When .NET based assemblies go out the door, it’s incredibly simple for others to get access to your code. Download Lutz Roeder’s Reflector and take a look at what some of your assemblies have to say. The code visible is likely not going to be anywhere near as elegant as the original. The comments will be gone. The gist of what you are doing will be there. If you would prefer that your work be a little tougher to get at, read on.
Obfuscation was one of my first answers to this problem. An obfuscator ships with Visual Studio Pro, free and there are many available on the market. Obfuscation just didn’t do it for me. I once helped a customer troubleshoot problems with one of their software solutions from an unnamed vendor using Reflector and walking through the obfuscated code. This was really a painful experience, it does make it harder to figure out what is going on – but a friend of mine suggested a product that takes code protection one step further.
Hello Remotesoft Protector. This product is pretty cool. If you purchase the protector product you will receive three components. Salamander .NET Decompiler, .NET Obfuscator, and .NET Protector. Initially I was processing my assemblies with both the obfuscator and the protector. Now a days, I pretty much only run my assemblies through the protector.
Once you’ve processed an assembly with the protector and you open it up in reflector things are going to look a little different. Here is a little before and after action for you:
Now lets take a look at the same code, but after being protected:
That’s it. Protector has made all your code go bye bye =) What’s happened here? As I understand it, Protector compiles all your managed .NET code into native code. So, yes, is it possible to disassemble native binaries. The difference here is the height of the bar – with plain .NET assemblies even my grand mother could get my code. Reverse engineering a native assembly is a different story. If someone with the skill to do that wants your code – well you must be writing some damn fine code. It would probably be easier for that kind of person to write it from scratch =)
I’ve been working on increasing my Joel Test score lately. One of my biggies is the one step build for RADE. That sentence really doesn’t do the task justice. The first step I’m tackling in the one step build is automating the process of protecting my .NET assemblies. I could not find any resources on doing with with MSBuild. Once I get it working, I’ll post some code.
All that said, I highly recommend you check out Protector if code protection is your thing. The price is a little bit steep at 1899$ for 1-5 developers – but how much money have you invested in that one little DLL or EXE file?