All geek questions in one place

Is it possible to prevent the decompilation of the .NET MSIL DLL?

Almost all .net assemblies can be compiled using Reflection . This means that all .net products are open source, as the code can be easily used by other developers. There is no way that we can encrypt codes (at least for some security logic) so that they cannot be easily cracked or used incorrectly.

Edit

Old question: is winforms.net really equal to open source? has been edited based on comments regarding the proper use of the word Open Source

+4
source share
6 answers

Not

All code can be programmed in reverse order, copied, cloned, reused, rewritten, etc. What open source means is that it is legally free from restrictions, so people can learn from the code. It also means that technology can grow , and a stronger long-term technology economy can be created, not short-term. Read the Cathedral and Bazaar for a biased but relevant point of view.

I am not aware of a sufficiently strong method for protecting code, which is not just high obfuscation, but only security through obscurity . Only your question says that you need to learn more about the topic you are asking about, about reading and researching the technical, logical, and possibly philosophical qualities of the question.

Editing: I adhere to my principle, although the use of the term "Open source" has been canceled.

+9
source

There are tools that can encrypt .NET Assemblies, preventing decompilation with Reflector and similar tools. They also perform a number of related services, such as obfuscation, protection of embedded resources, etc. I know:

RemoteSoft Salamander Suite
XHEO DeployLX

+10
source

Is there a way that we can encrypt codes (at least for some security logic) so that it cannot be easily cracked or used incorrectly.

Other people have touched on code obfuscators, but ask yourself what are you really trying to accomplish:

  • Are you trying to make your code more "safe"? Not only is security through obscurity a relatively weak strategy, you should not put sensitive data in source code! Move passwords, connection strings, etc. From the code to the configuration file.

    Presumably then the application is safe as long as no one has access to your physical machine. You can assume that the attacker has a physical machine, and all hope is gone anyway.

  • Are you trying to protect proprietary algorithms? If you do not want to invest money to obtain a patent, then the best proven strategy is to expose your API through a web service on the servers that you manage. The application makes a call to the web service - this means that performance is deteriorating, and you have a dependency on your users who have an Internet connection, but at least your code is completely safe.

  • Are you trying to interfere with pirated software users? There are many reports regarding key systems for licensing.

+6
source

Everything that can be reconstructed. While .NET assemblies are easier to decompile, there are many obfuscators to make the code more understandable.

There is no good way to encrypt the code that you send to clients. At some point, the code must be decrypted to run, which means that the client machine must be able to do this. If the client machine has the ability to decrypt the code, then anyone who has access to the machine also has access.

This problem is not unique to .NET collections - any application is subject to decompilation. If source source security is your primary concern, perhaps a web application (such as a website or web service) will be better, since you can isolate assemblies from the outside world.

+1
source

Obscurity can never help you forever ...

Your decompiled code may or may not have useful variable / class names, and it will definitely not have comments, and of course, the copyright still belongs to you.

Thus, you cannot use decompiled programs in any way (or even decompile them), and I am sure that there is some option (if not by default) that you can use for basic stealth, for example, using var1 ... 9999 as variable names and class names.

0
source

If you need openource, try the mono framework. Although part of it has a part that has not been published by Microsoft as part of the CLI Common Language Infrastructure. For you, the answer is NO, you cannot use or reuse / publish the whole part anywhere. You can also see the rotor Common Source Common Language 2.0 infrastructure, which is open and managed by Microsoft, but does not contain the Window form namespace, only the CLI. This is for training and research only. Microsoft also publishes this code under the MPL at codeplex . Please read the license carefully even for open source, there is a difference between the GPL and LGPL. Reverse engineering for training purposes is, I think, good in the case, for example, some problems come that there isn’t in your code that you might want to debug. To this end, microsoft allows its source code to be used directly from its symbol server. You can configure visual studio to load the source and symbol: t for any .NET platform and debug it like what happens in the frame code. Here is a very good article on how to do this on the shawn burke blog .

0
source

Source: https://habr.com/ru/post/1298963/

More articles:


All Articles