed many times in these forums.
Obfuscators sufficiently rename members so that the decompiled code is
not readable or very usable as a source codebase. Obfuscation is not
intented to hide sensitive data which should be kept server side.

We also sell a combination .NET Decompiler/Obfuscator product that
provides both capabilities. We use the product on itself to protect the
versions we ship. You can download a free trial version our
Decompiler.NET product from our web site at
http://www.junglecreatures.com/ and see the obfuscation and
decompilation capabilities in the browser user interface that we
provide.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

Nov 16 '05 #5

P: n/a

Fady Anwar wrote:
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text thanx anyway

Fady,

I does solve your problem. The obfuscated code is no longer
understandable, and our obfuscator encrypts string literals and removes
them from your code by replacing them with lookups. You should try the
free trial version so you can see how unreadable your code becomes when
it is obfuscated. If you decompile the obfuscated code, the decompiled
code will only contain the obfuscated version, not your original
version that you wrote.

Jonathan

Nov 16 '05 #6

P: n/a
What are you trying to prevent people from reading exactly? String values
stored within your code? Your actual MSIL code? MSIL code can be
decompiled, and that's a fact of life! However, even C++ or (gasp) x86
Machine Language can be disassembled into human-readable Assembler Language
code. There are tools to obfuscate your code, and you can encrypt internal
strings, but bottom line is this: if you're that worried that people will
"read your code in plain text", you probably shouldn't release it to the
public... After all, if someone wants to see the internal workings of your
code *that badly*, they *will* find a way to do it. All you can do is make
it harder for them.

So to answer your question, the only 100% full-proof method of protecting
your code is to lock it in your cellar when you're done coding it. And even
then someone could always break into your house and steal it and then
decompile it...

Thanks,
Michael C

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text
thanx anyway

"jp*****@nyc.rr.com" wrote:

Fady Anwar wrote:
> Thanx but the funny thing at this site for example
> http://www.remotesoft.com/salamander/obfuscator.html
> that they also provide a decompiler that can decrypt the code that

have been
> encrypted with there obfuscator
> is there is any better solutions?


Fady,
This question has been discussed many times in these forums.
Obfuscators sufficiently rename members so that the decompiled code is
not readable or very usable as a source codebase. Obfuscation is not
intented to hide sensitive data which should be kept server side.

We also sell a combination .NET Decompiler/Obfuscator product that
provides both capabilities. We use the product on itself to protect the
versions we ship. You can download a free trial version our
Decompiler.NET product from our web site at
http://www.junglecreatures.com/ and see the obfuscation and
decompilation capabilities in the browser user interface that we
provide.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

Nov 16 '05 #7

P: n/a
LP
Fady,

There is no 100% to protect from reverse engineering anything. No matter how
smart you are, no matter what kind of advanced obfuscator, encryption tool
you use, there'll be always someone out there smarter than you, who can
figure out how to decompile, decrypt your code (if they really want to).
Besides, don't you think that programmer(s) who can figure out how to
decompile and decrypt obfuscated assembly, can as easily reverse engineer
your algorithms without even seeing your sourcecode. If you have some kind
of super complex algorithms that you don't want others to "steal", I suggest
you get legal IP (Intelectuall Property) protection; copy right, patent.
It doesn't mean that you should not obfuscate your assemblies, just keep in
mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text
thanx anyway

"jp*****@nyc.rr.com" wrote:

Fady Anwar wrote:
Thanx but the funny thing at this site for example
http://www.remotesoft.com/salamander/obfuscator.html
that they also provide a decompiler that can decrypt the code that

have been
encrypted with there obfuscator
is there is any better solutions?


Fady,
This question has been discussed many times in these forums.
Obfuscators sufficiently rename members so that the decompiled code is
not readable or very usable as a source codebase. Obfuscation is not
intented to hide sensitive data which should be kept server side.

We also sell a combination .NET Decompiler/Obfuscator product that
provides both capabilities. We use the product on itself to protect the
versions we ship. You can download a free trial version our
Decompiler.NET product from our web site at
http://www.junglecreatures.com/ and see the obfuscation and
decompilation capabilities in the browser user interface that we
provide.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

Nov 16 '05 #8

P: n/a
Well at least i need some method that prevent anybody who have a decompiler
to see my plain code in *C#* and it's not a problem if he can see my code in
msil (lets see what can he get use of it :P) and if there is no such method i
think that microsoft is going to be an open source community soon :P

"LP" wrote:
Fady,

There is no 100% to protect from reverse engineering anything. No matter how
smart you are, no matter what kind of advanced obfuscator, encryption tool
you use, there'll be always someone out there smarter than you, who can
figure out how to decompile, decrypt your code (if they really want to).
Besides, don't you think that programmer(s) who can figure out how to
decompile and decrypt obfuscated assembly, can as easily reverse engineer
your algorithms without even seeing your sourcecode. If you have some kind
of super complex algorithms that you don't want others to "steal", I suggest
you get legal IP (Intelectuall Property) protection; copy right, patent.
It doesn't mean that you should not obfuscate your assemblies, just keep in
mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text
thanx anyway

"jp*****@nyc.rr.com" wrote:

Fady Anwar wrote:
> Thanx but the funny thing at this site for example
> http://www.remotesoft.com/salamander/obfuscator.html
> that they also provide a decompiler that can decrypt the code that
have been
> encrypted with there obfuscator
> is there is any better solutions?

Fady,
This question has been discussed many times in these forums.
Obfuscators sufficiently rename members so that the decompiled code is
not readable or very usable as a source codebase. Obfuscation is not
intented to hide sensitive data which should be kept server side.

We also sell a combination .NET Decompiler/Obfuscator product that
provides both capabilities. We use the product on itself to protect the
versions we ship. You can download a free trial version our
Decompiler.NET product from our web site at
http://www.junglecreatures.com/ and see the obfuscation and
decompilation capabilities in the browser user interface that we
provide.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/


Nov 16 '05 #9

P: n/a
It isn't so much that they can read it, as it becomes a real pain to
read. Depending on the size of your application, de-obfuscating it (so
to speak) would take a significant amount of time once decompiled.

Sure, your algorithms would be in plain-text, but without actually
being able to understand what each variable means in a complex
algorithm, the ability to simply READ it becomes useless; you can't
translate it into something that makes sense.

As far as I know, anything that uses an intermediate language can be
decompiled readily (meaning .NET and Java). As someone mentioned, C++
et all can be broken down to assembler, which can be understood by
people with a lot better understanding of assembly language than myself
:)

Fady Anwar wrote:
Well at least i need some method that prevent anybody who have a decompiler to see my plain code in *C#* and it's not a problem if he can see my code in msil (lets see what can he get use of it :P) and if there is no such method i think that microsoft is going to be an open source community soon :P

"LP" wrote:
Fady,

There is no 100% to protect from reverse engineering anything. No matter how smart you are, no matter what kind of advanced obfuscator, encryption tool you use, there'll be always someone out there smarter than you, who can figure out how to decompile, decrypt your code (if they really want to). Besides, don't you think that programmer(s) who can figure out how to decompile and decrypt obfuscated assembly, can as easily reverse engineer your algorithms without even seeing your sourcecode. If you have some kind of super complex algorithms that you don't want others to "steal", I suggest you get legal IP (Intelectuall Property) protection; copy right, patent. It doesn't mean that you should not obfuscate your assemblies, just keep in mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
well that didn't really solve my probelm
i still need a way to pervent other ppl from reading my code in plain text thanx anyway

"jp*****@nyc.rr.com" wrote:

>
> Fady Anwar wrote:
> > Thanx but the funny thing at this site for example
> > http://www.remotesoft.com/salamander/obfuscator.html
> > that they also provide a decompiler that can decrypt the code that > have been
> > encrypted with there obfuscator
> > is there is any better solutions?
>
> Fady,
> This question has been discussed many times in these forums.
> Obfuscators sufficiently rename members so that the decompiled code is > not readable or very usable as a source codebase. Obfuscation is not > intented to hide sensitive data which should be kept server side. >
> We also sell a combination .NET Decompiler/Obfuscator product that > provides both capabilities. We use the product on itself to protect the > versions we ship. You can download a free trial version our
> Decompiler.NET product from our web site at
> http://www.junglecreatures.com/ and see the obfuscation and
> decompilation capabilities in the browser user interface that we > provide.
>
> Jonathan Pierce
> President
> Jungle Creatures, Inc.
> http://www.junglecreatures.com/
>
>



Nov 16 '05 #10

P: n/a
Fady Anwar <Fa*******@discussions.microsoft.com> wrote:
Well at least i need some method that prevent anybody who have a decompiler
to see my plain code in *C#* and it's not a problem if he can see my code in
msil (lets see what can he get use of it :P) and if there is no such method i
think that microsoft is going to be an open source community soon :P


<sigh>

There's a big difference between "able to read the code" and "open
source". However, you're not going to prevent people from converting
MSIL into C#. You need to accept that and work out what you're really
trying to protect.

(MSIL isn't actually that hard to read, by the way - even if you
*could* find a way of preventing full decompilation to C#, you wouldn't
want to try to hide passwords etc in the code.)

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 16 '05 #11

P: n/a
SB
99.99% of all code today is nothing completely new, innovative, or
revolutionary... That being said, if someone wants to take the time to
figure out every class, method, variable, code path, then no matter what
language you write it in, they will do it. If you're storing password
information or other such data in the code, then your approach is the
problem to begin with...not the fact that someone can decompile it.

-sb

"Tolga Tanriverdi" <to***@sylveria.gen.tr> wrote in message
news:uo*************@tk2msftngp13.phx.gbl...
Yes I'm agree with that if we can note protect our sourcecode its not
different from becoming open source and this means for the first time
microsoft allowing one of its components to become open source.There must
be some way to protect our codes?

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:99**********************************@microsof t.com...
Well at least i need some method that prevent anybody who have a
decompiler
to see my plain code in *C#* and it's not a problem if he can see my code
in
msil (lets see what can he get use of it :P) and if there is no such
method i
think that microsoft is going to be an open source community soon :P

"LP" wrote:
Fady,

There is no 100% to protect from reverse engineering anything. No matter
how
smart you are, no matter what kind of advanced obfuscator, encryption
tool
you use, there'll be always someone out there smarter than you, who can
figure out how to decompile, decrypt your code (if they really want to).
Besides, don't you think that programmer(s) who can figure out how to
decompile and decrypt obfuscated assembly, can as easily reverse
engineer
your algorithms without even seeing your sourcecode. If you have some
kind
of super complex algorithms that you don't want others to "steal", I
suggest
you get legal IP (Intelectuall Property) protection; copy right, patent.
It doesn't mean that you should not obfuscate your assemblies, just keep
in
mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
> well that didn't really solve my probelm
> i still need a way to pervent other ppl from reading my code in plain
> text
> thanx anyway
>
> "jp*****@nyc.rr.com" wrote:
>
> >
> > Fady Anwar wrote:
> > > Thanx but the funny thing at this site for example
> > > http://www.remotesoft.com/salamander/obfuscator.html
> > > that they also provide a decompiler that can decrypt the code that
> > have been
> > > encrypted with there obfuscator
> > > is there is any better solutions?
> >
> > Fady,
> > This question has been discussed many times in these forums.
> > Obfuscators sufficiently rename members so that the decompiled code
> > is
> > not readable or very usable as a source codebase. Obfuscation is not
> > intented to hide sensitive data which should be kept server side.
> >
> > We also sell a combination .NET Decompiler/Obfuscator product that
> > provides both capabilities. We use the product on itself to protect
> > the
> > versions we ship. You can download a free trial version our
> > Decompiler.NET product from our web site at
> > http://www.junglecreatures.com/ and see the obfuscation and
> > decompilation capabilities in the browser user interface that we
> > provide.
> >
> > Jonathan Pierce
> > President
> > Jungle Creatures, Inc.
> > http://www.junglecreatures.com/
> >
> >


Nov 16 '05 #12

P: n/a
You protect it the same way every other company, including Microsoft,
protects their code. Do you really think there that Windows or MS Office,
or any other software package out there is 100% safe from reverse
engineering? That they were compiled into some different and mysterious set
of undocumented pagan instructions that prohibit users from looking "under
the hood" if they really want to? Bottom line is that reverse engineering
is far more trouble than it's worth to 99.99999999% of people out there.

As I understand your argument, it's basically this:

-If someone wants to, they can reverse engineer your .NET code
-Since your code can be reverse engineered, it is "open source"
-It's Microsoft's fault that your code can be reverse engineered

If your definition of "open source" is simply that any code that can be
reverse engineered is "open source", then I'm sorry to tell you that "open
source" covers every software package ever designed over the course of human
history. All code on all platforms can be reverse engineered. Period. The
only limiting factors are the time and energy you are willing to invest in
reverse engineering it. And it's pretty rare that anyone comes up with a
new way of doing things so radically improved that you could get people
excited enough to attempt to reverse engineer their code anyway.

If you're that concerned, I think someone else already mentioned that you
need to get the lawyers involved and copyright your code. That, or design
your own processor that runs on your own specific set of machine language
instructions, build a computer using this processor, build your own
Operating System, compilers, assemblers and development environment, and
then -- this is key -- never document your new Machine Language, and never
let anybody use your software. Ever.

"Tolga Tanriverdi" <to***@sylveria.gen.tr> wrote in message
news:uo*************@tk2msftngp13.phx.gbl...
Yes I'm agree with that if we can note protect our sourcecode its not
different from becoming open source and this means for the first time
microsoft allowing one of its components to become open source.There must
be some way to protect our codes?

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:99**********************************@microsof t.com...
Well at least i need some method that prevent anybody who have a
decompiler
to see my plain code in *C#* and it's not a problem if he can see my code
in
msil (lets see what can he get use of it :P) and if there is no such
method i
think that microsoft is going to be an open source community soon :P

"LP" wrote:
Fady,

There is no 100% to protect from reverse engineering anything. No matter
how
smart you are, no matter what kind of advanced obfuscator, encryption
tool
you use, there'll be always someone out there smarter than you, who can
figure out how to decompile, decrypt your code (if they really want to).
Besides, don't you think that programmer(s) who can figure out how to
decompile and decrypt obfuscated assembly, can as easily reverse
engineer
your algorithms without even seeing your sourcecode. If you have some
kind
of super complex algorithms that you don't want others to "steal", I
suggest
you get legal IP (Intelectuall Property) protection; copy right, patent.
It doesn't mean that you should not obfuscate your assemblies, just keep
in
mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
> well that didn't really solve my probelm
> i still need a way to pervent other ppl from reading my code in plain
> text
> thanx anyway
>
> "jp*****@nyc.rr.com" wrote:
>
> >
> > Fady Anwar wrote:
> > > Thanx but the funny thing at this site for example
> > > http://www.remotesoft.com/salamander/obfuscator.html
> > > that they also provide a decompiler that can decrypt the code that
> > have been
> > > encrypted with there obfuscator
> > > is there is any better solutions?
> >
> > Fady,
> > This question has been discussed many times in these forums.
> > Obfuscators sufficiently rename members so that the decompiled code
> > is
> > not readable or very usable as a source codebase. Obfuscation is not
> > intented to hide sensitive data which should be kept server side.
> >
> > We also sell a combination .NET Decompiler/Obfuscator product that
> > provides both capabilities. We use the product on itself to protect
> > the
> > versions we ship. You can download a free trial version our
> > Decompiler.NET product from our web site at
> > http://www.junglecreatures.com/ and see the obfuscation and
> > decompilation capabilities in the browser user interface that we
> > provide.
> >
> > Jonathan Pierce
> > President
> > Jungle Creatures, Inc.
> > http://www.junglecreatures.com/
> >
> >


