Buying Obfuscator Tools are a waste of money?
-
I think buying Obfuscator tools are unless.. I'm not so sure why there are some people who are willing to spend their money on those tools.. maybe, the boss doesn't understand the technical thing and he hired bad technical guys..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Nope - we use Xenocode, and it's really, really good. And yes - I do understand the technical issues with .NET and IL, but there are times when you need it. The important thing to know though, is that all code is ultimately decompilable. Obfuscation is about deterring the casual hacker; a determined hacker will always be able to break your code.
Deja View - the feeling that you've seen this post before.
-
I can understand reflection giving you the function parameters, but why does it need to give you the entire source code to the program? I've grown to like C# as a language but effectively handing out the source code of your apps when you release a program sucks. Mightily. So I would use the built-in obfuscator, yes, but not pay for it, and frankly all .NET compilers should have a compiler option to obfuscate compiled code.
It doesn't give the 'source code'. It's just that .NET decompilers can do a much better job than x86 assembly decompilers because compiled .NET assemblies still contain type information, method names, etc; and because MSIL isn't optimized (optimizations are left to the JIT). Non-optimized C code with type information (e.g. in form of debug symbols) can also be decompiled quite well, too.
-
It doesn't give the 'source code'. It's just that .NET decompilers can do a much better job than x86 assembly decompilers because compiled .NET assemblies still contain type information, method names, etc; and because MSIL isn't optimized (optimizations are left to the JIT). Non-optimized C code with type information (e.g. in form of debug symbols) can also be decompiled quite well, too.
Daniel Grunwald wrote:
It doesn't give the 'source code'.
It's as good as.
Daniel Grunwald wrote:
Non-optimized C code with type information (e.g. in form of debug symbols)
Only an idiot would ship a C++ .exe with debug symbols in it yet we ship C# .exes with even more information!
-
Michael Sync wrote:
I think buying Obfuscator tools are unless..
Depends on which one. I use them sparingly from time to time.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
I use them sparingly from time to time.
Which one do you like to use? I've seen one from 9 Rays a while ago, have you worked with that one? Jeff
-
Paul Conrad wrote:
I use them sparingly from time to time.
Which one do you like to use? I've seen one from 9 Rays a while ago, have you worked with that one? Jeff
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
-
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
peterchen wrote:
Isn't it the same as locking your front door?
No. My house is not performing anything so locking the front door wont' slow down anything. And also, I already locked with my key. I dont think I need to have finger-print scanner to do double-locking.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
How does obfuscation slow anything down? As far as I understand, it's glorified renaming. Or do you mean during build time?
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
blog: TDD - the Aha! | Linkify!| FoldWithUs! | sighist -
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul, thanks for all the info. I like your signatures, they are pretty funny.
-
Paul, thanks for all the info. I like your signatures, they are pretty funny.
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
:-\ Awww, thanks. I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites ;P
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
:-\ Awww, thanks. I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites ;P
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites
True. We're just one big happy family with the dysfunctional retard locked up in the basement.
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites
True. We're just one big happy family with the dysfunctional retard locked up in the basement.
Deja View - the feeling that you've seen this post before.
Pete O'Hanlon wrote:
one big happy family with the dysfunctional retard locked up in the basement
:laugh: Very true.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
-
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
csciwizard wrote:
I like your signature, too. I get the feeling sometimes, too.
Thanks (it's an original Peteism). It just seemed appropriate after answering the same question the 20th time.
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
Add an eye scanner for triple locking
haha. yes.. using obfuscator tool is not like locking the door. but it is like locking the kitchen doors in your restaurant while there are full of customers... it will take a lot of times just for locking and unlocking the kitchen
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Michael Sync wrote:
using obfuscator tool is not like locking the door
Sure it is. I looked at the 9Rays (referred by csciwiz, earlier) decompiler and it can't do anything with the code obfuscated with dotfuscator. So it does work to an extent.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
Pete's a cool guy and he always has something that is funny.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
I think buying Obfuscator tools are unless.. I'm not so sure why there are some people who are willing to spend their money on those tools.. maybe, the boss doesn't understand the technical thing and he hired bad technical guys..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
I think it depends on your application etc. I stick with encryption for all important data - so the obvious thing like encrypting all passwords and not making them public etc although that can still be hacked. In the end it is the data that tends to be the most valuable asset - in the UK we know this because government departments keep giving away free CD's with citizens private data on them. Most of the time it is going to be faster for someone to write the code from scratch than piece together decompiled code IMUHO(U = uninformed).
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
-
I think it depends on your application etc. I stick with encryption for all important data - so the obvious thing like encrypting all passwords and not making them public etc although that can still be hacked. In the end it is the data that tends to be the most valuable asset - in the UK we know this because government departments keep giving away free CD's with citizens private data on them. Most of the time it is going to be faster for someone to write the code from scratch than piece together decompiled code IMUHO(U = uninformed).
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
GuyThiebaut wrote:
faster for someone to write the code from scratch than piece together decompiled code
I agree. I put up a test virtual machine with some of the decompilers I found today, tried decompiling a class library I obfuscated with dotfuscator that comes with VS2008, and they all result in decompiled garbage that is hard to work with.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon