Preventing decompilation of assembly

  • Thread starter Thread starter Nak
  • Start date Start date
N

Nak

Hi there,

I have just read an article that explains how to prevent people from
decompiling your assemblies with ILDASM. Apparently this can be achieved by
writing something like,

ILDASM /owner=Me MyAssembly.exe

Now when I attempt this I get "INVALID COMMAND LINE OPTION" and a list
of commands is displayed on the screen but owner is not one of them. Does
that mean that this is only valid for VS 2003? or am I missing something
pretty straight forward?

Also the article doesn't explain whether or not other decompilers can be
used successfuly, I presume that they can, would I be right in saying that?
Thanks for your help in advance.

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Ah, ignore all of that I found out what was wrong. But I do have another
question regarding this, is it possible to provide your own custom command
line attributes to be used by the compiler? So basically, would it be
possible for me to set VB.NET to provide the Owner string upon compilation
within the IDE? I would be more difficult for me to do it manually as my
Assembly is strong named, as well as having embedded licenses. Thanks
again.

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Hi Nak!!

No. You cannot explicitally set VB.NET compiler command-line arguments.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
 
Hi Tom,
No. You cannot explicitally set VB.NET compiler command-line arguments.
Click to expand...

Bugger!

I was looking into digital signing, I like the idea of programs having my
signature, so to speak, but it looks like another rip-off attempt affiliated
with Microsoft to gain revenue. Just like their Windows logo scheme, what a
load of toot, I was interested until it said I needed a verisign account
that costs an arm and a leg. Pah, oh well, I would like to know *every*
method possible for protecting Assemblies that's built into the .NET
framework but don't know where to look for this info, it took me a while
until I found out about strong naming, even after swearing and cursing about
the lack of code security and protection methods in this newsgroup. Oh
well, I'll say "Bugger!" again, just for luck :-)

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Hi Nick,

Yup. VeriSign does cost a lot doesn't it!! I wanted my own digital
certificate, so I could prove my identity over email, and digitally sign
applications.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
 
Hi Tom,
Yup. VeriSign does cost a lot doesn't it!! I wanted my own digital
certificate, so I could prove my identity over email, and digitally sign
applications.
Click to expand...

Any idea how one would go about making their own root certificate? I mean
if I were to set up a web site for professionals of VB.NET for example and
give people digital certificates providing they give contact details and the
like, just as verisign do, but give it for free, what makes verisign so
special? Not all NVIDIA display drivers are certificated!!! Hmmm.....

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Come to think of it, hardly any applications are digitally signed. I only
wanted to do it so that I could *tell* if an application had been decompiled
and recompiled again, as it wouldn't have a certificate (or my certificate),
maybe I should go ahead and put an "untrusted" one on it just for the sake
of it!! why not? Who are they to tell me my certificate can't be trusted,
just because I haven't given them any money?? Haha

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Hi Nick,

You need Windows 2000 Advanced Server, it comes with a Certificate
Authority.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
 
Hi Tom,
You need Windows 2000 Advanced Server, it comes with a Certificate
Authority.
Click to expand...

Not a "biggy" then? Sounds pretty cool to me, and why Windows 2000 Advanced
Server? What is a "Certificate Authority", I presume it is just something
that authorises a certificate? so is it a web based service that people
connect to when wanting to verify the certificate? It looks like people
have thought of this before,


--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
.... It looks like people have thought of this before,

http://www.cacert.org/

^ I mean't to send this too!

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Hi Nick,

2000 Advanced server, nice operating system. It is also programmed slightly
differently to the Professional and Standard Server edition of 2000.

The authority dishes out the certificates to people, it's not like a
web-based thing, but you provide the public key for your authority and
people trust that key, then any certificates that come from that authority
are trusted.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
 
Hi Tom
2000 Advanced server, nice operating system. It is also programmed slightly
differently to the Professional and Standard Server edition of 2000.

The authority dishes out the certificates to people, it's not like a
web-based thing, but you provide the public key for your authority and
people trust that key, then any certificates that come from that authority
are trusted.
Click to expand...

So basically all an authority does is sign your certificate with their
signature so that it contains a trusted root certificate? It still seems
like a rip off to me, hardly any applications use digital signatures, no one
checks digital signatures, it might be useful for web based means but other
than that it seems pretty pointless, but it would be nice to see if an
application of *mine* contains *my* signature, I don't see why it should
have to be trusted? isn't a non trusted signature better than no signature
at all? It doesn't really make much sense. Any ideas on if there are other
ways of implementing digital signatures without it having to be trusted?
that is if it has to be trusted at all, does Windows stop an application
with a non-trusted signature from running? Does it tell the user that it
could potentially be a virus? It doesn't seem to and wouldn't make sense if
it did, maybe a digital signature is *only* meant for web based means?

Nick.

--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."

Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
 
Think of it like this:

A digital certificate is nice if you have one.

Particularly in web-based applications, the client browser could prevent
your code from downloading if it didn't have a trusted root certificate
assigned to it.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
 
Back
Top