Thursday, January 7, 2010

Protecting dot net application

Months back I posted a blog on a piece of software called Reflector which could easily decompile your .net application and produce a complete source code. It could be a bit of surprise for some of you who may not have known this. Usually what happens is unlike c and c++ applications .net applications are not compiled into binary codes. When you compile an application it is generally compiled into MSIL(Microsoft Intermediate language). All applications created in .net are dependent on CLR(Common language runtime). It is this runtime that executes and interprets your intermediate language and produce a machine level code that can be executed by the computer. So basically this means your application hasn't been fully compiled into machine code. It is compiled into an intermediate language which is interpreted by .net runtimes.

However there are a lot of obfuscating tools available which can be used to obfuscate your application so that a decompiler cannot easily decompile your application. But don't misunderstand obfuscating with compiling. Obfuscating is generally a way to hide your code (rather than compiling the application into machine level code) in such a way that your application cannot be easily decompiled into a complete source code. It usually changes the informations in your assembly in such a way that it becomes unreadable and meaningless to humans even if the decompiler is able to decompile it. The output produced after obfuscation is still another set of assemblies which is functionally the same one to the input application. If you have noticed while installing, visual studio comes with a handy tool called Dotfuscator Community Edition provided by preemptive which can be used to obfuscate your application. However you may need to purchase a full version from primitive solution for more advance obfuscation. There are other tools available as well such as smartassembly which can do preety good job.

This is all i have to say regarding this topic. If you want to learn more you better start googling on this topic and present your view on your own. You can also refer to the links provided below for more information and resources.

Thwart Reverse Engineering of Your Visual Basic .NET or C# Code