Geek Answers Handbook

Is it not possible to protect .net (intellectual property) code?

I often worked in JavaScript, and one thing that really bothered my employers was that the source code was too easy to steal. Nothing helped even with obfuscation, because we all knew that any competent developer would be able to read this code if he wanted.

JS Scripts is one thing, but what about SOA projects that millions have invested in IP (Intellectual Property). I like .net, and especially C #, but I recently had to answer the question again: "If we pass this compiled program to our customers, can their developers redesign it?" I went out of my way to confuse the code, but I knew that it wouldn't take long if another C # developer got the code.

So, I seriously ask the question, is it possible to protect .net code?

I have the following considerations:

  • Even regular source executables can be undone, but not every developer has the opportunity to do so. Its much harder to parse your own executable file than the .net assembly.
  • Obfuscation will still get you, but it helps a little.
  • Why have I never seen any public statements by Microsoft that everything written in .net is related to the relatively easy theft of IP addresses? Why have I never seen trim training workouts on any Microsoft website? Why does VS come with the obfuscater community as an add-on? Well, maybe I just had a head in the sand, but it is not very high for most of the priorities of the developers.
  • Are there any plans to solve my problems in any future version of .net?

I do not knock .net, but I would like to get some realistic answers, thanks, the question designated as subjective and community!

+6
source share
2 answers

All code can be programmed with feedback.

.NET lowers the bar for this (just try Reflector!), But obfuscation brings it back again. A good obfuscator will raise the bar high enough to prevent everyone except a very dedicated, motivated person from reverse engineering your code.

Speaking, I personally would rather focus on quality. I run a small ISV and we use .NET - obfuscation is important, but if you can supply quality products, it really doesn't matter if someone tries to reverse engineer your code.

Even, presumably, if they could reprogram everything with a complex project, then they would be years, actually delivering something with a competitive advantage in the market ...

+10
source share

Any code can be reverse. Yes, it is easier in .NET or Java than in highly optimized C ++, but less than in Javascript or PHP. Obfuscation has a long way to reduce the vulnerability, but the reality is that a certain reverse engineer is about to find your secrets as soon as the code is in his hands, no matter what you did to hide it. Everything that you do, at best, makes it more unpleasant for him.

Good obfuscation tools will stop a random programmer whose experience begins and ends with Reflector, really getting an idea of ​​how your code works. In addition, everything you do is pretty much hopeless.

I don’t see this change at any time in the near future, because the .NET features that make it so easy to reverse are the same functions that provide powerful reflection and dynamism within the framework.

+1
source share

More articles:


All Articles