All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks
-YK
6  2498 
Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks.
-YK
"Hank Coffin" wrote: Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks
-YK
No amount of obfuscation in a IL language like MSIL or Java will stop
reverse engineering, it simply slows the process.
If there are truly pieces of your application that absolutely cannot be
compromised, then you should write those pieces in native code and use
interop, but even then, an enterprising individual can figure out what
is going on.
YK wrote: Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks.
-YK
"Hank Coffin" wrote:
Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks
-YK
You can take a look of our salamander suite for source
code protection. The best protection would be to emulate
something similar to what a traditional c/c++
compiler/linker does, namely, to change symbol names to
memory locations, to staticly link public libraries, to
emit x86 machine code, etc.
(1) http://www.remotesoft.com/salamander/obfuscator.html
(an obfuscator is like a C++ compiler to change symbol
names -> memory location)
(2) http://www.remotesoft.com/linker.html
(This tool acts as a C++ linker to link public APIs into
your .NET assembly)
(3) http://www.remotesoft.com/salamander/protector.html
(This tool converts MSIL code into x86 machine code as
the c++ compiler does in the code generation phase, also
performs literal string encrytion).
After these 3 phase of process, the resulting code is
virtually impossible to decompile. This is the best way I
can ever think of.
These three tools can be used either independently or in
consective order depending on what level of protection you
are looking for.
Thanks,
Huihong -----Original Message-----
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community
Edition, which intends to protect IL code. However,
many .NET applications use data binding in UI forms. For
example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to
be resolved at runtime. After obfuscation, the property
names in the Employee class have changed, but the string
in the data binding code retained.
We can configure obfuscator tool with a list of exception
names that the tool will not process. However, this
maintains the property names, which eventually reveal the
actual logic.
---------------------------------------------------
Thanks
-YK
.
The URL for the linker tool is:
(2) http://www.remotesoft.com/linker -----Original Message-----
You can take a look of our salamander suite for source
code protection. The best protection would be to emulate
something similar to what a traditional c/c++
compiler/linker does, namely, to change symbol names to
memory locations, to staticly link public libraries, to
emit x86 machine code, etc.
(1) http://www.remotesoft.com/salamander/obfuscator.html
(an obfuscator is like a C++ compiler to change symbol
names -> memory location)
(2) http://www.remotesoft.com/linker.html
(This tool acts as a C++ linker to link public APIs into
your .NET assembly)
(3) http://www.remotesoft.com/salamander/protector.html
(This tool converts MSIL code into x86 machine code as
the c++ compiler does in the code generation phase, also
performs literal string encrytion).
After these 3 phase of process, the resulting code is
virtually impossible to decompile. This is the best way I
can ever think of.
These three tools can be used either independently or in
consective order depending on what level of protection
youare looking for.
Thanks,
Huihong
-----Original Message-----
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator CommunityEdition, which intends to protect IL code. However,
many .NET applications use data binding in UI forms. For
example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to
be resolved at runtime. After obfuscation, the property
names in the Employee class have changed, but the string
in the data binding code retained.
We can configure obfuscator tool with a list of
exceptionnames that the tool will not process. However, this
maintains the property names, which eventually reveal the
actual logic.
---------------------------------------------------
Thanks
-YK
.
.
You need to figure out what level of risk your are comfortable with relative to potential loss.
What are you trying to protect?
Are you connecting to a database? How about using stored procedures?
You might want to check out the Pro version of Dotfuscator (I'm not affiliated with Preemptive Solutions in any way except as a user of Community Edition). That might slow them down enough.
"Sean Bright" wrote: No amount of obfuscation in a IL language like MSIL or Java will stop
reverse engineering, it simply slows the process.
If there are truly pieces of your application that absolutely cannot be
compromised, then you should write those pieces in native code and use
interop, but even then, an enterprising individual can figure out what
is going on.
YK wrote:
Hi Hank,
I'm working on a standalone desktop application, in which all layers of the applications are running on a single machine.
However, when this application is deployed to customers, it's important to prevent the IL code from being decompiled.
Thanks.
-YK
"Hank Coffin" wrote:
Hi YK,
Did you check out the upgraded versions of Dotfuscator? They get more advanced and I think will encrypt strings like that.
You could encrypt the strings yourself.
Also, where is this code running? Are you doing database stuff on the client app? In that case you might consider doing remoting.
Hank
"YK" wrote:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to be resolved at runtime. After obfuscation, the property names in the Employee class have changed, but the string in the data binding code retained.
We can configure obfuscator tool with a list of exception names that the tool will not process. However, this maintains the property names, which eventually reveal the actual logic.
---------------------------------------------------
Thanks
-YK
> >> Employee e = new Employee();
txtName.DataBindings.Add("Text", e, "Name");
txtAddress.DataBindings.Add("Text", e, "Address");
In this scenarion, property names are coded as string to
be resolved at runtime. After obfuscation, the property
names in the Employee class have changed, but the string
in the data binding code retained.
We can configure obfuscator tool with a list of exceptionnames thThanks
-YK
at the tool will not process. However, thismaintains the property names, which eventually reveal the
actual logic.
You may want to consider using our Decompiler.NET product to protect
your code. It includes full obfuscation capability and replaces string
literals with references and stores their values within an encrypted
embedded resource. Also, make sure to declare classes and member names
as internal rather than public if you want their names to be
obfuscated and they don't need to be accessible outside your assembly.
You can download a free trial version of Decompiler.NET from http://www.junglecreatures.com/
Jonathan Pierce
President
Jungle Creatures, Inc. http://www.junglecreatures.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which...
|
by: Bill |
last post by:
Hey, is it possible to protect ASP code in some way? Can it be compiled, or
otherwise protect the source somehow?
Thanks,
-Bill.
|
by: Narlen |
last post by:
Hi there,
I don't know much about web design but I proudly managed to password protect
a page on my site. Later I realized that everyone looking at the source in
any web browser can see the...
|
by: Giganews |
last post by:
I have an Access 97 database in which I am running an Excel macro through
automation. The macro in Excel is as follows:
Worksheets("Sheet1").Protect Password:="****", DrawingObjects:=True,...
|
by: Fady Anwar |
last post by:
Hi while browsing the net i noticed that there is sites publishing some
software that claim that it can decompile .net applications i didn't bleave
it in fact but after trying it i was surprised...
|
by: Peter |
last post by:
I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.
|
by: SpIcH |
last post by:
Hi All,
This is all about protecting my data in Executable file.
I have developed a program in Visual Basic .NET 2002. I have many
questions in mind... please help me to complete my project.
...
|
by: lanem |
last post by:
I am trying to create an excel spreadsheet from my asp.net 2.0(vb.net) code.
I can create the file and even protect it, but I cannot protect it with a
password. Here's my code:
Dim xl As New...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
