I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to
prevent easy decompiling. Any suggestions are much appreciated.
14  1791 
"Grant" <gr**********@gmail.comwrote in message
news:3G*******************@newsreading01.news.tds. net...
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with this,
is it true? What steps can be taken to avoid this? I am using VB.NET
Express but am willing to buy something (within reason) to prevent easy
decompiling. Any suggestions are much appreciated.
download the free Reflector from http://www.red-gate.com/products/reflector/
and see how easy it is to see your source. VS2005 comes with a version of
Dotfuscator (reach it from the Tools menu) that will do some obfuscation.
ive had moderate success with it. you should probably look for a commercial
aplication that will obfuscate your source.
AGP
Second attempt
Grant,
>I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to prevent
easy decompiling. Any suggestions are much appreciated.
And then? It is easier to create a program with VB.Net then to decompile
it and to try to make another program from it.
Those who are not able to do the first, are for sure not able to do the
second.
As it is about security, then think that is it possible to decompile every
program, it is just how smart you are.
Use for security the security options or find more ways to do that outside
the code.
Just my opinion.
Cor
"Grant" <gr**********@gmail.comschreef in bericht
news:3G*******************@newsreading01.news.tds. net...
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with this,
is it true? What steps can be taken to avoid this? I am using VB.NET
Express but am willing to buy something (within reason) to prevent easy
decompiling. Any suggestions are much appreciated.
>I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy
Please note that the same is true for all .Net languages ( VB.Net , C# ,
J# , Delphi.Net etc etc etc )
and also for Java
>>For those who have had experience with this, is it true?
Yes ....
>>I am using VB.NET Express but am willing to buy something (within reason)
to prevent easy decompiling. Any suggestions are much appreciated.
There are lots of obfuscating tools out there , however none of them can
give 100% guarantee
that it is really impossible to reverse engineer your app .
hth
Michel
"AGP" <si**********@softhome.netschreef in bericht
news:oM*******************@nlpi064.nbdc.sbc.com...
>
"Grant" <gr**********@gmail.comwrote in message
news:3G*******************@newsreading01.news.tds. net...
>I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to prevent
easy decompiling. Any suggestions are much appreciated.
download the free Reflector from
http://www.red-gate.com/products/reflector/ and see how easy it is to see
your source. VS2005 comes with a version of Dotfuscator (reach it from the
Tools menu) that will do some obfuscation. ive had moderate success with
it. you should probably look for a commercial aplication that will
obfuscate your source.
AGP
"Grant" <gr**********@gmail.comschrieb:
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to
prevent easy decompiling.
There are three solutions:
* Obfuscation
* Encryption
* Services
Microsoft's solution:
SLP Services Home
<URL:http://www.microsoft.com/slps/Default.aspx>
You can use obfuscation (VS comes with a cut down version of a commecial
obfuscator) to make reverse engineering harder.
However, this is not a perfect solution. The only 100 % solution is to
place the code on a server you own and expose the functionality via a
service (Web service).
--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>
On Sep 7, 12:53*pm, Grant <grantroel...@gmail.comwrote:
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. *For those who have had experience with
this, is it true? *What steps can be taken to avoid this? *I am using
VB.NET Express but am willing to buy something (within reason) to
prevent easy decompiling. *Any suggestions are much appreciated.
You have to ask yourself if you're actually writing anything that has
a risk of being disassembled and "stolen". If you're not, then you
have reason to muddy your development waters with obfuscation. Also
evaluate the business value, are you going to get a good ROI for the
additional work? Is your user base really interested in disassembling
your code?
Personally, I'd be willing to give my code to anyone that uses the
application, the more eyes on my code the more bugs will be found.
Thanks,
Seth Rowe [MVP] http://sethrowe.blogspot.com/
"Herfried K. Wagner [MVP]" <hi***************@gmx.atwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
"Grant" <gr**********@gmail.comschrieb:
>I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to prevent
easy decompiling.
There are three solutions:
* Obfuscation * Encryption * Services
Microsoft's solution:
SLP Services Home <URL:http://www.microsoft.com/slps/Default.aspx>
You can use obfuscation (VS comes with a cut down version of a commecial
obfuscator) to make reverse engineering harder.
