How to protect an Assembly from decompilation?

Asked

Viewed 334 times

6

Nowadays there are many water heaters and recompilers for . NET Framework, the guy goes there, makes an application and everyone who has a decompiler (for example IL Spy) can go there, select the Assembly and see all the source code of the application, including its variables, which is the biggest problem. My questions are:

  • I can protect my app from decompilation? To give error, or some encryption when trying to decompile my application in a decompile?
  • How I protect my literals and variables? For example, I make an application that uses FTP requests to download a file, ai has the variable servidor, username and password, the guy who decompiled the app might have access to the contents of those three variables?
.net security-guard cryptography decompilation .net-assembly

2 answers

7


First of all read this: How to protect source code?

Protecting intellectual property

There really is a certain exaggeration in thinking that people will decompile and reuse the code. It’s not that simple and you have to be crazy to do it. I don’t see it happening out there. In simple codes not worth the work, in complex codes decompile does not solve much.

It’s not so true that you can recover the entire original code. In addition to not recovering comments, it does not recover the name of local variables that is also documented. Without these things it complicates the understanding of the code. Also the flow does not come back exactly as it was. Most of the time you will be able to build it again but it will be very difficult to maintain.

No technique is effective, some make it a little difficult. Obfuscation is what works best because it modifies the code to make it more unreadable and make life difficult for decompilers, but it doesn’t make decompilation impossible, it can’t do this.

If you’re still doing this, use one of the obfuscators available for . NET. By experience almost all programmers know that rarely worth the work.

Some of them do a job "so good" that prevents the Assembly function properly. Others generate huge inefficiency of execution.

Protect sensitive data

Obviously, sensitive information should not be placed within the code (passwords, addresses and other information that should be private). This should be outside and should be encrypted (preferably not near the application, inside or outside).

  • 1

    I used IDA and I could see the name of the variables and see the comments of the program.

  • 1

    It’s impossible to see what doesn’t exist.

  • What do you mean by that?

  • 1

    Exactly what is written, if you have no comments and the names of the local variables in the executable nothing can show it to you. The decompiler will put something he chose only.

  • I know it wasn’t the meaning of the question or the answer, but there’s a very interesting book about it: Secret Java. It deals, precisely, with reverse engineering techniques and obfuscation of Java code

3

The best way to protect your code is OVERSHADOWING.

Here owns a List of Obfuscators for . NET.

Obfuscation is the process of modifying an Assembly so that already is no longer useful to a hacker, but remains usable for execution of its operations. Although it may change the actual method metadata or instructions, this does not alter the flow logic or program output. There are several techniques that can be used which are described below.

Browser other questions tagged .net security-guard cryptography decompilation .net-assembly

You are not signed in. Login or sign up in order to post.