.Net Decompiler - How do I protect my .Net Product?

gregory_may

Is there a more econimical way to stop people from decompiling my .Net
product? I dont have $1900 to spend on the .Net Decompiler Protector.
Anyone have any thoughts/experiences with these or simliar products?

Is Microsoft working on a solution to this problem?
..Net Decompiler - $1100
http://www.remotesoft.com/salamander/

..Net Decompiler Protector -$1900
http://www.remotesoft.com/salamander/protector.html

Nov 22 '05 #1

Subscribe Post Reply

2598

Scott M.

Look into an obfuscator product.
"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #2

Andrey Zvyagilskiy[MSFT]

check out Dotfuscator - vs menu\tools\Dotfuscator Community Edition. There
are should be lots of info about it on www.gotdotnet.com. Anothe possible
way is to NGEN all your .net binaries (ngen.exe will compile them to native
code).

--------------------
| From: "gregory_may" <None>
| Subject: .Net Decompiler - How do I protect my .Net Product?
| Date: Thu, 12 Feb 2004 15:13:40 -0800
| Lines: 16
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <uw**************@TK2MSFTNGP09.phx.gbl>
| Newsgroups:
microsoft.public.dotnet.general,microsoft.public.d otnet.framework
| NNTP-Posting-Host: ppp-67-126-213-124.dsl.scrm01.pacbell.net
67.126.213.124
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTN GP08.phx.gbl!TK2MSFTNGP09.
phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework:65045
microsoft.public.dotnet.general:124511
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| Is there a more econimical way to stop people from decompiling my .Net
| product? I dont have $1900 to spend on the .Net Decompiler Protector.
| Anyone have any thoughts/experiences with these or simliar products?
|
| Is Microsoft working on a solution to this problem?
|
|
| .Net Decompiler - $1100
| http://www.remotesoft.com/salamander/
|
| .Net Decompiler Protector -$1900
| http://www.remotesoft.com/salamander/protector.html
|
|
|
|
|

Nov 22 '05 #3

Ed Kaim [MSFT]

A community edition of the Dotfuscator is available with Visual Studio .NET
2003.

"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #4

gregory_may

It looks like the .Net Decompiler (below) does just fine on simple
Obfuscation products.

I am curious what other folks do to protect their IP?

g.

"Scott M." <s-***@BADSPAMsnet.net> wrote in message
news:ew**************@TK2MSFTNGP12.phx.gbl...

Nov 22 '05 #5

Scott M.

People generally get an obfuscator. I personally don't want to pay 1100.00
for one. VS.NET has one built in.

"gregory_may" <None> wrote in message
news:eS**************@TK2MSFTNGP10.phx.gbl...

Nov 22 '05 #6

Christian Boult

Ok x86 code wasn't protected against anybody armed with a debugger that
could read assembly (assembly looks and feels complicated but once you can
read it it's not that complicated).
So those really interested in your code are always going to be able to read
it. No matter what.
Now of course obfuscating your code takes it a notch higher but who does it
keep away from your code ? The amateur in his basement his not
going to "steal" your code, he might pry and see what it does under the
covers. Even most the classes in the .NET framework can EASILY be
de-compiled
with Reflector or Anakrino so if MS isn't so afraid that we can read their
code why should we ? Of course I hope your not storing secrets in your code
and hoping that no one can find them...

So the point is, I guess this was not perceived as a problem since those who
really want to invest in "stealing" your code will do
just fine with a good debugger. If your software is marginally big then
understanding all the pieces of your code (even with a source code view)
takes a good deal of effort, most the time your better off just writing it
instead of stealing it (maybe "stealing" a few ideas from your code, but
hell that's called evolution).

I read somewhere that the only way to ensure no one "steals" your code is to
not give anybody your compiled executables or dll's .... (not very useful)

I guess I'm trying to start a debate on this and see what others think of
using obfuscators and their real value.

Oh by the way there is a community edition Dotfuscator included with VS2003.
It mangles up enough so that a strait de-compile is made harder.

Chris.

"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #7

Pete Davis

There are a number of them out there and VS.NET has one as well
(Dotfuscator).

