Code protection . NET

Asked

Viewed 3,200 times

7

I have a C# application that I developed, it will be installed in several clients. The problem is that I have to protect the application code, because I performed some tests with the Ilspy application and all the source code is exposed. Anyone can take a DLL you created and copy the source code. Visual Studio 2015 already has a tool to "obfuscate" the code, but it only changes the name of some variables and methods, a person with experience in C# can easily circumvent this.

What is the most viable solution to protect source code . NET?

  • Take a look. http://stackoverflow.com/questions/2646707/something-better-than-net-reflector

  • @Paulohdsousa, this list is precisely my problem. I want to prevent the code from being seen.

  • Take a look at the list.

  • Okay, I’ll look yes.

2 answers

15


In a clear and succinct response, THERE’S NO WAY!

I say this is not possible by the fact that no matter how skilled you are, you will always have someone skilled enough in reverse engineering (or other types, including social engineering) to succeed in breaking their protection. The crack’s are the most real proof about this.

What can be done is to make access difficult, but there is no way to guarantee 100% protection.

But then it means I should leave it the way it is?

That depends on a lot. Sometimes the work you will have to make access difficult may not be feasible by several factors, for example the time and costs to accomplish this task.

But then there’s nothing?

Well, there are some tools, for in particular, which helps to carry out that process, which are:

What is your recommendation?

Don’t worry too much about it, because if the person has the ability to understand and use a reverse engineering system and let the code work, often it has the ability to do the same, and sometimes the process can be even faster.

Now, if your problem would be with system misuse, you can use a form of licenses to ensure system usage.

Complements:

As a complement, I have a few questions on the subject, two of them very similar to yours.

  • +1 for the clear and succinct response.

  • I understood, I had already thought about the question of the person who has the ability to understand and use a reverse engineering system. In case you develop something new or a very good solution for some problem and want to protect your idea, in this case it would be easier to "develop" in c++ or c ?

  • @Robss70 Enters into the same problem. You can hinder, now prevent does not give. This answer talks about this issue in C++

  • @Randrade, really this subject reverse engineering and intellectual property is extremely complex. Thank you so much for your help.

  • @Robss70 Intellectual property is even more complex. However, if you do everything right, you will be protected by the law, even if you cannot protect the source you will have the guarantee that is yours. With this, you can do something judicially, if possible.

  • @Randrade, already abusing his goodwill in the case of connection string, how would you protect this information in source code?

  • @Robss70 This will depend on your context. It depends on what you’re using, what you’re working with, what that connection will look like, etc. I don’t usually worry much about it, because my systems are in a controlled environment and I use Windows authentication.

  • It’s an Sql Server connection string for a database in Microsoft Azure, and the client environment is the same as the Wild West.

  • 1

    @Robss70 Take a look here and here. It’s a way, but I don’t know its environment, so there’s no way to know which one is the best. However, this escapes the original question. If you have more questions, the site already has a lot of material on the subject. If you find nothing, you can open another question about it, specifically.

  • @Randrade, thank you again for your attention.

Show 5 more comments

2

No technique will actually protect you, it can make it harder. If you’re hiding a secret, you’re doing something wrong in the code. If there is no secret, in general the evils of doing this outweigh the benefits. Read this, it’s important.

Has a Wikipedia list with obfuscators. Obviously the quality of each will do a better job. Some techniques create problems for execution. It is common for the developer not to realize that the obfuscator is the cause and suffer needlessly. There are cases of people who always think that the problems of their code is the obfuscator.

I don’t know which is best, especially for your need.

  • I have read about these implementation problems, mainly in Reflection. Thank you very much for your help.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.