Obfuscating .NET Applications

Previous page
Table of content
Next page

By now, you understand that .NET Framework programs (applications, Web services, Web applications, shared libraries, and so on) are compiled to intermediate language and converted to the native machine code only when executed by the JIT Compiler. Although this has a number of benefits, including underlying architecture independence, language independence, and true language interoperability, it also has a side effect that the generated MSIL code isn't very hard to understand and effectively could be decompiled back into source code. In some scenarios, this is a significant security concern because there is a potential risk of losing intellectual property related to the code. In fact, a couple of decompilers are already available that can be used to reconstruct source code from compiled .NET applications. These tools can be very useful in recovering accidentally lost source code, but they can also pose a security threat to the IP contained in the source code.

SHOP TALK : DECOMPILATION FOUND USEFUL!

Believe it or not, decompilation of source code can at times be very useful in scenarios where you have lost source code, either by accidental deletion or overwriting. In such scenarios, I have actually decompiled a set of assemblies back to their source code and recovered some of my lost code. However, this certainly shouldn't be a practice, and instead, you should periodically check your code into a version management repository such as Visual SourceSafe or Concurrent Version System (CVS) (but decompilation can certainly be a trick worth applying in extreme scenarios).


Fortunately, every problem has a solution, or at least a workaround; a set of tools called code obfuscators are available for the .NET platform. They create functionally equivalent MSIL code, but it is much harder to decompile. Essentially, the process of obfuscation involves application of a variety of established algorithms. These include removal of the nonessential metadata, renaming of symbols, modification of control flow, string encryption, compaction, and so on. After the obfuscation process has been completed, the code is converted into a compact obfuscated version of the MSIL code. Included with Visual Studio .NET 2003 is a light version of such a tool, called Dotfuscator Community Edition, which performs some level of obfuscation. A more enhanced Professional Edition is available from Preemptive Solutions (http://www.preemptive.com) as well. The professional edition performs higher levels of code obfuscation, further decreasing the chance of IPs being lost through recompilation of MSIL code. The tool is integrated with Visual Studio .NET so that it can be made an integral part of your build process.


Previous page
Table of content
Next page
Microsoft.Net Kick Start
Microsoft .NET Kick Start
ISBN: 0672325748
EAN: 2147483647
Year: 2003
Pages: 195
Authors: Hitesh Seth
BUY ON AMAZON
VBScript Programmers Reference
Java for RPG Programmers, 2nd Edition
GO! with Microsoft Office 2003 Brief (2nd Edition)
Special Edition Using Crystal Reports 10
File System Forensic Analysis
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy