C# Security Concern

[clearz]

Hi,

Im just after downloading a program called exemplar.exe it will decompile my c# programs right back into source code. This is a great security concern for me. Is there a way to stop this from been able to be done (Or at least so easily).

Thanks
John Cleary

 

[jspencer]

There's a few obfuscators on the market that should make it very difficult to decompile IL.
I've tried the Remotesoft obfuscator before. Have a search on Google for others though.

 

[wyrd]

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dotfuscator/dotf68q6.asp

http://www.remotesoft.com/salamander/obfuscator.html
http://homepages.borland.com/jkaster/ccds/csharpbuilder1/9rays_net/il_obfuscator_2_5/

 

[Derek Stone]

You're fighting a losing battle. Unless your application has some spectacular algorithm implemented within it you shouldn't worry about who's going to be decompiling your application, because frankly no one cares what your source looks like. It's way too easy to reimplement whatever you've programmed in .NET within hours.

 

[wyrd]

I guess I should also mention that what Derek said is true no matter what language you're using. People will always find ways to look at your source code if they really want to. It's not really an issue at all with business applications, but it is with games, and is one of the reasons why it's near impossible to prevent people from programming game hacks.

 

[Volte]

You can get raw assembly from standard EXE files, but no source. Even if you know assembler, the assembly that is created from C++ code is probably very optimized and so not very readable unless you are an uber assembler-guru. You can very very easily retrieve source (in any .NET language) from the IL inside the assembly. The IL is sort of like assembler in that it uses op-codes in the form of bytes, but the op-codes are directly translated from .NET source, and are generally very close.