How to protect an assembly from decompilation?
Nowadays there are many disassemblers and recompilers for .NET Framework, the guy goes there, makes an application and everyone who has a decompiler (for example IL Spy) can go there, select the Assembly and see all the source code of the application, including its variables, which is the biggest problem. My questions are:
- Can I protect my app from decompilation? to give error, or some encryption when trying to decompile my application in a decompiler?
-
How do I protect my literals and variables? for example, I make an application that uses FTP requests to download a file, ai has the variable
servidor,usernameandpassword, can the guy who decompiled the app have access to the contents of these three variables?
2 answers
First of all read this: How to protect the source code?
Protect intellectual property
There really is a certain exaggeration in thinking that people will decompile and reuse the code. It's not that simple and you have to be pretty crazy to do this. I don't see it happening out there. In simple codes it is not worth the work, in complex codes decompiling does not solve much.
Is not so true that you can recover the original integral code. In addition to not retrieving comments, it does not recover the name of local variables which also does not cease to be a documentator. Without these things greatly complicates the understanding of the code. Also the flow does not return exactly as it was. Most of the time you will be able to compile it again but it will be very difficult to maintain it.
No technique is effective, some make it a little difficult. Obfuscation is what gives the best result because it modifies the code to become even more unreadable and make it difficult the life of decompilers, but it does not make decompilation impossible, there is no way to do this.
If you are still going to do this, use one of the obfuscators available for .NET. from experience almost all programmers know that it is rarely worth the work.
Some of them do a job "so good" that it prevents the assembly from working properly. Others generate enormous execution inefficiency.
Protect sensitive data
Obviously not if you must put sensitive information inside the code (passwords, addresses and other information that should be private). This should be outside and should be encrypted (preferably it should not even be near the application, inside or outside).
The best way to protect your code is by obfuscating.
Here you have a list of obfuscators for .NET .
Obfuscation is the process of modifying an assembly so that already no longer useful for a hacker, but still usable for execution of its operations. Although it can change the metadata or the actual method statements, this does not change the flow logical or the output of the program. There are several techniques that can be used which they are described below.