.NET and keeping my source code to myself...

[Mitchell Vincent]

I'm sure this has been discussed here plenty of times before (feel free
to point me to the thread!) but I want to learn as much as possible
about the single most talked about issue with .NET development.
Disassembly into source code and preventing that from happening!

Thinstall (thinstall.com) - I own it from previous projects (non - .NET)
but don't have faith that it can single handedly protect my source code.

What can I do to help, and what level of *real* protection can I get
with the obfuscators and other protection tools that are out there? Is
there any single solution to this problem?

Thanks!

 

[Guest]

Encryption of your goodies lke code, strings & resources is called as
Obfuscation.

You can search for "protect .net code disassembly" in any search engine &
follow the first link to get demo tools that can be used for Obfuscation.

 

[Kevin Yu [MSFT]]

Hi Mitchell,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to obfuscate your assembly to
prevent others disassembly into source code. If there is any
misunderstanding, please feel free to let me know.

Visual Studio .NET 2003 has provided us with a tool called Dotfuscator.
Dotfuscator is an obfuscator for .NET assemblies.

Dotfuscator is completely non-intrusive and requires no changes to your
source code, making it the most natural way to protect your intellectual
property on the .NET platform. In addition, many of the elements within the
Dotfuscator family of .NET packaging tools make unprecedented steps towards
smaller and faster .NET applications. Dotfuscator combines a mix of
well-known and novel algorithms to allow customers to produce the best .NET
applications possible.

For more information, please check the following link:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dotfuscator
/dotf3e5x.asp

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

 

[Steve McLellan]

There are a number of obfuscators available offering differing degrees of
protection. We use one called Xenocode, there's Protector from Salamander
and a load others I can't name off the top of my head. Search the Google
archives for these groups for more dicussion. Software is never safe from
crackers, .NET or otherwise. Work out what you're willing to spend to put a
stumbling block in, and then unfortunately you do have to accept that there
will be people that refuse to pay for software. One of the best solutions is
to add something beyond just the code (support, usage guides, tutorials etc)
and of course the best solution is a client/server arrangement where the
code isn't available to be disassembled.

Steve

 

[Mitchell Vincent]

Thanks for all the feedback guys, I really appreciate you all taking the
time to reply!

I'm aware of what obfuscators are, my real questions is : How well do
they work? Which is the "best" (a balance of cost and functionality) in
your opinion(s)..

Thanks again!

 

[Kevin Yu [MSFT]]

Hi Mitchell,

As Steve said there are a number of obfuscators available offering
differing degrees of protection. The obfuscators makes others harder to
disassembling our components.

For example, the dotfuscator. Many of the Dotfuscator Professional
transforms such as String Encryption and Control Flow obfuscation tend to
break or crash decompilers. Even if Dotfuscator Professional does not
outright crash the decompiler, it will stop it from generating useful
input. For example, the decompiler may generate an empty or incorrect
method because it had control flow obfuscation or string encryption applied
to it. And additional transforms such as enhanced overload induction will
make it almost impossible to figure out what is going on anyway.

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."