Author Topic: How do you deal with reverse engineering in .NET?  (Read 6341 times)

0 Members and 1 Guest are viewing this topic.

Augusto

  • Newt
  • Posts: 75
How do you deal with reverse engineering in .NET?
« on: August 05, 2020, 08:45:00 AM »
Hello guys!
I hope everything is fine with you and your families.

I don't have much to say in this post, as the title says it all.

It seems a little frustrating that programs written in C # or VB.net are easily decompiled.

How do you feel about this issue and how do you try to inhibit this type of action?
Could you tell me about your experiences?

Cheers,

Augusto

JohnK

  • Administrator
  • Seagull
  • Posts: 10605
Re: How do you deal with reverse engineering in .NET?
« Reply #1 on: August 05, 2020, 09:14:11 AM »
I assume you are referring to programs that you sell.
I don't write in .NET but I would take the stance that if a person was willing to pay for the application then the odds are they wouldn't really want--or care--to decompile if they needed it fixed; they would send an email instead. Of course you could get a competitor buying and decompiling your program but I think you'd have to take your chances.

If your talking about programs that you do not sell.
Release the source code on a code hosting site and get collaborators.
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

zero.half

  • Mosquito
  • Posts: 7
Re: How do you deal with reverse engineering in .NET?
« Reply #2 on: August 05, 2020, 10:46:25 AM »
You can try with obfuscation, chances are this can make reverse engineering not worth the effort.

JohnK

  • Administrator
  • Seagull
  • Posts: 10605
Re: How do you deal with reverse engineering in .NET?
« Reply #3 on: August 05, 2020, 11:36:50 AM »
And impossible to maintain.
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16899
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #4 on: August 05, 2020, 12:21:44 PM »
I don't worry about it. Even programs written in straight up C++ are able to be reverse engineered.

I've had the dubious task of reverse engineering lots of software and the bottom line is that if the computer can understand what it is supposed to do, then a human can reconstitute it into understandable code.

I use .NET because of the ease of development (arguably C++ or any other language could have the same thing said about them)

Decompilers don't reconstitute code as it is written, rather they reconsitute code as it is executed. Meaning that your "switch" may be reconstituted as a series of "if" or vice versa depending upon how the compiler and decompiler interpreted the machine code. That is only an example, but I think you get the meaning.

With obfuscation, the code is still readable, but you will have to actually figure out what each thing is and does. Not terribly difficult for a seasoned programmer.

With compiled binaries, reverse engineering generally generally has two forms. One where they reverse engineer the code to make changes to the program for whatever reason, and another where they simply identify the single point of failure, usually a registration schemata, where the application returns true or false for the registration status. The latter is quite simple to accomplish and is not easily prevented. The first one requires someone who is familiar with assembler and can readily convert it to an upper level language, or software to do it. Those people and software exists. There is no getting beyond that.

Bottom line, if you are worried about someone stealing your program, then you are probably going to be worried about someone stealing your program. If you are worried about your prospective clients reverse engineering it and using it, you probably aren't charging them enough money. After all, the money in software isn't what you have in development and production costs, it's what value the product brings to the end user.

It's why I am now selling an AutoCAD addon product for $900 per seat now, when the initial company who owned it was selling it for $30 per seat. They did not see the value in it and the clients didn't see the value in it. And it's all written in .NET.
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

Find me on https://parler.com @kblackie

huiz

  • Swamp Rat
  • Posts: 913
  • Certified Prof C3D
Re: How do you deal with reverse engineering in .NET?
« Reply #5 on: August 05, 2020, 03:10:49 PM »
If those stealing programmers are able to create a running program out of obfuscated code, they are also good enough to rebuild your idea from scratch, and make it probably better.


The best way is to be the first with a great idea and create a huge user base. Even if others copy your idea you still are market leader.




And a little obfuscating will help calm your mood.
The conclusion is justified that the initialization of the development of critical subsystem optimizes the probability of success to the development of the technical behavior over a given period.

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16899
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #6 on: August 05, 2020, 03:51:34 PM »
If those stealing programmers are able to create a running program out of obfuscated code, they are also good enough to rebuild your idea from scratch, and make it probably better.


The best way is to be the first with a great idea and create a huge user base. Even if others copy your idea you still are market leader.




And a little obfuscating will help calm your mood.
All true, but sometimes time is more important. I was contacted by a company that had an internally developed comprehensive application. It would have taken me several months to rewrite from scratch and make it work like it should. Their developer died and for whatever reason they had access to only part of the code. The developer also obfuscated.

I reconstituted the code in C# in a couple of hours, manually unobfuscated the code, ported it into new VS projects, documented everything, made their required changes and provided them updated binaries and complete source code that they could continue to update in-house, all within a couple of weeks.

I was paid quite well for the service. I could have rewritten it and probably would have charged them less money, but they didn't have time to waste. When you have multi-million dollar contracts on the line, you do what is necessary.

I still do the occasional project for them from time to time.

Speaking of which. I'm just about done with a project I've been working on solo for nearly 4 years. Yes, a project, in development for 4 years. Close to 2m lines of code. Finishing up beta testing and now to deploy. I'm hoping this is my huge payday!
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

Find me on https://parler.com @kblackie

Atook

  • Swamp Rat
  • Posts: 1027
  • AKA Tim
Re: How do you deal with reverse engineering in .NET?
« Reply #7 on: August 05, 2020, 10:24:10 PM »
Speaking of which. I'm just about done with a project I've been working on solo for nearly 4 years. Yes, a project, in development for 4 years. Close to 2m lines of code. Finishing up beta testing and now to deploy. I'm hoping this is my huge payday!

That's great, congrats Keith!

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16899
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #8 on: August 06, 2020, 04:03:50 PM »
Speaking of which. I'm just about done with a project I've been working on solo for nearly 4 years. Yes, a project, in development for 4 years. Close to 2m lines of code. Finishing up beta testing and now to deploy. I'm hoping this is my huge payday!

That's great, congrats Keith!

Thanks!

I am currently waiting on the website to be finished and then it will be game-on!
With a 2% US market share (I've got that many pre-orders) I can probably spend more time doing things I want to do. Regardless, it won't be chump change.
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

Find me on https://parler.com @kblackie

JohnK

  • Administrator
  • Seagull
  • Posts: 10605
Re: How do you deal with reverse engineering in .NET?
« Reply #9 on: August 06, 2020, 04:04:56 PM »
Let me know when you're hiring. :)
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16899
  • Superior Stupidity at its best
Re: How do you deal with reverse engineering in .NET?
« Reply #10 on: August 06, 2020, 04:20:29 PM »
Let me know when you're hiring. :)

I've considered it provided the income stream actually pans out
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

Find me on https://parler.com @kblackie

CADbloke

  • Bull Frog
  • Posts: 342
  • Crash Test Dummy
Re: How do you deal with reverse engineering in .NET?
« Reply #11 on: August 08, 2020, 11:46:05 PM »
Keith - awsome news! Congrats! I'd ask for a job too but I'm a fair way in the queue behind John, eh. I'm excited for you, well done.

Augusto: don't waste your time defending your code from people who would never ever pay for it anyway, especially at the probable expense of your customers (unpredictable weird problems), support (garbage stacktraces) and your productivity (you have better things to do). I have had to reverse-engineer obfuscated code before and it is ridiculously easy, I'm talking drag-drop onto de4dot, run JustDecompile on that executable and edit the code for an hour or 2 easy. All an obfuscator buys you is scrambled names for some of the things. More at https://stackoverflow.com/questions/506282/protect-net-code-from-reverse-engineering

Just make it easy for your customers to comply and pay you, and encourage them to do so. Use some kind of licensing (see https://www.theswamp.org/index.php?topic=50609). I sell a .NET app for $3.3k and I don't have a piracy problem, well apart from the odd rogue in China but meh. Sell to businesses, they don't steal stuff (as much). They also don't want the malware that comes with pirated software.

dgorsman

  • Water Moccasin
  • Posts: 2437
Re: How do you deal with reverse engineering in .NET?
« Reply #12 on: August 09, 2020, 12:58:02 PM »
Let me know when you're hiring. :)

Sounds like something for the new job board.   ;-)
If you are going to fly by the seat of your pants, expect friction burns.

try {GreatPower;}
   catch (notResponsible)
      {NextTime(PlanAhead);}
   finally
      {MasterBasics;}

MP

  • Seagull
  • Posts: 17750
  • Have thousands of dwgs to process? Contact me.
Re: How do you deal with reverse engineering in .NET?
« Reply #13 on: August 09, 2020, 05:04:35 PM »
I’d say wow but I’m not surprised. You’ve always been ambitious and industrious, be it authoring solutions or upgrading properties for re-sale. Wishing you enduring "beyond expectation" success and financial freedom Keith. Cheers.
Engineering Technologist • CAD Automation Practitioner
Automation ▸ Design ▸ Drafting ▸ Document Control ▸ Client
cadanalyst@gmail.comhttp://cadanalyst.slack.comhttp://linkedin.com/in/cadanalyst

MP

  • Seagull
  • Posts: 17750
  • Have thousands of dwgs to process? Contact me.
Re: How do you deal with reverse engineering in .NET?
« Reply #14 on: August 09, 2020, 05:25:32 PM »
I'm just about done with a project I've been working on solo for nearly 4 years. Yes, a project, in development for 4 years. Close to 2m lines of code.

{blink}

2m lines / 48 months / 160 hours / 60 min ~ 4 lines code per minute = working from non trivial existing code base and/or use of many third party code libraries. Amiright? Does not diminish visioneering, architecting or applied expertise, just an observation / musing out loud.
Engineering Technologist • CAD Automation Practitioner
Automation ▸ Design ▸ Drafting ▸ Document Control ▸ Client
cadanalyst@gmail.comhttp://cadanalyst.slack.comhttp://linkedin.com/in/cadanalyst