By now, you understand that .NET Framework programs (applications, Web services, Web applications, shared libraries, and so on) are compiled to intermediate language and converted to the native machine code only when executed by the JIT Compiler. Although this has a number of benefits, including underlying architecture independence, language independence, and true language interoperability, it also has a side effect that the generated MSIL code isn't very hard to understand and effectively could be decompiled back into source code. In some scenarios, this is a significant security concern because there is a potential risk of losing intellectual property related to the code. In fact, a couple of decompilers are already available that can be used to reconstruct source code from compiled .NET applications. These tools can be very useful in recovering accidentally lost source code, but they can also pose a security threat to the IP contained in the source code.
Fortunately, every problem has a solution, or at least a workaround; a set of tools called code obfuscators are available for the .NET platform. They create functionally equivalent MSIL code, but it is much harder to decompile. Essentially, the process of obfuscation involves application of a variety of established algorithms. These include removal of the nonessential metadata, renaming of symbols, modification of control flow, string encryption, compaction, and so on. After the obfuscation process has been completed, the code is converted into a compact obfuscated version of the MSIL code. Included with Visual Studio .NET 2003 is a light version of such a tool, called Dotfuscator Community Edition, which performs some level of obfuscation. A more enhanced Professional Edition is available from Preemptive Solutions (http://www.preemptive.com) as well. The professional edition performs higher levels of code obfuscation, further decreasing the chance of IPs being lost through recompilation of MSIL code. The tool is integrated with Visual Studio .NET so that it can be made an integral part of your build process. |