 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / May 2005Code Obfuscation
I'm concerned a commercial application I've completed could be stolen by deobsfuscation. However it's not clear to me what information is gained when my .net executable is deobsfuscated (decompiled?). Any insight on the subject would be greatly appreciated. -Alex > I'm concerned a commercial application I've completed could be stolen by > deobsfuscation. However it's not clear to me what information is gained > when my .net executable is deobsfuscated (decompiled?). Any insight on > the subject would be greatly appreciated. I blogged a bit about this recurring concern here: http://codingsanity.blogspot.com/2005/05/yawgan.html > I'm concerned a commercial application I've completed could be stolen by > deobsfuscation. However it's not clear to me what information is gained > when my .net executable is deobsfuscated (decompiled?). Any insight on the > subject would be greatly appreciated. Obfuscation and decompilation are separate things - obfuscation just makes it harder to read the decompiled code. The easiest way to find out what someone would see is to try it yourself. Personally I think it's not too much of a problem for most people - code is very hard to understand as a whole when you haven't got local variable names or any comments. I wouldn't worry about other comparnies stealing your code, unless you've got an important algorithm in there (which most applications don't - the IP is in the design, usually) but you might legitimately worry about people getting round your licensing code (if you use a licence key etc). However, the proportion of the population who can do this is very small - so long as they don't distribute the cracked version (which is something you might want to search for on a regular basis) you shouldn't lose many sales.  SignatureJon Skeet - <skeet@pobox.com> http://www.pobox.com/~skeet If replying to the group, please do not mail me too beside sign your assembly. it makes cracked version of your assembly less usable! (I believe...) >> I'm concerned a commercial application I've completed could be stolen by >> deobsfuscation. However it's not clear to me what information is gained [quoted text clipped - 18 lines] > version (which is something you might want to search for on a regular > basis) you shouldn't lose many sales. > beside sign your assembly. > it makes cracked version of your assembly less usable! (I believe...) Not really. The cracker just needs to find all the things which depend on the assembly being signed, and remove those dependencies. It makes it a little bit harder, but not a lot. Assembly signing is really there to allow the end user to prove that the software came from you; it doesn't make sure that someone who doesn't care about signatures can't run code. SignatureJon Skeet - <skeet@pobox.com> http://www.pobox.com/~skeet If replying to the group, please do not mail me too Yes john this is what I had assumed, my IP is in the design but I was still concerned about whether or not people who deobfuscate would be able to somehow recreate the code as it looks in my compiler. > > I'm concerned a commercial application I've completed could be stolen by > > deobsfuscation. However it's not clear to me what information is gained > > when my .net executable is deobsfuscated (decompiled?). Any insight on > > the > > subject would be greatly appreciated. > Obfuscation and decompilation are separate things - obfuscation just > makes it harder to read the decompiled code. > The easiest way to find out what someone would see is to try it > yourself. Personally I think it's not too much of a problem for most > people - code is very hard to understand as a whole when you haven't > got local variable names or any comments. > I wouldn't worry about other comparnies stealing your code, unless > you've got an important algorithm in there (which most applications > don't - the IP is in the design, usually) but you might legitimately > worry about people getting round your licensing code (if you use a > licence key etc). However, the proportion of the population who can do > this is very small - so long as they don't distribute the cracked > version (which is something you might want to search for on a regular > basis) you shouldn't lose many sales. > Jon Skeet - <skeet@pobox.com> > http://www.pobox.com/~skeet > If replying to the group, please do not mail me too >> I'm concerned a commercial application I've completed could be stolen by >> deobsfuscation. However it's not clear to me what information is gained [quoted text clipped - 18 lines] > version (which is something you might want to search for on a regular > basis) you shouldn't lose many sales. > Yes john this is what I had assumed, my IP is in the design but I was still > concerned about whether or not people who deobfuscate would be able to > somehow recreate the code as it looks in my compiler. Well, if you were to give people a debug build (with the pdb), they'd have pretty much your code minus the comments. If you give them a release build (without a pdb) they'll have the code without comments or local variables. If you obfuscate the code, that will remove as many meaningful names as possible (within the bounds of implementing public interfaces etc). SignatureJon Skeet - <skeet@pobox.com> http://www.pobox.com/~skeet If replying to the group, please do not mail me too Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.