Buying Obfuscator Tools are a waste of money?
-
Isn't it the same as locking your front door? It won't stop a dedicated criminal, but strill can keep out the majortiy of people. I wouldn't bet my core trade secret on it, but it's better than nothing.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
blog: TDD - the Aha! | Linkify!| FoldWithUs! | sighistpeterchen wrote:
Isn't it the same as locking your front door?
No. My house is not performing anything so locking the front door wont' slow down anything. And also, I already locked with my key. I dont think I need to have finger-print scanner to do double-locking.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
-
I use the dotfuscator community edition that comes with VS2008.
Michael Sync wrote:
Do we really need to do that?
Only if you want to add fun to decompiling :rolleyes:
Michael Sync wrote:
Is it so easy to get the code if we are not using those tools?
Yes, through reflections.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
Yes, through reflections
AFAIK, Reflection doesn't give you that much.. :)
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
-
Paul Conrad wrote:
Yes, through reflections
AFAIK, Reflection doesn't give you that much.. :)
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
It does give you some info, but not everything in it's entirety me thinks.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
peterchen wrote:
Isn't it the same as locking your front door?
No. My house is not performing anything so locking the front door wont' slow down anything. And also, I already locked with my key. I dont think I need to have finger-print scanner to do double-locking.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Michael Sync wrote:
have finger-print scanner to do double-locking.
But that would be cool :-D Add an eye scanner for triple locking :rolleyes:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
I think those tools will decrease the performance because it has to be decrypted before doing the operations.. I see configuring the security on your database is like locking your front door... Now, Microsoft released System.Configuration.dll without using oibfuscator tools. I wanna get the code so that I can port it to something else (e.g Silverlight). but it's not so easy to get the code even they are not using oibfuscator tools...
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Michael Sync wrote:
I think those tools will decrease the performance because it has to be decrypted before doing the operations..
Whoa, hold up there, you said "obfuscator"! You didn't say anything about those encryption type of tools, those are *NOT* obfuscators at all and my experience with them in the past has led me to shun them entirely, not for performance reasons but for compatibility reasons though I'm sure you're right there is some overhead involved obviously. If you are talking about those encrypting tools then you might want to change your original post, entirely different thing.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
-
Michael Sync wrote:
have finger-print scanner to do double-locking.
But that would be cool :-D Add an eye scanner for triple locking :rolleyes:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
Add an eye scanner for triple locking
haha. yes.. using obfuscator tool is not like locking the door. but it is like locking the kitchen doors in your restaurant while there are full of customers... it will take a lot of times just for locking and unlocking the kitchen
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
-
It does give you some info, but not everything in it's entirety me thinks.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
It does give you some info, but not everything in it's entirety me thinks.
yes.. but it's not so easy to get the entire logic or codes.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
-
I think buying Obfuscator tools are unless.. I'm not so sure why there are some people who are willing to spend their money on those tools.. maybe, the boss doesn't understand the technical thing and he hired bad technical guys..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
I can understand reflection giving you the function parameters, but why does it need to give you the entire source code to the program? I've grown to like C# as a language but effectively handing out the source code of your apps when you release a program sucks. Mightily. So I would use the built-in obfuscator, yes, but not pay for it, and frankly all .NET compilers should have a compiler option to obfuscate compiled code.
-
Michael Sync wrote:
I think those tools will decrease the performance because it has to be decrypted before doing the operations..
Whoa, hold up there, you said "obfuscator"! You didn't say anything about those encryption type of tools, those are *NOT* obfuscators at all and my experience with them in the past has led me to shun them entirely, not for performance reasons but for compatibility reasons though I'm sure you're right there is some overhead involved obviously. If you are talking about those encrypting tools then you might want to change your original post, entirely different thing.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
What does "obfuscator" do then? Obfuscator doesn't give you anything extra layer over your assembly? AFAIK, there are some Obfuscator tools like that..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
-
I think buying Obfuscator tools are unless.. I'm not so sure why there are some people who are willing to spend their money on those tools.. maybe, the boss doesn't understand the technical thing and he hired bad technical guys..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Nope - we use Xenocode, and it's really, really good. And yes - I do understand the technical issues with .NET and IL, but there are times when you need it. The important thing to know though, is that all code is ultimately decompilable. Obfuscation is about deterring the casual hacker; a determined hacker will always be able to break your code.
Deja View - the feeling that you've seen this post before.
-
I can understand reflection giving you the function parameters, but why does it need to give you the entire source code to the program? I've grown to like C# as a language but effectively handing out the source code of your apps when you release a program sucks. Mightily. So I would use the built-in obfuscator, yes, but not pay for it, and frankly all .NET compilers should have a compiler option to obfuscate compiled code.
It doesn't give the 'source code'. It's just that .NET decompilers can do a much better job than x86 assembly decompilers because compiled .NET assemblies still contain type information, method names, etc; and because MSIL isn't optimized (optimizations are left to the JIT). Non-optimized C code with type information (e.g. in form of debug symbols) can also be decompiled quite well, too.
-
It doesn't give the 'source code'. It's just that .NET decompilers can do a much better job than x86 assembly decompilers because compiled .NET assemblies still contain type information, method names, etc; and because MSIL isn't optimized (optimizations are left to the JIT). Non-optimized C code with type information (e.g. in form of debug symbols) can also be decompiled quite well, too.
Daniel Grunwald wrote:
It doesn't give the 'source code'.
It's as good as.
Daniel Grunwald wrote:
Non-optimized C code with type information (e.g. in form of debug symbols)
Only an idiot would ship a C++ .exe with debug symbols in it yet we ship C# .exes with even more information!
-
Michael Sync wrote:
I think buying Obfuscator tools are unless..
Depends on which one. I use them sparingly from time to time.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
I use them sparingly from time to time.
Which one do you like to use? I've seen one from 9 Rays a while ago, have you worked with that one? Jeff
-
Paul Conrad wrote:
I use them sparingly from time to time.
Which one do you like to use? I've seen one from 9 Rays a while ago, have you worked with that one? Jeff
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
-
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
peterchen wrote:
Isn't it the same as locking your front door?
No. My house is not performing anything so locking the front door wont' slow down anything. And also, I already locked with my key. I dont think I need to have finger-print scanner to do double-locking.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
How does obfuscation slow anything down? As far as I understand, it's glorified renaming. Or do you mean during build time?
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
blog: TDD - the Aha! | Linkify!| FoldWithUs! | sighist -
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul, thanks for all the info. I like your signatures, they are pretty funny.
-
Paul, thanks for all the info. I like your signatures, they are pretty funny.
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.