Nov 16 '05 #13

P: n/a
well at least if i'm into the open source community i would have the choice
to release the code which in my point of view is better than releasing my
code as .net app which can be decompiled against my well and everybody can
read my code if i do like it or not

theoretically every app can reverse engineered and every system can be
hacked and every encryption can be cracked but statistically thats not
happening in the real world simply because every cracking hacking or reverse
engineering technique have it's counter techniqe which can stop it and if not
it at least slow it or make it harder

i had upgraded from the unmanaged code world and i have seen alot of
techniques that stop or slow cracking or make it harder so i suggest that
rather than than saying it's impossible to protect our codes and apps from
hacking and cracking we should search for a more effecient way to stop it
(more effecient than the so called obfuscators which can be reversed also by
it's own vendors decompilers)

so i suggest the first question to ask is how does these decopilers work? so
we can know how to stop it

"Michael C#" wrote:
You protect it the same way every other company, including Microsoft,
protects their code. Do you really think there that Windows or MS Office,
or any other software package out there is 100% safe from reverse
engineering? That they were compiled into some different and mysterious set
of undocumented pagan instructions that prohibit users from looking "under
the hood" if they really want to? Bottom line is that reverse engineering
is far more trouble than it's worth to 99.99999999% of people out there.

As I understand your argument, it's basically this:

-If someone wants to, they can reverse engineer your .NET code
-Since your code can be reverse engineered, it is "open source"
-It's Microsoft's fault that your code can be reverse engineered

If your definition of "open source" is simply that any code that can be
reverse engineered is "open source", then I'm sorry to tell you that "open
source" covers every software package ever designed over the course of human
history. All code on all platforms can be reverse engineered. Period. The
only limiting factors are the time and energy you are willing to invest in
reverse engineering it. And it's pretty rare that anyone comes up with a
new way of doing things so radically improved that you could get people
excited enough to attempt to reverse engineer their code anyway.

If you're that concerned, I think someone else already mentioned that you
need to get the lawyers involved and copyright your code. That, or design
your own processor that runs on your own specific set of machine language
instructions, build a computer using this processor, build your own
Operating System, compilers, assemblers and development environment, and
then -- this is key -- never document your new Machine Language, and never
let anybody use your software. Ever.

"Tolga Tanriverdi" <to***@sylveria.gen.tr> wrote in message
news:uo*************@tk2msftngp13.phx.gbl...
Yes I'm agree with that if we can note protect our sourcecode its not
different from becoming open source and this means for the first time
microsoft allowing one of its components to become open source.There must
be some way to protect our codes?

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:99**********************************@microsof t.com...
Well at least i need some method that prevent anybody who have a
decompiler
to see my plain code in *C#* and it's not a problem if he can see my code
in
msil (lets see what can he get use of it :P) and if there is no such
method i
think that microsoft is going to be an open source community soon :P

"LP" wrote:

Fady,

There is no 100% to protect from reverse engineering anything. No matter
how
smart you are, no matter what kind of advanced obfuscator, encryption
tool
you use, there'll be always someone out there smarter than you, who can
figure out how to decompile, decrypt your code (if they really want to).
Besides, don't you think that programmer(s) who can figure out how to
decompile and decrypt obfuscated assembly, can as easily reverse
engineer
your algorithms without even seeing your sourcecode. If you have some
kind
of super complex algorithms that you don't want others to "steal", I
suggest
you get legal IP (Intelectuall Property) protection; copy right, patent.
It doesn't mean that you should not obfuscate your assemblies, just keep
in
mind there's always someone out there one step ahead of the latest
obfuscator.

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
> well that didn't really solve my probelm
> i still need a way to pervent other ppl from reading my code in plain
> text
> thanx anyway
>
> "jp*****@nyc.rr.com" wrote:
>
> >
> > Fady Anwar wrote:
> > > Thanx but the funny thing at this site for example
> > > http://www.remotesoft.com/salamander/obfuscator.html
> > > that they also provide a decompiler that can decrypt the code that
> > have been
> > > encrypted with there obfuscator
> > > is there is any better solutions?
> >
> > Fady,
> > This question has been discussed many times in these forums.
> > Obfuscators sufficiently rename members so that the decompiled code
> > is
> > not readable or very usable as a source codebase. Obfuscation is not
> > intented to hide sensitive data which should be kept server side.
> >
> > We also sell a combination .NET Decompiler/Obfuscator product that
> > provides both capabilities. We use the product on itself to protect
> > the
> > versions we ship. You can download a free trial version our
> > Decompiler.NET product from our web site at
> > http://www.junglecreatures.com/ and see the obfuscation and
> > decompilation capabilities in the browser user interface that we
> > provide.
> >
> > Jonathan Pierce
> > President
> > Jungle Creatures, Inc.
> > http://www.junglecreatures.com/
> >
> >



Nov 16 '05 #14

P: n/a
Fady,

Obfuscators do not always reduce efficiency. The obfuscator in our
product actually often improves efficiency in many cases by recognizing
higher level code constructs that can be more effiently compiled.
Obfuscators sufficiently rename types and members to make decompiler
code sufficiently unreadable and unmaintainable. They are not intended
to hide secrets. Sensitive data and algorithms should be kept server
side. All programs contain instruction sequences that processors
understand for execution. Decompilers work by recognizing these
sequences and replacing them with higher level constructs. The code that
they generate is not identical to the original code, but is high level
and readable. Programs compiled for virtual machines like .NET and Java
also contain metadata necessary for execution that includes type
information and calling conventions among other things. Obfuscators
rename this metadata so that the code is not directly understandable or
maintainable. This renaming does not impact performance. You may want to
read about Next Generation Secure Computing Base
(http://www.microsoft.com/resources/ngscb/default.mspx) which will
improve client side security by restricting programs so they can be
loaded into a protected memory space for execution that is not readable
by external processes or devices. The code can exist in encrypted form
on disk and in memory until it is loaded into the secure hardware
environment.

You may want to review our Decompiler.NET product which contains both
advanced obfuscation and high level decompilation capabilities. It also
improves code readability and efficiency through it's code analysis,
optimization, and automatic refactoring features. Many customers also
use it as a .NET source language translator that produces code that
always compiles and runs correctly. You can download a free trial
version from our web site at http://www.junglecreatures.com/

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/
Email: su*****@junglecreatures.com
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 16 '05 #15

P: n/a

"Fady Anwar" <Fa*******@discussions.microsoft.com> wrote in message
news:C1**********************************@microsof t.com...
well at least if i'm into the open source community i would have the
choice
to release the code which in my point of view is better than releasing my
code as .net app which can be decompiled against my well and everybody can
read my code if i do like it or not
What language would you prefer to write this in, in which this is not true?
Delphi? Nope, that can be reverse-engineered also. How about good old C++?
Nope, there are decompilers for that also. Well hey, how about x86
Assembler? Wrong again. There are freeware disassemblers out there. What
option do you propose?

theoretically every app can reverse engineered and every system can be
hacked and every encryption can be cracked but statistically thats not
happening in the real world simply because every cracking hacking or
reverse
engineering technique have it's counter techniqe which can stop it and if
not
it at least slow it or make it harder

"counter technique... stop it and if not it at least slow down or make it
harder." If you scroll through the discussion here, you will find mention
of "obfuscators", which do EXACTLY what you specified here.
i had upgraded from the unmanaged code world and i have seen alot of
techniques that stop or slow cracking or make it harder so i suggest that
rather than than saying it's impossible to protect our codes and apps from
hacking and cracking we should search for a more effecient way to stop it
(more effecient than the so called obfuscators which can be reversed also
by
it's own vendors decompilers)

So drop back out of unmanaged code and see how successful you are at writing
code that cannot be decompiled or disassembled by anybody's decompilers.
Nobody said it's impossible to protect your code 100%. Just never let
anyone use or see it. Too easy.
so i suggest the first question to ask is how does these decopilers work?
so
we can know how to stop it


That's easy. You have a baseline set of instructions. A decompiler
converts those baseline set of instructions into a human readable format. I
already suggested to you one method of getting around that, which basically
involves creating your own baseline set of instructions from the ground up.
And then not letting anyone, anywhere, know about it. As long as no one
breaks into your house (past those darn locks that aren't 100% effective, or
those thin glass windows that are even less effective), your code should be
100% safe from hacking.
Nov 16 '05 #16

This discussion thread is closed

Replies have been disabled for this discussion.