Hi,
I already asked about this topic few months ago, but i did not get any
answer which satisfied me, therefore i'm asking it again.
I would like to know how i can protect my code (C#.NET) from being
decompiled and abuse.
in C++, we write in "Win32 native" so you are not able to see any
commandline, or variables,...
I would like to develop an application in C# as also some controls, but
i will not do it if i'm not sure that my code will not be protected at
100% (or at least to maximum...for perfectionists).
So what is your point of view on that topic ?
the purpose is to be able to sell this application or control later on...
thanks a lot,
A.
10  1653 
>From what I understand it is almost impossible for you to ensure your
code is 100% safe. You can only take steps to make it harder for
people to decompile and understand the code.
There are two different aspects to ensuring your code is safe.
The first is to ensure that no one can modify your program to change
its functionality. There is a solution to this which is fairly secure
and is built into visual studio. It is called signing and allows you
to sign your code so that if others change the binary the dotnet
framework simply will not run the software. You should be able to find
plenty of examples on signing your assemblies.
The second step is to stop others from decompiling the code and then
re-compilling it with changes or modifications. This is allot harder
to prevent and as it stands almost impossible to stop 100%. The
problem is at the end of the day you need the computer to understand
your program and so a hacker will also be able to gain access to it.
What you can do though is make it as hard as possible for a hacker to
understand your code once it has been decompiled. This is where
obfuscation comes in. What this does is try and make your code as
unreadable as possible so that when it is decompiled all you see is
lots of meaningless variables and difficult to follow program flows.
You get an obfuscater with Visual Studio 2005 and there are lots of
third party ones. It is a simple tool that you run on your compiled
binaries.
I would like to know how i can protect my code (C#.NET) from being
decompiled and abuse.
It seems that the non-Express Editions of Visual Studio ship with an
obfuscator 'Dotfuscator' (what's in a name) but you probably do not have
access to it. I found a freeware obfuscator at http://www.rustemsoft.com/SkaterLight.zip
but I have no idea how good it is
The best way to test this sort of thing is to try and hack it
yourself. You can easily download .net decompilers and then look at
how easy it is to see the code.
I would also do a search on forum posts to see if anyone is
recommending or criticizing it. I have always found though with
security that it is best not to go for free stuff as you have no way
of knowing who has access to it. A company that sells security
software has an interest in ensuring its security.
On Oct 1, 2:03 pm, Olie <owa...@gmail.comwrote:
The best way to test this sort of thing is to try and hack it
yourself. You can easily download .net decompilers and then look at
how easy it is to see the code.
I would also do a search on forum posts to see if anyone is
recommending or criticizing it. I have always found though with
security that it is best not to go for free stuff as you have no way
of knowing who has access to it. A company that sells security
software has an interest in ensuring its security.
On the other hand, with free open source stuff, you can look at the
code yourself to check that it's not just "security through
obscurity". There's a reason why none of the security algorithms are
secret :)
Jon
On 1 Okt., 10:51, "Alain R." <nos...@noemail.comwrote:
Hi,
I already asked about this topic few months ago, but i did not get any
answer which satisfied me, therefore i'm asking it again.
I would like to know how i can protect my code (C#.NET) from being
decompiled and abuse.
in C++, we write in "Win32 native" so you are not able to see any
commandline, or variables,...
I would like to develop an application in C# as also some controls, but
i will not do it if i'm not sure that my code will not be protected at
100% (or at least to maximum...for perfectionists).
So what is your point of view on that topic ?
the purpose is to be able to sell this application or control later on...
thanks a lot,
A.
As a sidenote:
You may not want to invest too much time into security before you know
it is worth it.
Most of the people who will use your software are decent enough to pay
for it. Of course there are those who won't, but if you make your
software hard to crack, these people will simply not use it, leaving
you with just as much money as you would have earned without the added
security.
That's not to say you should ignore the issue entirely, but spending
loads of time and money on something that won't benefit you in the end
is not generally a good idea.
A basic security implementation is pretty easy to pull off (signing,
strong naming, obfuscating), but it will not be 100% secure. The
closer you get to complete security (which doesn't exist, as mentioned
above), the more time it takes to implement.
I guess in the end it comes down to the old "premature optimization is
the root of all evil"-paradigm, don't go ballistic with security
unless you have made sure you need it.
Kevin Wienhold
Olie schreef:
The best way to test this sort of thing is to try and hack it
yourself. You can easily download .net decompilers and then look at
how easy it is to see the code.
I would also do a search on forum posts to see if anyone is
recommending or criticizing it. I have always found though with
security that it is best not to go for free stuff as you have no way
of knowing who has access to it. A company that sells security
software has an interest in ensuring its security.
The Skater obfuscator seems pretty crappy. It takes administor rights to
run it, it eats all memory and tells you 'sorry, we couldn't obfuscate
foo.exe' or, when it does 'obfuscate', it leaves everything intact but
adds some volume to the file.
For people working with the Visual Studio Standard Edition, is there a
file 'dotfuscator.exe' somewhere in the SDK? (not for poor Express
Edition users I found out)
So if i understad well, it's not like in C++... it can not be secured
enough as it is under C++.
:-( this is a main issue from my point of view.
