.NET, Reflection and private members
-
Hello, Is there any way to prevent a tool like Reflector (http://www.aisto.com/roeder/dotnet/) from reading and disassembling private members using reflection? I am aware of a suggestion posted by Microsoft, stating that using [StrongNameIdentityPermission...] may help, but I can't find any example for a successful usage of it. Using [assembly: ReflectionPermission(SecurityAction.RequestRefuse, TypeInformation=true)] (or any other flag) also proved futile. Can it be that an assembly created using C# and .NET has no secrets when challenged by a freeware tool? And say I have secrets, does it mean I have to stick with C++ (knowing that you need a capable disassembler and a more capable person to squeeze the data out of my modules)? Best J
-
Hello, Is there any way to prevent a tool like Reflector (http://www.aisto.com/roeder/dotnet/) from reading and disassembling private members using reflection? I am aware of a suggestion posted by Microsoft, stating that using [StrongNameIdentityPermission...] may help, but I can't find any example for a successful usage of it. Using [assembly: ReflectionPermission(SecurityAction.RequestRefuse, TypeInformation=true)] (or any other flag) also proved futile. Can it be that an assembly created using C# and .NET has no secrets when challenged by a freeware tool? And say I have secrets, does it mean I have to stick with C++ (knowing that you need a capable disassembler and a more capable person to squeeze the data out of my modules)? Best J
There are tools out there that can help you out a little. They are called obfuscators. What they do is they modify method names and class names to make it more difficult for someone to read your code. The more advanced tools insert special code to foil tools like Reflector. Do a search for Salamander (expensive)
-
Hello, Is there any way to prevent a tool like Reflector (http://www.aisto.com/roeder/dotnet/) from reading and disassembling private members using reflection? I am aware of a suggestion posted by Microsoft, stating that using [StrongNameIdentityPermission...] may help, but I can't find any example for a successful usage of it. Using [assembly: ReflectionPermission(SecurityAction.RequestRefuse, TypeInformation=true)] (or any other flag) also proved futile. Can it be that an assembly created using C# and .NET has no secrets when challenged by a freeware tool? And say I have secrets, does it mean I have to stick with C++ (knowing that you need a capable disassembler and a more capable person to squeeze the data out of my modules)? Best J
hi, Please check this site for obfuscation and reverse engi:. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dotfuscator/dotf49m6.asp ;) ************************** S r e e j i t h N a i r **************************
-
There are tools out there that can help you out a little. They are called obfuscators. What they do is they modify method names and class names to make it more difficult for someone to read your code. The more advanced tools insert special code to foil tools like Reflector. Do a search for Salamander (expensive)
Thanks, I am familiar with these (actually wrote one myself for Java). Unfortunately, even these tools with very advanced logic can only rename and scramble a little... this is certainly not the case with a C++ application, there you have to actually know ASM to understand the code, or use a disassembler that gets no-where close the original code. I reviewed numerous obfuscators during the last weekend. Salamander is not expensive compared to others, but it has a very mediocre UI. I understand that its most valuable (advertised) feature is its ability to convert the code to what you would have gotten, had you used C++ (or other not managed language) to begin with... It seems that Microsofties themselves are using Dotfuscator (which is bundled with DevStudio). Still, I see no way to protect your *private* (not the public interfaces) code with managed code, and hence no reason to use it for project that you want to keep as inconspicuous as possible (like encryption libraries etc).
-
Thanks, I am familiar with these (actually wrote one myself for Java). Unfortunately, even these tools with very advanced logic can only rename and scramble a little... this is certainly not the case with a C++ application, there you have to actually know ASM to understand the code, or use a disassembler that gets no-where close the original code. I reviewed numerous obfuscators during the last weekend. Salamander is not expensive compared to others, but it has a very mediocre UI. I understand that its most valuable (advertised) feature is its ability to convert the code to what you would have gotten, had you used C++ (or other not managed language) to begin with... It seems that Microsofties themselves are using Dotfuscator (which is bundled with DevStudio). Still, I see no way to protect your *private* (not the public interfaces) code with managed code, and hence no reason to use it for project that you want to keep as inconspicuous as possible (like encryption libraries etc).
I was going to mention that even C++ can't hide your data, but you already know that. Well, I guess you can just create an unmanaged library for your most important functions and then use interop. If you need to release this as a component then create a wrapper library.
-
I was going to mention that even C++ can't hide your data, but you already know that. Well, I guess you can just create an unmanaged library for your most important functions and then use interop. If you need to release this as a component then create a wrapper library.