Security of C# dll

  • Thread starter Thread starter Homer Simpson
  • Start date Start date
H

Homer Simpson

Hi Everyone,

How secure are C# DLLs? I knowVBA can easily be opened with a variety of
tools found on the internet but how about C#? How can I make my DLLs more
secure?

Thanks,
Scott
 
Homer,

You can decompile pretty much any dll that is not obfuscated. Since
..NET assemblies are IL instructions, it's easier to take those instructions
and determine what code was used to generate them (a good decompiler is
Reflector .NET by Lutz Roeder).

In order to protect against this, you want to use obfuscators. VS.NET
2005 will come with one by default (a third-party product named Dotfuscator,
and it is the community edition). Obfuscation is only as good as the
algorithm used. If the algorithm is weak, then some tools will be able to
get around it. Keep this in mind when choosing obfuscators (basically,
check to see if anyone figured out a way to decompile an assembly obfuscated
with that product).

Hope this helps.
 
Define what you mean by "secure".

There is secure in that no one can hack the code and cause malicious things
to happen, or secure in that your code cannot be decompiled, or secure in
that no one can inherit from your libraries (which can also be used for
malicious purposes), or secure in that different trust levels are assigned
based on where the code was invoked from.
 
The answer is ‘it depends’.

When C# and VB.NET code is compiled, it is compiled to MSIL (Microsoft
Intermediate Language), and during this process a large amount of metadata is
created which is easily readable and can be used for many things such as
reverse engineering and code interoperability.

Take a look at the .NET Reflector (http://www.aisto.com/roeder/dotnet/) to
get an idea of what can be done with this metadata.

In order to eliminate much of this useful information, you can obfuscate the
data with something like
Dotfuscator(http://www.preemptive.com/products/dotfuscator/) which renames
all of the names and other telling bits of data within the assembly so as to
make reverse engineering much more difficult.

Brendan
 
My original concern was just preventing my dlls from being decompiled... or
at least making the process as difficult as possible. I was just looking at
the Dotfuscator website and learning a little more about this. I'm looking
to protect my intellectual property and methodologies more than preventing
someone from maliciously using my code.

Thanks,
Scott
 
Homer Simpson said:
My original concern was just preventing my dlls from being decompiled... or
at least making the process as difficult as possible. I was just looking at
the Dotfuscator website and learning a little more about this. I'm looking
to protect my intellectual property and methodologies more than preventing
someone from maliciously using my code.
Click to expand...

It might be worth taking a look at
<http://www.pobox.com/~skeet/csharp/obfuscation.html>.
 
coming soon...Goliath.NET the last secure Obfuscator for .net platform! try
to decompile ours simple example (exe or dll).

best regards,
Marcello Cantelmo
www.cantelmosoftware.com (at the moment only in Italian language)
 
C# (and any .Net assembly) code is easily crackable and viewable using free tools like .Net Reflector. You need to to protect the code in your .Net assemblies using obfuscators like Crypto Obfuscator
 
Back
Top