Code Red > .NET
How do you deal with reverse engineering in .NET?
Augusto:
Hello guys!
I hope everything is fine with you and your families.
I don't have much to say in this post, as the title says it all.
It seems a little frustrating that programs written in C # or VB.net are easily decompiled.
How do you feel about this issue and how do you try to inhibit this type of action?
Could you tell me about your experiences?
Cheers,
Augusto
JohnK:
I assume you are referring to programs that you sell.
I don't write in .NET but I would take the stance that if a person was willing to pay for the application then the odds are they wouldn't really want--or care--to decompile if they needed it fixed; they would send an email instead. Of course you could get a competitor buying and decompiling your program but I think you'd have to take your chances.
If your talking about programs that you do not sell.
Release the source code on a code hosting site and get collaborators.
zero.half:
You can try with obfuscation, chances are this can make reverse engineering not worth the effort.
JohnK:
And impossible to maintain.
Keith™:
I don't worry about it. Even programs written in straight up C++ are able to be reverse engineered.
I've had the dubious task of reverse engineering lots of software and the bottom line is that if the computer can understand what it is supposed to do, then a human can reconstitute it into understandable code.
I use .NET because of the ease of development (arguably C++ or any other language could have the same thing said about them)
Decompilers don't reconstitute code as it is written, rather they reconsitute code as it is executed. Meaning that your "switch" may be reconstituted as a series of "if" or vice versa depending upon how the compiler and decompiler interpreted the machine code. That is only an example, but I think you get the meaning.
With obfuscation, the code is still readable, but you will have to actually figure out what each thing is and does. Not terribly difficult for a seasoned programmer.
With compiled binaries, reverse engineering generally generally has two forms. One where they reverse engineer the code to make changes to the program for whatever reason, and another where they simply identify the single point of failure, usually a registration schemata, where the application returns true or false for the registration status. The latter is quite simple to accomplish and is not easily prevented. The first one requires someone who is familiar with assembler and can readily convert it to an upper level language, or software to do it. Those people and software exists. There is no getting beyond that.
Bottom line, if you are worried about someone stealing your program, then you are probably going to be worried about someone stealing your program. If you are worried about your prospective clients reverse engineering it and using it, you probably aren't charging them enough money. After all, the money in software isn't what you have in development and production costs, it's what value the product brings to the end user.
It's why I am now selling an AutoCAD addon product for $900 per seat now, when the initial company who owned it was selling it for $30 per seat. They did not see the value in it and the clients didn't see the value in it. And it's all written in .NET.
Navigation
[0] Message Index
[#] Next page
Go to full version