KWienhold wrote:
On 1 Okt., 10:51, "Alain R." <nos...@noemail.comwrote:
>Hi,
I already asked about this topic few months ago, but i did not get any
answer which satisfied me, therefore i'm asking it again.
I would like to know how i can protect my code (C#.NET) from being
decompiled and abuse.
in C++, we write in "Win32 native" so you are not able to see any
commandline, or variables,...
I would like to develop an application in C# as also some controls, but
i will not do it if i'm not sure that my code will not be protected at
100% (or at least to maximum...for perfectionists).
So what is your point of view on that topic ?
the purpose is to be able to sell this application or control later on...
thanks a lot,
A.
As a sidenote:
You may not want to invest too much time into security before you know
it is worth it.
Most of the people who will use your software are decent enough to pay
for it. Of course there are those who won't, but if you make your
software hard to crack, these people will simply not use it, leaving
you with just as much money as you would have earned without the added
security.
That's not to say you should ignore the issue entirely, but spending
loads of time and money on something that won't benefit you in the end
is not generally a good idea.
A basic security implementation is pretty easy to pull off (signing,
strong naming, obfuscating), but it will not be 100% secure. The
closer you get to complete security (which doesn't exist, as mentioned
above), the more time it takes to implement.
I guess in the end it comes down to the old "premature optimization is
the root of all evil"-paradigm, don't go ballistic with security
unless you have made sure you need it.
Kevin Wienhold
Alain R. wrote:
So if i understad well, it's not like in C++... it can not be secured
enough as it is under C++.
:-( this is a main issue from my point of view.
You are fooling yourself if you believe that your proprietary
algorithms, such as they may be, are in any significant way protected by
compiling them to native Win32 code.
If you have an algorithm worth stealing, someone will steal it, even if
you've compiled it to native, unmanaged Win32 code. The only way to
prevent that is to not publish it.
The truth is, any concerns about the theft of code are almost always
overblown. It's highly unlikely that your code is interesting enough to
anyone to be stolen in the first place, and assuming it is stolen it's
unlikely that any theft would present any significant risk to your
business model, whatever model that may be.
I really don't understand why you think you'll get different answers
from the same people asking the same question a second time. Nothing
has changed about the software business during the time between the
first time you asked the question and now.
Pete
On Oct 1, 3:57 pm, Peter Duniho <NpOeStPe...@NnOwSlPiAnMk.comwrote:
Alain R. wrote:
So if i understad well, it's not like in C++... it can not be secured
enough as it is under C++.
:-( this is a main issue from my point of view.
You are fooling yourself if you believe that your proprietary
algorithms, such as they may be, are in any significant way protected by
compiling them to native Win32 code.
If you have an algorithm worth stealing, someone will steal it, even if
you've compiled it to native, unmanaged Win32 code. The only way to
prevent that is to not publish it.
The truth is, any concerns about the theft of code are almost always
overblown. It's highly unlikely that your code is interesting enough to
anyone to be stolen in the first place, and assuming it is stolen it's
unlikely that any theft would present any significant risk to your
business model, whatever model that may be.
I really don't understand why you think you'll get different answers
from the same people asking the same question a second time. Nothing
has changed about the software business during the time between the
first time you asked the question and now.
Pete
Microsoft has just released (Oct 1) their Software Licensing and
Protection Services SDK. It is available at this link: http://www.microsoft.com/downloads/d...displaylang=en
Perhaps this will help some
On Oct 1, 3:51 am, "Alain R." <nos...@noemail.comwrote:
Hi,
I already asked about this topic few months ago, but i did not get any
answer which satisfied me, therefore i'm asking it again.
I would like to know how i can protect my code (C#.NET) from being
decompiled and abuse.
in C++, we write in "Win32 native" so you are not able to see any
commandline, or variables,...
I would like to develop an application in C# as also some controls, but
i will not do it if i'm not sure that my code will not be protected at
100% (or at least to maximum...for perfectionists).
So what is your point of view on that topic ?
the purpose is to be able to sell this application or control later on...
thanks a lot,
A.
You can try Microsoft's Code Protector which was just released (Oct
1): http://www.microsoft.com/downloads/d...3d%3d#filelist
Chris This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John |
last post by:
Dear all,
I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to...
|
by: Enzo |
last post by:
Hi Ng,
It's possible to protect the source code of
a js file? With PHP?
Thanks in advance!
Enzo
|
by: weixiang |
last post by:
Hi,
After compiling with C#, the target exe file can still be reverse-compiled
by ildasm. Is there someway to protect code from that method? I already
used strong-name in my module.
Thank...
|
by: Fady Anwar |
last post by:
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't bleave
it in fact but after trying it i was surprised...
|
by: seberino |
last post by:
How can a proprietary software developer protect their Python code?
People often ask me about obfuscating Python bytecode. They don't want
people to easily decompile their proprietary Python app....
| | |
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: --== Alain ==-- |
last post by:
Hi,
Using the .NET reflector tool, i know that a DLL or EXE developed in
..NET platform can be decompiled and therefore code is available for all.
I would like to know if exist a way how to...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad...
|
by: jbowers |
last post by:
I have a very long text string of numbers and some javascript code
that is supposed to be used to manipulate it. I am trying to "decode"
this string (represented as the variable "v" in the code...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
