Hi Everyone!
I'm new to .NET but I'm a experienced VB programmer (since VB 4) and wanting
to move to VB.NET from VB 6.
But as I read about .NET, I came across that compiled VB.NET code is stored
in MSIL (instead of binary) which is easily decryptable by the "hackers" to
reverse engineer your VB.NET application.
Is this true?
Thanks in advance!
Don 20 1606
* "Don Wash" <do*@wash.com > scripsit: I'm new to .NET but I'm a experienced VB programmer (since VB 4) and wanting to move to VB.NET from VB 6.
But as I read about .NET, I came across that compiled VB.NET code is stored in MSIL (instead of binary) which is easily decryptable by the "hackers" to reverse engineer your VB.NET application.
Is this true?
Yes.
Nevertheless, you can make their work harder by obfuscating the
code. You will find some links here:
<URL:http://www.cetus-links.org/oo_dotnet.html# oo_dotnet_utili ties_tools>
Notice that VS.NET 2003 includes the Light Version of Preemptive's
obfuscator.
BTW: Do you really think that somebody wants to have a look at
the code of /your/ application? What I want to say: Reverse
Engineering often doesn't make much sense, it's "interestin g" if there
are some complicated algorithms implemented, but not for most normal
apps.
--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>
Thanks for the links Herfried,
Yes, I do think when you are developing a software with your own unique
aglorithm (or even simple applications) competitors can just look up your
code and get the idea where you've scarificied hours and hours of good night
sleep to get the aglorithm and get the app up and running. This is also the
case for simple applications. That's something I don't want :P and I'm sure
most developers will agree with me.
Do you think .NET will become binary in the future?
Don
P.S. This VB.NET newsgroup is damn fast!!! I love it!
"Herfried K. Wagner [MVP]" <hi************ ***@gmx.at> wrote in message
news:2h******** ****@uni-berlin.de... * "Don Wash" <do*@wash.com > scripsit: I'm new to .NET but I'm a experienced VB programmer (since VB 4) and
wanting to move to VB.NET from VB 6.
But as I read about .NET, I came across that compiled VB.NET code is
stored in MSIL (instead of binary) which is easily decryptable by the "hackers"
to reverse engineer your VB.NET application.
Is this true?
Yes.
Nevertheless, you can make their work harder by obfuscating the code. You will find some links here:
<URL:http://www.cetus-links.org/oo_dotnet.html# oo_dotnet_utili ties_tools>
Notice that VS.NET 2003 includes the Light Version of Preemptive's obfuscator.
BTW: Do you really think that somebody wants to have a look at the code of /your/ application? What I want to say: Reverse Engineering often doesn't make much sense, it's "interestin g" if there are some complicated algorithms implemented, but not for most normal apps.
-- Herfried K. Wagner [MVP] <URL:http://dotnet.mvps.org/>
* "Don Wash" <do*@wash.com > scripsit: Yes, I do think when you are developing a software with your own unique aglorithm (or even simple applications) competitors can just look up your code and get the idea where you've scarificied hours and hours of good night sleep to get the aglorithm and get the app up and running. This is also the case for simple applications. That's something I don't want :P and I'm sure most developers will agree with me.
Do you think .NET will become binary in the future?
No, that's against the concept of .NET. As mentioned before, I would
obfuscate the application, so it's harder to understand the
reconstructed source code.
P.S. This VB.NET newsgroup is damn fast!!! I love it!
A lot of traffic here... ;-).
--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>
But we can get the setup to "compile" the app at installation so after that
the app is as secure as a regular executable?
Thanks
Regards
"Herfried K. Wagner [MVP]" <hi************ ***@gmx.at> wrote in message
news:2h******** ****@uni-berlin.de... * "Don Wash" <do*@wash.com > scripsit: Yes, I do think when you are developing a software with your own unique aglorithm (or even simple applications) competitors can just look up
your code and get the idea where you've scarificied hours and hours of good
night sleep to get the aglorithm and get the app up and running. This is also
the case for simple applications. That's something I don't want :P and I'm
sure most developers will agree with me.
Do you think .NET will become binary in the future?
No, that's against the concept of .NET. As mentioned before, I would obfuscate the application, so it's harder to understand the reconstructed source code.
P.S. This VB.NET newsgroup is damn fast!!! I love it!
A lot of traffic here... ;-).
-- Herfried K. Wagner [MVP] <URL:http://dotnet.mvps.org/>
I wanted to follow up with Herfried on this one. He makes a valid point
about the reverse engineering. Would they actually want to? In most cases
code would be reverse engineered, the "hacker" would look at it and be like
"wtf is this?" Why? Because 1, variable names are not retained with most
decompilers (all I'm pretty sure, as it is a tokenized compiler) So, it may
or may not make much sense.
Second of all, people will look at it and be like "well I can do this better
here." Long story short, it doesn't really happen that much. At least from
what I've seen.
I've decompiled programs before, but mainly to debug an existing application
and notify the author. However, I wouldn't recommend writing oh lets say an
encryption algorithm without obfusicating (hell, I would go to a binary
format instead.)
HTH,
CJ'
"Don Wash" <do*@wash.com > wrote in message
news:OJ******** ******@TK2MSFTN GP11.phx.gbl... Thanks for the links Herfried,
Yes, I do think when you are developing a software with your own unique aglorithm (or even simple applications) competitors can just look up your code and get the idea where you've scarificied hours and hours of good
night sleep to get the aglorithm and get the app up and running. This is also
the case for simple applications. That's something I don't want :P and I'm
sure most developers will agree with me.
Do you think .NET will become binary in the future?
Don P.S. This VB.NET newsgroup is damn fast!!! I love it!
"Herfried K. Wagner [MVP]" <hi************ ***@gmx.at> wrote in message news:2h******** ****@uni-berlin.de... * "Don Wash" <do*@wash.com > scripsit: I'm new to .NET but I'm a experienced VB programmer (since VB 4) and wanting to move to VB.NET from VB 6.
But as I read about .NET, I came across that compiled VB.NET code is stored in MSIL (instead of binary) which is easily decryptable by the
"hackers" to reverse engineer your VB.NET application.
Is this true?
Yes.
Nevertheless, you can make their work harder by obfuscating the code. You will find some links here:
<URL:http://www.cetus-links.org/oo_dotnet.html# oo_dotnet_utili ties_tools> Notice that VS.NET 2003 includes the Light Version of Preemptive's obfuscator.
BTW: Do you really think that somebody wants to have a look at the code of /your/ application? What I want to say: Reverse Engineering often doesn't make much sense, it's "interestin g" if there are some complicated algorithms implemented, but not for most normal apps.
-- Herfried K. Wagner [MVP] <URL:http://dotnet.mvps.org/>
"Don Wash" <do*@wash.com > schrieb But as I read about .NET, I came across that compiled VB.NET code is stored in MSIL (instead of binary) which is easily decryptable by the "hackers" to reverse engineer your VB.NET application.
Is this true?
In addition to Herfried..
I think, if somebody is /really/ interested in your code, he will also
decompile assembler code, so the only 100% safe way is not to distribute the
application.
--
Armin
How to quote and why: http://www.plig.net/nnq/nquote.html http://www.netmeister.org/news/learn2quote.html
> In addition to Herfried.. I think, if somebody is /really/ interested in your code, he will also decompile assembler code, so the only 100% safe way is not to distribute
the application.
Same idea here, are you going to serverside webapplications Armin?
Cor
Don,
You do realize, as Armin stated, that any one who wanted to get your code,
will!
Independent of if it is written in ASM, C++, VB4, VB6, VB.NET or C#!
All computer languages have tools available that can reverse engineer them,
included compiled programs.
I don't have the link handy, my understanding is that the question is not so
much that we need to compile to binary machine code (which is easily
de-compiled or dis-assembled anyway). But the need is for digital
certificates & encryping the assembly, so it cannot be looked by opening the
file, yet can still be looked at to actual execute.
Hope this helps
Jay
"Don Wash" <do*@wash.com > wrote in message
news:OJ******** ******@TK2MSFTN GP11.phx.gbl... Thanks for the links Herfried,
Yes, I do think when you are developing a software with your own unique aglorithm (or even simple applications) competitors can just look up your code and get the idea where you've scarificied hours and hours of good
night sleep to get the aglorithm and get the app up and running. This is also
the case for simple applications. That's something I don't want :P and I'm
sure most developers will agree with me.
Do you think .NET will become binary in the future?
Don P.S. This VB.NET newsgroup is damn fast!!! I love it!
"Herfried K. Wagner [MVP]" <hi************ ***@gmx.at> wrote in message news:2h******** ****@uni-berlin.de... * "Don Wash" <do*@wash.com > scripsit: I'm new to .NET but I'm a experienced VB programmer (since VB 4) and wanting to move to VB.NET from VB 6.
But as I read about .NET, I came across that compiled VB.NET code is stored in MSIL (instead of binary) which is easily decryptable by the
"hackers" to reverse engineer your VB.NET application.
Is this true?
Yes.
Nevertheless, you can make their work harder by obfuscating the code. You will find some links here:
<URL:http://www.cetus-links.org/oo_dotnet.html# oo_dotnet_utili ties_tools> Notice that VS.NET 2003 includes the Light Version of Preemptive's obfuscator.
BTW: Do you really think that somebody wants to have a look at the code of /your/ application? What I want to say: Reverse Engineering often doesn't make much sense, it's "interestin g" if there are some complicated algorithms implemented, but not for most normal apps.
-- Herfried K. Wagner [MVP] <URL:http://dotnet.mvps.org/>
An idea like that would have to be implemented at kernel level would it not?
Encrypting the compiled program so that it couldn't be read? But then how
would it be decrypted. The OS right?
That would be a pretty interesting implementation. =)
"Jay B. Harlow [MVP - Outlook]" <Ja************ @msn.com> wrote in message
news:Ok******** ******@TK2MSFTN GP09.phx.gbl... Don, You do realize, as Armin stated, that any one who wanted to get your code, will!
Independent of if it is written in ASM, C++, VB4, VB6, VB.NET or C#!
All computer languages have tools available that can reverse engineer
them, included compiled programs.
I don't have the link handy, my understanding is that the question is not
so much that we need to compile to binary machine code (which is easily de-compiled or dis-assembled anyway). But the need is for digital certificates & encryping the assembly, so it cannot be looked by opening
the file, yet can still be looked at to actual execute.
Hope this helps Jay
"Don Wash" <do*@wash.com > wrote in message news:OJ******** ******@TK2MSFTN GP11.phx.gbl... Thanks for the links Herfried,
Yes, I do think when you are developing a software with your own unique aglorithm (or even simple applications) competitors can just look up
your code and get the idea where you've scarificied hours and hours of good night sleep to get the aglorithm and get the app up and running. This is also the case for simple applications. That's something I don't want :P and I'm sure most developers will agree with me.
Do you think .NET will become binary in the future?
Don P.S. This VB.NET newsgroup is damn fast!!! I love it!
"Herfried K. Wagner [MVP]" <hi************ ***@gmx.at> wrote in message news:2h******** ****@uni-berlin.de... * "Don Wash" <do*@wash.com > scripsit: > I'm new to .NET but I'm a experienced VB programmer (since VB 4) and wanting > to move to VB.NET from VB 6. > > But as I read about .NET, I came across that compiled VB.NET code is stored > in MSIL (instead of binary) which is easily decryptable by the "hackers" to > reverse engineer your VB.NET application. > > Is this true?
Yes.
Nevertheless, you can make their work harder by obfuscating the code. You will find some links here:
<URL:http://www.cetus-links.org/oo_dotnet.html# oo_dotnet_utili ties_tools> Notice that VS.NET 2003 includes the Light Version of Preemptive's obfuscator.
BTW: Do you really think that somebody wants to have a look at the code of /your/ application? What I want to say: Reverse Engineering often doesn't make much sense, it's "interestin g" if there are some complicated algorithms implemented, but not for most normal apps.
-- Herfried K. Wagner [MVP] <URL:http://dotnet.mvps.org/>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Spam Bill Gates |
last post by:
I am using linux, php and trying to do some ssl code. I want to send some identifier that connects
my database to the client browser. I was looking into a secure cookie. I only want the page
accessed over a SSL connection. Whats the best way to insure the clinet browser can only see my
page if they are ssl connected to it? In adding a 1 to the end of my send cookie code, it sends
the cookie regardless of if they are ssl connected or...
|
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.
I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
|
by: Bryan Olson |
last post by:
The current Python standard library provides two cryptographic
hash functions: MD5 and SHA-1 . The authors of MD5 originally
stated:
It is conjectured that it is computationally infeasible to
produce two messages having the same message digest.
That conjecture is false, as demonstrated by Wang, Feng, Lai and
Yu in 2004 . Just recently, Wang, Yu, and Lin showed a short-
cut solution for finding collisions in SHA-1 . Their result
|
by: Timothy Shih |
last post by:
Hi, I am trying to figure out how to use unmanaged code using P/Invoke. I
wrote a simple function which takes in 2 buffers (one a byte buffer, one a
char buffer) and copies the contents of the byte buffer into the character
pointer. The code looks like the following:
#include <stdio.h>
#include <stdlib.h>
#include "stdafx.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
|
by: Seth |
last post by:
I have noticed that the id of my session object changes
when I switch from a non-secure to a secure connection.
What I'm trying to do:
I have a cookie that is built on the non-secure side of
things. What I need to do is to switch to a secure
connection and then later on while still in that secure
connection delete the cookie that was created on the non-
secure side. I need to do this because I can not
reference the non-secure cookie...
| |
by: Joe |
last post by:
I have an application which runs in a non-secure environment. I also have an
application that runs in a secure environment (both on the same machine). Is
there any way to share the session data for this?
Most of the site allows the user to add things to a cart (non-secure), once
they choose to check-out, I need this information which was stored in the
session to be read by the payment page(secured).
Hope this makes sense. It's probably...
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to
communicate with a MySQL database table on a web server, from inside
of my company's Access-VBA application. I know VBA pretty well but
have never before needed to do this HTTP/XML/MySQL type functions.
|
by: Usman |
last post by:
Hi
I'm working on an application that contains classes for licensing,
authentication etc, including all the algorithms of encryption/decryption
etc. I wanted to secure this code, but after compiling all the code, I just
thought of trying a decompiler on the output file. The decompiler generated
almost 99% of the exact code out of it, exposing all those algorithms that I
need to secure. Even if I try a dotfuscator tool, still it does'nt...
|
by: =?Utf-8?B?U2FtZWVrc2hh?= |
last post by:
Hi,
I want to write a simple .net program to open a URL, fill in fields, and
click on a button to submit it using .net 1.1 framework.
Can someone help in suggesting the libraries I should use?
I tried using javascript, however, I am not able to make javascript wait for
the page to completely load, before trying to access and fill fields on the
page. Hence resorted to .net, but not finding the right library to use.
|
by: zr |
last post by:
Hi,
Does usage of checked iterators and checked containers make code more
secure?
If so, can that code considered to be reasonably secure?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |