How to prevent decompilation of any C# application [closed]

你说的曾经没有我的故事 提交于 2019-11-27 18:33:40

If you deploy .NET assemblies to your client machines, some kind of decompilation will always be possible using reflector and similar tools.

However, this situation isn't materially different to what you'd encounter if you wrote the application in native C++. It is always possible to decompile things - if it were impossible, the processor couldn't understand it either.

You're never going to defeat the expert cracker - they'll treat your security as an intellectual puzzle to be solved for the challenge alone.

The question revolves around how hard it is to defeat your licensing practices and the return on investment.

Sit down with a spreadsheet and look through the possible scenarios - the danger is probably less than you think.

Factors like "ease of use" are visible in your software for any user to observe - so you'd think it easy to copy. But, good User experience is rare (and seldom copied well), because most developers (myself included) are nothing like typical users.

I'd suggest you concentrate on making the job of a cracker harder, cause you can never make it impossible, just non-profitable.

One possibility to try: It's possible to pre-compile assemblies into native code as a part of the installation process. Paint.NET does this for performance reasons. I believe that once you've done this, you can discard the original assemblies and use the optimised, native code editions.

If it were me, I wouldn't be attempt to obfuscate; I would:

  1. Not worry about it and aim to continually improve and stay in front

But secondly

  1. Consider providing the 'secret' services over the Web. It's up to you to decide how critical and possible this is; but it does "prevent" decompilation, because the end user doesn't even have the code.
Ganesh R.

Google for .NET Obfuscator. You will find a lot of products that will help in this. Also there are related questions already asked in Stack Overflow.

Here are some:

EDIT: While searching for De-Obfuscating tools, I came across an open source tool De4Dot. This tool supports decompiling obfucated dlls created by most commercial tools and does a pretty good job too.

The last time I looked into this, Spices.Net Obfuscator looked like the best thing on the market.

No, I don't work for them. :)

I use smartassembly. It is simple to use and also has the ability to send crash reports back too you built in.

The obfuscators others have mentioned are likely very good.

An alternative approach you might not have considered is to code some of the core business logic using a language that is fully compiled to machine code, such as C++.

The benefit of doing this is that it makes it far more difficult for someone to decompile your code. A drawback to this is that you have code in two languages to maintain. This might not be the best approach for your situation, but is useful in cases where only a small part of the code needs to be obfuscated while the remainder of the code is UI fluff.

As an example, your medical software package might be performing edge detection of say, certain glands for the purpose of telling a doctor the size of said gland. The algorithm for calculating the size of the gland from a bitmap image would be contained in a DLL written in C++.

to answer your question about the C++ wrapper around the .net code; I dont think it would work, because when you deploy the application the final c++ dll and .net dll containing the business logic code will be separate entities and the ones who want to get to your business logic would still be able to just pick out the .net dll and peek inside.

Spencer

you might want to consider Remotesoft Salamander Protector this is much better than anything else in that it makes it impossible to decompile to the high level language.

Of course, anybody who is an expert can spend enough time with your software and figure it out because it does decompile some,but it hides all the set and get methods

So, they can get a peak,but that is about it. they have to figure out the rest which lowers the probability of anybody just cracking it.

hope this helps

Kalpak

Writing on this thread after a long time. We have purchased a software called Intellilock which is helpful in preventing decompilation, obfuscation and also has a strong licencing module.

We did not go for .Net Reactor even though it has more prevention controls as Intellilock was serving our purpose well enough.

Obfuscator confuses the code but protector protects. You can use .Net protector: NetWinProtector

Kalpak

Intellilock has served our purpose well in terms of obfuscation as well as licensing. But I would not recommend the product as the support is not upto the mark. We never got replies in time for the problem we were facing. We had to search and research on our own or even change the business requirement to achieve some goals.

Via this answer I am not intending to promote or demote any software but just want make people aware about the product we are using so they can make wise decision.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!