.NET Obfuscation

Alvaro Mendez

Jeff Varszegi wrote: I think that to say Java is used mainly for web applications is sort of silly. It's not used for systems programming, but it is widely used for just about everything else. If you have a programmable cell phone, odds are you can program it easily in Java. Oh, wait-- I forgot where I am. Scratch that last statement. To each his/her own. :laugh: Yes, please be sure to use J# when referring to J**a in the future. :-) Regards, Alvaro

---

Give a man a fish, he owes you one fish. Teach a man to fish, you give up your monopoly on fisheries.

Rocky Moore

l a u r e n wrote: you have to give ur source code away practically You do that same any program, it is just the source they see is assembler ;) Rocky <>< www.HintsAndTips.com www.GotTheAnswerToSpam.com

Rocky Moore

Nemanja Trifunovic wrote: I guess this is one of the reasons why Java is used mainly for web applications And all this time, I thought it was the ugly GUI :) Kidding aside, there actually are a lot of Java applications in use today which many people may not even know are Java. One that comes to mind that I used in the past was Source Offsite. Oh yeah, they moved to .NET and is not written in C# ;) Rocky <>< www.HintsAndTips.com www.GotTheAnswerToSpam.com

Paul Watson

I'm lkoiong itno Otfbusacion of .ENT aselsmebis and is wnodrenig how mnay ppoele taht atculaly uess it... If you mkae poarmgrs unisg .NET, do you Ofbucsate yuor felis bfreoe gnviig tehm to csutoemrs? Any togthuhs aobut Oifuscatobn in ganeerl? regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Paul Watson

1. Nutters, opressed-from-on-high developers and pomegranates use it 2. No 3. It's daft. 4. But if you want to, then go right ahead. regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Paul Watson

As a fellow ASP.NET developer I wish I could say the same. We do a lot of dev for partner companies, not direct to the end-client and have on ocassion been asked to obfuscate our code. So far my flat out refusal to do so has worked but I am sure one day a partner will be more stubborn than I am and I will have to actually install the VS.NET obfuscator. regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Nish Nishant

Hey Anders One easy way to obfuscate your code would be to get a few former-VB6 guys and ask them to write portions of your .NET assemblies. They’d write obfuscated code by default that’d beat any obfuscator’s obfuscated code. :-D Nish

---

Now with my own blog - void Nish(char* szBlog); My MVP tips, tricks and essays web site - www.voidnish.com

Ian Darling

Alvaro Mendez wrote: Yes, please be sure to use J# when referring to J**a in the future. Or "J-Thing" - that's what I use :-)

---

Ian Darling "If we've learned anything from history, it's that those who feed trolls are condemned to repetitive conversations. Or something like that." - Eric Lippert

Anders Molin

Hehe, but I dont have any VB guys avaliable ;) - Anders Money talks, but all mine ever says is "Goodbye!" ShotKeeper, my Photo Album / Organizer Application[^]

My Photos[^]

Anders Molin

Paul Watson wrote: 1. Nutters, opressed-from-on-high developers and pomegranates use it 2. No May I ask why you feel this way about it? Paul Watson wrote: 4. But if you want to, then go right ahead. Of course, I do what I want to ;) But I don't know if its worth the efford... - Anders Money talks, but all mine ever says is "Goodbye!" ShotKeeper, my Photo Album / Organizer Application[^]

My Photos[^]

Paul Watson

>I'm looking into Obfuscation of .NET assemblies and is wondering how many people that actually uses it... Nutters and pomegranates because I don't see the point. It is just more paranoia. Like privacy. You won't stop the people you are trying to stop with obfuscating. All you are doing is hindering them a bit and maybe at best stopping script kiddies. >If you make programs using .NET, do you Obfuscate your files before giving them to customers? No, I don't because I don't see the benefit. My applications can be reversed engineered whether I obfuscate or not. Yes, it will be harder to understand when obfuscated. But the question is; Who are you protecting yourself against? A serious threat or script kiddies fooling around with your code? If you really care about the later then by all means use obfuscation because it will confuse them enough to hinder them, probably even stop them. But IMO the threat is not a threat. If the former then the keyword is serious and serious threats will find a way no matter what you do. It is the same with implementing registration codes or online-authentication systems for your apps to stop people pirating it. Someone somewhere will come up with a binary hack to your application and then you are screwed. You end up spending more time for no real benefit. Also what happens if you in desperation (maybe your source code and all back-ups got nuked) need to reverse engineer your app? Oh crap, it is obfuscated-garbage. It will take you a good deal longer to get back your code. regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Anders Molin

Paul Watson wrote: If the former then the keyword is serious and serious threats will find a way no matter what you do. It is the same with implementing registration codes or online-authentication systems for your apps to stop people pirating it. Someone somewhere will come up with a binary hack to your application and then you are screwed. Hehe, most people will do everything to try to make it almost impossible to crack their application. I don't do much, as the crackers will do it anyway, and the really good protection schemes are too anoying for the regular user... Paul Watson wrote: Also what happens if you in desperation (maybe your source code and all back-ups got nuked) need to reverse engineer your app? Oh crap, it is obfuscated-garbage. It will take you a good deal longer to get back your code. I have no problem with all my C++ code in this regard, and to be honest I think it's a bad "excuse" for your case. I don't disagree with you when it comes to obfuscation but this one was not so good Paul ;) BTW, I have my source on my workstation, and in sourcesafe on my server with mirrored drives, and on tape-backup, and on the occasionally DVD I burn and store outside my house... - Anders Money talks, but all mine ever says is "Goodbye!" ShotKeeper, my Photo Album / Organizer Application[^]

My Photos[^]

Paul Watson

I didn't say it was the best example ever, it is just one of many. It isn't a "bad" excuse, it is plausible and happens. Not everyone is as perfect as yourself in backups, mirrors and offsite storage :) For when pigs fly I would rather not have to trawl through my own obfuscated code. regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Anders Molin

Hmmm, we also come from different backgrounds. You come from ASP where everyone cound see anything, I come from (and still use) C++ where I compile native code which was not that easy to read, so I guess we look a bit differently at it ;) - Anders Money talks, but all mine ever says is "Goodbye!" ShotKeeper, my Photo Album / Organizer Application[^]

My Photos[^]

Paul Watson

I thought we were talking about .NET applications (whether windows forms or webforms), not C++ and ASP apps. I don't know anything about C++ apps and obfuscation so sorry, cheers. regards, Paul Watson Bluegrass South Africa Christopher Duncan quoted: "...that would require my explaining Einstein's Fear of Relatives" Crikey! ain't life grand? Einstein says...

Anders Molin

Errr, we do talk about .NET applications, I just mentioned our different background, like in what we did before this whole .NET thingy... - Anders Money talks, but all mine ever says is "Goodbye!" ShotKeeper, my Photo Album / Organizer Application[^]

My Photos[^]

slvrscremr

I left VB 6 a while ago ... :-D but I'd consider returning to the old ways for the right price. Woo Hoo! :-D My first CP post :):-D:cool: Darien "I don't know, I haven't tried today." - Trumpet icon Maynard Ferguson, when asked how high he could play.

Marcie Jones

Welcome, Darien. Marcie CP Blog[^]

ProffK

I'm going to be looking into it. I have authored two C# apps recently, and probably will author a few more in the near future, that require the storage of SQL Server passwords. Of course I'll encrypt the passwords etc., but then I still have to code the key etc. There are some situations where I can have a user enter a password everytime the application starts, but others, like installation of MSDE, which requires a strong SA password. I can't leave it open on the command line, and I can't put it in a settings.ini file either. My most secure would be obfuscated code to set it, even if it's not that secure. My blog.

ProffK

I have once or twice written some good tight code, and spent many hours debugging and refinining it, but even then laughed when clients expressed so much concern over 'their secrets'. How much source code needs to be secret? It's normally the business ideas that are the real IP, and they are publicised instead of obfuscated. Granted there are cases that warrant value in secrecy, such as developing a better than others scheduling and packing algorithm, but I venture that these cases are in the minority. My blog.