However, this is not a perfect solution. The only 100 % solution is to
place the code on a server you own and expose the functionality via a
service (Web service).
im glad that MS has a solution but IMHO that should have been built into VS.
It seems thats just another way to suck money out of the developer. I just
transitioned to .NET after some years of reluctance and am now finding out
that the source is easily decompiled from my app. i've read some articles on
why this is so easy and i understand but MS should have included something
more than the dotfustactor. Ive tried it and it doesnt seem to work. their
website is poorly arranged and they have yet to answer my inquiries. as a
small devloper my options are limited as I cant go out and spend thousnds of
dollars for better protection, yet i have to release updates in a timely
manner. anyway, im looking for a good solution that is reasonable for a
small developer. anyone have any suggestions?
AGP
On Sep 9, 8:32*pm, "AGP" <sindizzy....@softhome.netwrote:
"Herfried K. Wagner [MVP]" <hirf-spam-me-h...@gmx.atwrote in messagenews:%2****************@TK2MSFTNGP04.phx.gb l...
"Grant" <grantroel...@gmail.comschrieb:
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. *For those who have had experience with
this, is it true? *What steps can be taken to avoid this? *I am using
VB.NET Express but am willing to buy something (within reason) to prevent
easy decompiling.
There are three solutions:
* Obfuscation * Encryption * Services
Microsoft's solution:
SLP Services Home <URL:http://www.microsoft.com/slps/Default.aspx>
You can use obfuscation (VS comes with a cut down version of a commecial
obfuscator) to make reverse engineering harder.
However, this is not a perfect solution. *The only 100 % solution is to
place the code on a server you own and expose the functionality via a
service (Web service).
im glad that MS has a solution but IMHO that should have been built into VS.
It seems thats just another way to suck money out of the developer. I just
transitioned to .NET after some years of reluctance and am now finding out
that the source is easily decompiled from my app. i've read some articleson
why this is so easy and i understand but MS should have included something
more than the dotfustactor. Ive tried it and it doesnt seem to work. their
website is poorly arranged and they have yet to answer my inquiries. as a
small devloper my options are limited as I cant go out and spend thousndsof
dollars for better protection, yet i have to release updates in a timely
manner. anyway, im looking for a good solution that is reasonable for a
small developer. anyone have any suggestions?
AGP
I still stick to my above statements.
What are you writing that's so important that no unauthorized people
can see the code?
Thanks,
Seth Rowe [MVP] http://sethrowe.blogspot.com/
AGP,
Then make it yourself, nobody forbids you to do that. (As long as you are
not using illegal others inteligence).
Cor
"AGP" <si**********@softhome.netschreef in bericht
news:wA*******************@nlpi065.nbdc.sbc.com...
>
"Herfried K. Wagner [MVP]" <hi***************@gmx.atwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
>"Grant" <gr**********@gmail.comschrieb:
>>I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to
prevent easy decompiling.
There are three solutions:
* Obfuscation * Encryption * Services
Microsoft's solution:
SLP Services Home <URL:http://www.microsoft.com/slps/Default.aspx>
You can use obfuscation (VS comes with a cut down version of a commecial
obfuscator) to make reverse engineering harder.
However, this is not a perfect solution. The only 100 % solution is to
place the code on a server you own and expose the functionality via a
service (Web service).
im glad that MS has a solution but IMHO that should have been built into
VS. It seems thats just another way to suck money out of the developer. I
just transitioned to .NET after some years of reluctance and am now
finding out that the source is easily decompiled from my app. i've read
some articles on why this is so easy and i understand but MS should have
included something more than the dotfustactor. Ive tried it and it doesnt
seem to work. their website is poorly arranged and they have yet to answer
my inquiries. as a small devloper my options are limited as I cant go out
and spend thousnds of dollars for better protection, yet i have to release
updates in a timely manner. anyway, im looking for a good solution that is
reasonable for a small developer. anyone have any suggestions?
AGP
>
im glad that MS has a solution but IMHO that should have been built into
VS.
