All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
txtName.DataBin dings.Add("Text ", e, "Name");
txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks
-YK 6 2522
Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks.
-YK
"Hank Coffin" wrote: Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
--------------------------------------------------- Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks -YK
No amount of obfuscation in a IL language like MSIL or Java will stop
reverse engineering, it simply slows the process.
If there are truly pieces of your application that absolutely cannot be
compromised, then you should write those pieces in native code and use
interop, but even then, an enterprising individual can figure out what
is going on.
YK wrote: Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks. -YK "Hank Coffin" wrote:
Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
--------------------------------------------------- Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks -YK
You can take a look of our salamander suite for source
code protection. The best protection would be to emulate
something similar to what a traditional c/c++
compiler/linker does, namely, to change symbol names to
memory locations, to staticly link public libraries, to
emit x86 machine code, etc.
(1) http://www.remotesoft.com/salamander/obfuscator.html
(an obfuscator is like a C++ compiler to change symbol
names -> memory location)
(2) http://www.remotesoft.com/linker.html
(This tool acts as a C++ linker to link public APIs into
your .NET assembly)
(3) http://www.remotesoft.com/salamander/protector.html
(This tool converts MSIL code into x86 machine code as
the c++ compiler does in the code generation phase, also
performs literal string encrytion).
After these 3 phase of process, the resulting code is
virtually impossible to decompile. This is the best way I
can ever think of.
These three tools can be used either independently or in
consective order depending on what level of protection you
are looking for.
Thanks,
Huihong -----Original Message----- All,
What is the best way to protect IL code?
--------------------------------------------------- Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community
Edition, which intends to protect IL code. However,
many .NET applications use data binding in UI forms. For
example: Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to
be resolved at runtime. After obfuscation, the property
names in the Employee class have changed, but the string
in the data binding code retained. We can configure obfuscator tool with a list of exception
names that the tool will not process. However, this
maintains the property names, which eventually reveal the
actual logic. ---------------------------------------------------
Thanks -YK
.
The URL for the linker tool is:
(2) http://www.remotesoft.com/linker -----Original Message----- You can take a look of our salamander suite for source code protection. The best protection would be to emulate something similar to what a traditional c/c++ compiler/linker does, namely, to change symbol names to memory locations, to staticly link public libraries, to emit x86 machine code, etc.
(1) http://www.remotesoft.com/salamander/obfuscator.html (an obfuscator is like a C++ compiler to change symbol names -> memory location)
(2) http://www.remotesoft.com/linker.html (This tool acts as a C++ linker to link public APIs into your .NET assembly)
(3) http://www.remotesoft.com/salamander/protector.html (This tool converts MSIL code into x86 machine code as the c++ compiler does in the code generation phase, also performs literal string encrytion).
After these 3 phase of process, the resulting code is virtually impossible to decompile. This is the best way I can ever think of.
These three tools can be used either independently or in consective order depending on what level of protection
youare looking for.
Thanks,
Huihong
-----Original Message----- All,
What is the best way to protect IL code?
--------------------------------------------------- Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator CommunityEdition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example: Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to
be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained. We can configure obfuscator tool with a list of
exceptionnames that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic. ---------------------------------------------------
Thanks -YK
.
.
You need to figure out what level of risk your are comfortable with relative to potential loss.
What are you trying to protect?
Are you connecting to a database? How about using stored procedures?
You might want to check out the Pro version of Dotfuscator (I'm not affiliated with Preemptive Solutions in any way except as a user of Community Edition). That might slow them down enough.
"Sean Bright" wrote: No amount of obfuscation in a IL language like MSIL or Java will stop reverse engineering, it simply slows the process.
If there are truly pieces of your application that absolutely cannot be compromised, then you should write those pieces in native code and use interop, but even then, an enterprising individual can figure out what is going on.
YK wrote:
Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks. -YK "Hank Coffin" wrote:
Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
--------------------------------------------------- Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks -YK
> >> Employee e = new Employee(); txtName.DataBin dings.Add("Text ", e, "Name"); txtAddress.Data Bindings.Add("T ext", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained. We can configure obfuscator tool with a list of exceptionnames thThanks -YK
at the tool will not process. However, thismaintains the property names, which eventually reveal the actual logic.
You may want to consider using our Decompiler.NET product to protect
your code. It includes full obfuscation capability and replaces string
literals with references and stores their values within an encrypted
embedded resource. Also, make sure to declare classes and member names
as internal rather than public if you want their names to be
obfuscated and they don't need to be accessible outside your assembly.
You can download a free trial version of Decompiler.NET from http://www.junglecreatures.com/
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
|
by: Bill |
last post by:
Hey, is it possible to protect ASP code in some way? Can it be compiled, or
otherwise protect the source somehow?
Thanks,
-Bill.
|
by: Narlen |
last post by:
Hi there,
I don't know much about web design but I proudly managed to password protect
a page on my site. Later I realized that everyone looking at the source in
any web browser can see the password. Is there a way to improve this code so
that instead of the password people viewing the page source would only see
bullets instead of the characters of the password (or hide it alltogether?)
Thank you for your help.
|
by: Giganews |
last post by:
I have an Access 97 database in which I am running an Excel macro through
automation. The macro in Excel is as follows:
Worksheets("Sheet1").Protect Password:="****", DrawingObjects:=True,
Contents:=True, Scenarios:=True
When I call this macro from the database all works fine except when I
recorded the macro I deselected the "Select locked cells" option under the
"Allow all users of this worksheet to:" section but yet when I access the...
|
by: Fady Anwar |
last post by:
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't bleave
it in fact but after trying it i was surprised that i could retrieve my code
from my applications after i compile it so i need to know to prevent this
from happening to my applications
Thanx in advance
| |
by: Peter |
last post by:
I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.
|
by: SpIcH |
last post by:
Hi All,
This is all about protecting my data in Executable file.
I have developed a program in Visual Basic .NET 2002. I have many
questions in mind... please help me to complete my project.
1. I have very much data to be incorporated into the executable file. I
have to add much data into my developed program into 2 Combo Boxes and 1
List Box control. For that i have created an xml element with all of the
|
by: lanem |
last post by:
I am trying to create an excel spreadsheet from my asp.net 2.0(vb.net) code.
I can create the file and even protect it, but I cannot protect it with a
password. Here's my code:
Dim xl As New Spreadsheet
xl.ActiveSheet.Protect("testpassword")
Thanks for your help.
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
With clientside Javascript you can't as your code is distributed
in source form and is easily readable. With JScript, there is the
Script Encoder (see MSDN), but this is nothing more than obfuscation.
Disabling the right mouse button also does...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |