473,473 Members | 4,176 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Security of code in view of disassembler

One can disassemble the code of an assembly (in say Visual C# language)
complied by using Visual Studio .NET even if it is a Release build. This can
be done by using the disassembler "ILDASM.EXE" provided with the VS .NET . It
shows all details of the code giving vivid details of all methods,
properties, fields, classes, structs, etc. What then is the security of a
complied assembly which is in the MSIL version? Tomorrow, anybody can copy
your idea and may be even replace some portions of the compiled file, such as
the code security portions. Can anyone explain as to whether there is some
way out to ensure that a particular assembly could not be disassembled using
the aforesaid disassembler or some other similar utility. (here I may point
out that an assembly converted to native code by using ngen.exe is only a
partial solution in as much as the resultant file cannot be stored in the
application directory but is stored in the protected catche). Even if one
were to use a signed shared assembly, will it not be possible for someone
else to at least copy the idea if not to patch up the secured code? Any
solutions or comments?
Nov 17 '05 #1
2 2114
Rama Sharma wrote:
will it not be possible for someone else to at least
copy the idea if not to patch up the secured code? Any
solutions or comments?


Only comments here. I think you are worried about a non-issue.

Most useful ideas of any program are plainly visible to the user of it,
without any disassembly. If they want to copy the function, look and feel
of your program, they will. Usually, figuring out how to implement it on
their own will take less time than figuring out how you did it from
disassembled code.

Don't rely on security through obscurity and you shouldn't have much of a
security concern. For example, the most trusted crypto algorithms are
public knowledge. That does not make them any less secure -- only more
trustworthy.

Finally, this is nothing new. Native x86 code can be disassembled just as
well.

--
Chris Priede (pr****@panix.com)
Nov 17 '05 #2

"Rama Sharma" <Ra********@discussions.microsoft.com> wrote in message
news:1C**********************************@microsof t.com...
One can disassemble the code of an assembly (in say Visual C# language)
complied by using Visual Studio .NET even if it is a Release build. This can be done by using the disassembler "ILDASM.EXE" provided with the VS .NET . It shows all details of the code giving vivid details of all methods,
properties, fields, classes, structs, etc. What then is the security of a
complied assembly which is in the MSIL version? Tomorrow, anybody can copy
your idea and may be even replace some portions of the compiled file, such as the code security portions. Can anyone explain as to whether there is some
way out to ensure that a particular assembly could not be disassembled using the aforesaid disassembler or some other similar utility. (here I may point out that an assembly converted to native code by using ngen.exe is only a
partial solution in as much as the resultant file cannot be stored in the
application directory but is stored in the protected catche). Even if one
were to use a signed shared assembly, will it not be possible for someone
else to at least copy the idea if not to patch up the secured code? Any
solutions or comments?


My three pennies worth...
Well, you can use an obfuscator. it should provide some degree of
protection. I don't think it helps much if you have come up with some kind
ogf algorithm that you want to protect. Let's say you come up with some kind
of new encryption algorithm. I'm pretty sure that anyone familiar with
existing algorithms woud be able to decipher the code. If you have something
that you want to be better protected, you should create a COM dll using VB6
or ATL/C++. Another approach, if everything is built on .NET, is to put your
most sensitive code on a trusted server.

/Fredrik
Nov 17 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
Article : Code Access Security Part - 2 (.Net FrameWork Tools Series)
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Before we start with our sample app we need to view the security configuration files on the machine. You will find them under <drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config ...
Latest Bytes
7
security worry on workgroup file
by: Paul T. Rong | last post by:
A card where I wrote my name and WID (work group ID) was stolen (unfortunately together with other things), therotically the one who have my name and WID can create the same mdw file which I use...
Latest Bytes
65
Point on Line Segment in 2D. Which code is faster ? Can you improve it ?
by: Skybuck Flying | last post by:
Hi, I needed a method to determine if a point was on a line segment in 2D. So I googled for some help and so far I have evaluated two methods. The first method was only a formula, the second...
Latest Bytes
20
IL Code Security
by: Tim Mulholland | last post by:
This thread is intended to be more of a discussion thread - because i value the opinions of the posters in this newsgroup, and especially the MVPs like Nicholas Paladino and Jon Skeet (thanks to...
Latest Bytes
2
Better way to view C# API documentation
by: steve | last post by:
I found the .Net/C# API documentation included with Visual Studio .Net 2003 and on MSDN. I don't like the layout. I would like to use something close to the javadocs that are available for Java. ...
Latest Bytes
2
Obscuring .NET code
by: John Olbert | last post by:
We are working on our first large .NET C# program. We create programs that run analytical instruments for chemists. Many programs contain complex algorithms which represent very significant...
Latest Bytes
0
Article : Code Access Security Part - 1 (.Net FrameWork Tools Series)
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Today we are going to look at Code Access Security. Code access security is a feature of .NET that manages code depending on its trust level. If the CLS trusts the code enough to...
Latest Bytes
6
asp.net source code?
by: Jay | last post by:
Is it possible to view the source code for .NET classes? Thanks. Jay
Latest Bytes
12
website in DLL, need to access the code
by: Karina | last post by:
Hello: I am taking over someone else's code and my users are experiencing tons of problems but when I try to go into the source code to edit and try to fix these problems, I realize that all the...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us