It seems thats just another way to suck money out of the developer. I just
transitioned to .NET after some years of reluctance and am now finding out
that the source is easily decompiled from my app. i've read some articles
on
why this is so easy and i understand but MS should have included something
more than the dotfustactor. Ive tried it and it doesnt seem to work. their
website is poorly arranged and they have yet to answer my inquiries. as a
small devloper my options are limited as I cant go out and spend thousnds
of
dollars for better protection, yet i have to release updates in a timely
manner. anyway, im looking for a good solution that is reasonable for a
small developer. anyone have any suggestions?
AGP
I still stick to my above statements.
What are you writing that's so important that no unauthorized people
can see the code?
Thanks,
Seth Rowe [MVP] http://sethrowe.blogspot.com/
>>>
I guess what is in my code is not really releveant. some of it is
proprietary algorithms and other stuff is common. just like any other
developer that makes commercial apps i dont want competing devlopers from
just decompiling and using code that i have worked long and hard to perfect.
if you are willing to open source your code then that is great and i have no
problems with that. but i dont want my code to be out in the open for
everyone to see. its just that simple. if the case was that every piece of
code should be seen then there wouldnt be a need for obfustcators and
encryption services like the one that MS is offering.
AGP
"Cor Ligthert[MVP]" <no************@planet.nlwrote in message
news:91**********************************@microsof t.com...
AGP,
Then make it yourself, nobody forbids you to do that. (As long as you are
not using illegal others inteligence).
Cor
make what? an obfuscator? im not saying that i want to make one i just want
to know what options are out there.
AGp
rowe_newsgroups wrote:
On Sep 9, 8:32 pm, "AGP" <sindizzy....@softhome.netwrote:
>"Herfried K. Wagner [MVP]" <hirf-spam-me-h...@gmx.atwrote in messagenews:%2****************@TK2MSFTNGP04.phx.gb l...
>>"Grant" <grantroel...@gmail.comschrieb:
I've seen a couple of articles on the internet that VB.NET applications
can be decompiled very easy. For those who have had experience with
this, is it true? What steps can be taken to avoid this? I am using
VB.NET Express but am willing to buy something (within reason) to prevent
easy decompiling.
There are three solutions:
* Obfuscation * Encryption * Services
Microsoft's solution:
SLP Services Home <URL:http://www.microsoft.com/slps/Default.aspx>
You can use obfuscation (VS comes with a cut down version of a commecial
obfuscator) to make reverse engineering harder.
However, this is not a perfect solution. The only 100 % solution is to
place the code on a server you own and expose the functionality via a
service (Web service).
im glad that MS has a solution but IMHO that should have been built into VS.
It seems thats just another way to suck money out of the developer. I just
transitioned to .NET after some years of reluctance and am now finding out
that the source is easily decompiled from my app. i've read some articles on
why this is so easy and i understand but MS should have included something
more than the dotfustactor. Ive tried it and it doesnt seem to work. their
website is poorly arranged and they have yet to answer my inquiries. as a
small devloper my options are limited as I cant go out and spend thousnds of
dollars for better protection, yet i have to release updates in a timely
manner. anyway, im looking for a good solution that is reasonable for a
small developer. anyone have any suggestions?
AGP
I still stick to my above statements.
What are you writing that's so important that no unauthorized people
can see the code?
Thanks,
Seth Rowe [MVP]
http://sethrowe.blogspot.com/
My has a key stored as a string variable for encryption which I want
hidden. Don't care too much about the rest. Any better ways to hide this?
make what? an obfuscator? im not saying that i want to make one i just
want to know what options are out there.
VB6 ofcourse compiled with optimizations in Native code cause VB6 apps
compiled in P-Code can also be decompiled to some level :-)
ofcourse above is a joke
To get you started :
This is a nice and cheap obfuscator http://desaware.com/products/books/n...ing/index.aspx
HTH
Michel
"AGP" <si**********@softhome.netschreef in bericht
news:8f**************@flpi148.ffdc.sbc.com...
>
"Cor Ligthert[MVP]" <no************@planet.nlwrote in message
news:91**********************************@microsof t.com...
>AGP,
Then make it yourself, nobody forbids you to do that. (As long as you are
not using illegal others inteligence).
Cor
make what? an obfuscator? im not saying that i want to make one i just
want to know what options are out there.
AGp
On Sep 12, 10:06*pm, "AGP" <sindizzy....@softhome.netwrote:
im glad that MS has a solution but IMHO that should have been built into
VS.
It seems thats just another way to suck money out of the developer. I just
transitioned to .NET after some years of reluctance and am now finding out
that the source is easily decompiled from my app. i've read some articles
on
why this is so easy and i understand but MS should have included something
more than the dotfustactor. Ive tried it and it doesnt seem to work. their
website is poorly arranged and they have yet to answer my inquiries. asa
small devloper my options are limited as I cant go out and spend thousnds
of
dollars for better protection, yet i have to release updates in a timely
manner. anyway, im looking for a good solution that is reasonable for a
small developer. anyone have any suggestions?
AGP
I still stick to my above statements.
What are you writing that's so important that no unauthorized people
can see the code?
Thanks,
Seth Rowe [MVP]http://sethrowe.blogspot.com/
I guess what is in my code is not really releveant. some of it is
proprietary algorithms and other stuff is common. just like any other
developer that makes commercial apps i dont want competing devlopers from
just decompiling and using code that i have worked long and hard to perfect.
if you are willing to open source your code then that is great and i haveno
problems with that. but i dont want my code to be out in the open for
everyone to see. its just that simple. if the case was that every piece of
code should be seen then there wouldnt be a need for obfustcators and
encryption services like the one that MS is offering.
AGP
Granted if you are using proprietary algorithms I can understand why
you would want to protect them, but in my experience I rarely see
something so special that another skilled developer couldn't simple
write it again. In my opinion, your competitor would be silly to just
disassemble and try to pass the code off as there own, especially
since products like Reflector aren't perfect and a lack on unit tests
(surely you are using unit tests right?) would put them in an
extremely dangerous situation.
Also, please understand I didn't say you should open source your
applications, I merely said I wouldn't worry about disassembly. Open
source is a massive commitment, and it doesn't make good business
sense for many businesses to implement.
Thanks,
Seth Rowe [MVP] http://sethrowe.blogspot.com/
My has a key stored as a string variable for encryption which I want
hidden. *Don't care too much about the rest. *Any better ways to hidethis?
Very, very, very, very dangerous. Even in "classic" vb, I used to open
up executables in notepad and pull out any string constructs. This is
basically "security by obscurity" and you are opening up yourself for
disaster if this encryption key is protecting something very valuable.
Unfortunately, without doing a full review of your application it'd be
hard to recommend a good alternative, but I recommend you do a system
review.
Thanks,
Seth Rowe [MVP] http://sethrowe.blogspot.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Deano |
last post by:
Just wondering if there is a tool or method that will allow me to compare
the state of my database before and after I decompile it.
The last time I decompiled a few fields lost default values and...
|
by: Mike MacSween |
last post by:
So after a fair bit of work, with me always opening holding down the shift
key to bypass the startup form -> switchboard, I try to test as a use. No
error message, just a blank Access window, with...
|
by: Gaz |
last post by:
....and recompiling it again
Hi all,
I've got an Assembly DLL and associated .NetModules and want to amend
a function in one of the .NetModules
I've used ILDASM to decompile the .NetModules...
|
by: Diogo Alves - Software Developer |
last post by:
I found a few days ago that was possible to decompile any program developed
in C#
That is a huge failure.... It's not aceptable that a company that pays a lot
for visual studio and pays to the...
|
by: MLH |
last post by:
Can decompiling an A97 mdb result in fixing minor nasties that may be
responsible for some premature terminations of A97 (We are sorry. MS
Access 97 needs to close.... messages). I've found the...
|
by: cmd |
last post by:
Hi all,
I have a 97 frontend which opens to a menu screen. I can compile the
frontend and close it, but when I reopen it and then open any module in
design view, it appears that the FE is in a...
|
by: Torben Laursen |
last post by:
Hi
I need to be sure that my C# code is as hard as possible to decompile.
Can anyone tell what is the best tool for that job?
Also will this be a part of Visual Studio 2008?
It seems...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
