All geek questions in one place

Is using .Net useful for commercial software?

I played with the .Net reflector today and realized that the entire Expression Miicrosoft package is written in .Net. As a result, I was pretty much able to see the underlying code for the expression. This greatly simplifies the protection of binary files. I think this is very important. It is generally recommended to do commercial software in .Net, where is it pretty easy to see the source code before the variable names? I was surprised that Microsoft, at least, did not stop it. Thanks

+4
source share
5 answers

I would consider reversing the reference to variable names (and possibly comments) completely .. NET Reflector and Java Decompiler are pretty nice.

Even if it was written in C or C ++, for RCE it does not mean anything. People cut their teeth, read the assembly and fiddled with OllyDBG, IDA Pro, etc. Microsoft offers its own tools for modifying its own code.

Given how commercial Java and .NET software already exists (and how easy it is to decompile), I doubt that using .NET, over Java, over C ++, C, or assembly is important when comparing how easy it is to return to the original source form.

Having said that, most of the commercial .NET software that I came across, writes the core of my program to (which seems to be) a C ++ library, and then interacts with it through a .NET application.

+4
source

Any application that is worth buying, especially a large one, such as Expression, does not have a single part, which, if disassembled and copied, will reduce its competitive advantage.

On the other hand, it would be pointless to parse and copy the entire code base, as that would be so obvious.

In short, we are not talking about flow capacitors here.

+5
source

What you see in the reflector is decompiled by IL. There is no practical way to obfuscate this other than changing the names of identifiers.

It has always been that a particular hacker will still change your code, regardless of whether you confuse it or not (obfuscation or binary code takes a little longer for reverse engineering). The same argument applies to licensing algorithms.

+2
source

MS does not need to obfuscate its code to protect IP when they have an army of lawyers who can sue any organization trying to use the code to create a competing product. Even if you don’t have an army of lawyers, is there anything new in your code that justifies the cost of reverse engineering? Most customers will try to use legitimate software because the risks associated with using poorly supported illegal software are too high. Anyone could take the birth of Stephen King and copy all the words written in him, since they are all there, it is clearly visible, but he can still get significant profit from the honesty of his readers who buy his books.

+2
source

Yes, .NET is a viable commercial platform, but we (which means OffByZero , the company I founded) highly recommend that you use the obfuscator for sensitive code in .NET and Java. From Development for Software Protection and Licensing :

If you work in .NET or Java, submitting non-obfuscation is almost equivalent to shipping to the source code form. If you are concerned about the intellectual property within your code (especially if you are interacting with devices in fashion that could expose trade secrets), then you need to use a quality obfuscator.

...

It is important to note that no software protection solution can be guaranteed to be 100% unbreakable; basically, as soon as your binary is turned on by another machine, you have given up full control over it. The goal is to use high-quality licensing software combined with obfuscation to make it very solid and amp; time spent hacking software, thereby increasing the level to protect your income.

-1
source

Source: https://habr.com/ru/post/1308841/

More articles:


All Articles