March 31st, 2005, 02:42 AM
Vb Dot Net Code Obfustication?
I posted this in security because it relates to source code security, if this is wrong, please move my thread
ok so for those of you out there that are developers in dot net you are well aware of the problems your compiled code creates.
the problem being very easy decompilation of the application (from memory) into original compilable source code.
Ok this is a problem for a number of reasons.
My question is this.
is there a way to prevent this.
encryption will not work, that just secures the EXE itsself but as soon as it is loaded into memory it is no longer encrypted. but that works the same for any application.
i have been reading about obfustication, but i am not going to rewrite all my code into some very obscure manner.
i was considering writing something to do this for me, but that is something that i would rather not focus on.
i do understand that all apps are not safe from decompiling. but there is a few methods out there to make that proscess a little harder. and there has to be something out there for dot net apps.
so if anyone knows anything. please respond here or VIA PM
March 31st, 2005, 02:50 AM
That's definately a good question and I'll be curious to see if anyone has a cheap solution because I'd be interested in implementing it... In the mean time, if you have some money to throw around... You could check out Salamander .Net Protector.... I've used their decompiler before and it's pretty good.... This software claims to work quite well to protect your code..... and at the cost it had better work damn well.
Anyways... might be something for you to look at.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
March 31st, 2005, 07:14 AM
If you write something worth obfuscating, write it in an obfuscated manner (the initial code), then use a commercial product to further **** with it. In the end SoftICE and/or IDA Pro are going to rip through your proggy; especially with Horsey at the helm.
March 31st, 2005, 02:55 PM
Writing something in an obfuscated manner initially is a poor way of doing things. You'll need to maintain the software later.
There are tools that can be used http://www.google.com/search?hl=en&q...ode+obfuscator
I kind of think it is pointless to do this however. Most of the work done to obfuscate the code is done at the source level, removing comments, changing whitespace, renaming variables....most of this doesn't even make it to the IL that is produced by the compilation process.
If you really want to do anything I'd look for tools that work at the assembly/IL level such as http://www.programmersheaven.com/zon...1016/23658.htm .
It won't stop it completely but it will raise the bar enough to weed out 95% of the retards.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X