How to protect a decompilation assembly?

4

Nowadays there are a lot of changers and recompilers for .NET Framework, the guy goes there, makes an application and everyone who has a decompiler (for example IL Spy) can go there, select the Assembly and see all the source code of the application, including its variables, which is the biggest problem. My questions are:

  • Can I protect my application against decompiling? So that I can get an error, or some encryption when trying to decompile my application into a decompiler?
  • How do I protect my literals and variables? For example, I make an application that uses FTP requests to download a file, there is the variable servidor , username and password , the guy who decompiled the file. application can have access to the content of these three variables?
asked by anonymous 10.03.2016 / 20:09

2 answers

7

First of all, read this: How to protect the source code

Protecting intellectual property

There is really a bit of an exaggeration in thinking that people will decompile and reuse the code. It's not that simple and it has to be pretty crazy to do this. I do not see happening around. In simple codes it is not worth working on complex codes, decompiling does not solve much.

It is not so true that you can retrieve the original full code. Besides not recovering the comments, it does not recover the name of the local variables also that it is still documentary. Without these things it greatly complicates the understanding of the code. Also the flow does not come back exactly as it was. Most of the time you will be able to copy it again but it will be very difficult to maintain.

No technique is effective, some make it difficult. The obfuscation is the one that gives better result because it modifies the code to be more illegible still and to make life difficult of the decompiladores. But it does not preclude decompilation. You can not do this.

If you're still going to do this, I use one of the obfuscators available for .Net . From experience, almost all programmers know that it rarely works.

Some of them do a "very good" job that prevents the assembly from working correctly. Others generate enormous execution inefficiency.

Protecting sensitive data

Obviously you should not put sensitive information inside the code (passwords, addresses and other information that should be private). This should be left out and should be encrypted (preferably not even close to the application, inside or outside).

    
10.03.2016 / 20:26
2

The best way to protect your code is to UNDERSTAND.

Here you have a .NET Observer List .

  

Obfuscation is the process of modifying an assembly so that   is no longer useful to a hacker, but remains usable for   execution of its operations. Although you can change   the metadata or the actual method statements, this does not change the flow   the program. There are several techniques that can be   which are described below.

    
10.03.2016 / 20:25