I have to admit, I'm curious how effective it is and how effective some of
the others are. I know that one company that sells one also sells a
decompiler that they advertise will get past several of the other
obfuscators out there, which makes me generally suspicious of all the
obfuscators.

Fortunately it's not an issue I need to contend with right now, but at some
point I may. I hope there are some good studies of the effectiveness of them
at some point.

Pete

--
http://www.petedavis.net

"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #8

Jon Skeet [C# MVP]

<"gregory_may" <None>> wrote:

What exactly do you mean by "just fine"? It will still be able to
decompile, sure, but (hopefully) without meaningful names for anything
non-public. That quickly makes code very, very difficult to read.

What exactly do you wish to protect against? Someone copying some code,
or perhaps breaking your licensing model?

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Nov 22 '05 #9

Cowboy $Gregory A. Beamer$

I believe you are reading "In contrast to an obfuscator that makes
decompilation more difficult by symbol renaming, our protector completely
stops MSIL disassembly and decompilation ."

Okay, let's examine this:
1. Who makes the only commercial decompiler? RemoteSoft
2. Who released Protector? RemoteSoft

Fox in the chicken house.

What level of protection do you need? Salamander will decompile most
obfuscated code. This is true, but you figure out how to make this code
work:

private int i;
private double i;
private string i;

public long RandomMethod()
{
i = 100;
i = 1000;
i = "something";

i = i(i,i,i);
}

private string i(string i, long i)
{

}

Yes, you can decompile, but imagine tons of lines of code written like so.
It would take you a long time to "steal" the product; long enough a new
version would likely be out.

A couple of things you can do:
First, refactor classes to place all repetitive code in private methods. If
you find the same code in two functions, put it in a private method. This
will make your code harder to decompile, as an obfuscator will name a lot of
things by the same symbol. It is also a good practice, regardless, as you
have code in one place, not many, when you need to update.

Second, reduce exposure on as many functions as possible. Public and
protected functions are not obfuscated. If you do not need outside access,
reduce the exposure. This is also common programming practice.

NOTE: This post is not a knock of protector. From what I have gathered,
protector is a great product. In some instance, protector may be needed,
esp. if you shrink wrap software.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************
"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #10

Frank Lesser [LSW]

LSW DotNet-Lab will be released soon:

- Reflection-Browser
- C# and VB.NET Decompiler
- Obfuscator with ILDASM Protection, String Encryption & Control-Flow
Obfuscation and Multi Assembly Obfuscation
- Cross-Referencer
- Automatically layouted UML Diagrams & miscellaneous Diagrams incluing XML
- Visual Syntax
- Assembly Editor

with best regards, Frank Lesser, www.lesser-software.com

"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:u5**************@TK2MSFTNGP12.phx.gbl...

Nov 22 '05 #11

gregory_may

So, from what I am gathering:

* Use an obfuscator until your IP exposure gets to be significant, then
invest in a tool like the Protector...
* To properly use and obfuscator, make sure you are using as many private
Subs/Functions as possible.

So, I am also guessing, obfuscation becomes part of your release cycle.
Right before you deploy the project to a final QA process.

"gregory_may" <None> wrote in message
news:uw**************@TK2MSFTNGP09.phx.gbl...

Nov 22 '05 #12

Miha Markic [MVP C#]

Hi Andrey,

"Andrey Zvyagilskiy[MSFT]" <an*******@online.microsoft.com> wrote in message
news:MQ**************@cpmsftngxa07.phx.gbl...

Just a note that NGEN won't provide much help since the source MSIL has
still to be there.

--
Miha Markic [MVP C#] - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

Nov 22 '05 #13

Al Ponomarev

On Thu, 12 Feb 2004 15:13:40 -0800, gregory_may <None> wrote:

Try 9Rays.Net Spices.Net -
http://9rays.net/products/spices
(explorer, obfuscator, 6 languages decompiler - IL. C#, VB.Net, MC++, J#,
Delphi.Net).
Spices.Net is more cheaper product. Full Spices.net you can buy for $392.
--
Best regards,
Al Ponomarev
9Rays.Net

Nov 22 '05 #14

.Net Decompiler - How do I protect my .Net Product?

Similar topics