Quirk Posted August 22, 2005 Posted August 22, 2005 Is it possible to some how compile .NET assembly files into native code, in a way that can be distributed? I want todo this in order to protect my source from being decompiled. I would try to obfuscate but I simply cannot aford any of them and the one included in VS Pro is simply not upto par. I don't really want todo this because my code is that awesome or original is the fact that there are parties I have been made aware of that would decompile and attach some kind of trojan or keylogger to my application, and then start distributing it, and the users would not know the difference becausse its still my code... Quote
Wraith Posted August 22, 2005 Posted August 22, 2005 Is it possible to some how compile .NET assembly files into native code' date=' in a way that can be distributed?[/quote'] No. I want todo this in order to protect my source from being decompiled. You're only going to irritate anyone who tries, if they want to disassemble your program they will. I don't really want todo this because my code is that awesome or original is the fact that there are parties I have been made aware of that would decompile and attach some kind of trojan or keylogger to my application, and then start distributing it, and the users would not know the difference becausse its still my code... Trojans keyloggers and other things are external to your application and short of detecting and refusing to run with them installed you're really not going to be able to do anything about them. There are adware and antivirus products to detect such things. Sign your assemblies, provide the public key and tell people to only trust it if it verifies with your key. If they want to run unverified versions thats their problem. Quote
Administrators PlausiblyDamp Posted August 22, 2005 Administrators Posted August 22, 2005 This has been raised many times already on these forums try any of the following for starters. http://www.xtremedotnettalk.com/showthread.php?t=92901 http://www.xtremedotnettalk.com/showthread.php?t=87289 http://www.xtremedotnettalk.com/showthread.php?t=77883 http://www.xtremedotnettalk.com/showthread.php?t=88916 http://www.xtremedotnettalk.com/showthread.php?t=82869 http://www.xtremedotnettalk.com/showthread.php?t=75908 Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Quirk Posted August 22, 2005 Author Posted August 22, 2005 Thanks alot PlausiblyDamp those were very informitive...however most of them seem to be more about the logistics of prevents people from gettings your source "Its pointless todo so because if they really try they can no matter what" My problem is I am not afraid of the high end reverse engineer hacker out there I am afraid of the 13 year old with the trial version of reflector who wants to easily embed some keylogger source he found of pscode into my application. All I want todo is make it 'harder' to get the actual source back. One of the threads had something about shoving the .net assembly into a vb6 executable or some such and then some how running it that way? Is that possible as that would suit my needs Quote
mskeel Posted August 23, 2005 Posted August 23, 2005 Is it possible to some how compile .NET assembly files into native code' date=' in a way that can be distributed?[/quote'] I've heard that nmake will allow you to compile .net code to a native win32 assembly but I have not done it myself. I know that there are Java tools that will compile java code into a native win32 assembly. Why not something for .Net? As far as actually protecting your software (really ensuring users it is safe), strong naming and checksumming would be the way to go to verify your binaries for users. The Linux/Open Source community uses checksums extensively and it seems to work pretty well. Quote
IngisKahn Posted August 23, 2005 Posted August 23, 2005 If you're using signed assemblies then there's not much more you can do to ensure that no one has modified your app. Embedding a key logger is just as easy in a standard PE file. You can't get back the 'actual source', just a reasonable facsimile. Using the cripple-ware Dotfuscator renders your app just slightly more readable than a plain PE. Quote "Who is John Galt?"
neodammer Posted August 23, 2005 Posted August 23, 2005 Who gets fooled by keyloggers now days? I believe most are detected quickly by standard uptodate virii detectors. In short checksum's are the best way to go and they are easy to perform. Quote Enzin Research and Development
Quirk Posted August 23, 2005 Author Posted August 23, 2005 Most of my user base are ages 9-14 so they are not tech sauvy Quote
mskeel Posted August 23, 2005 Posted August 23, 2005 Unfortunately, there is no way you can "idiot proof" your software. Look at the internet. Anyone can use it, but people get cleaned out every day by phishing scams while surfing the web. Perhaps you can include some documentation targeted at your audience that will help walk them through any sort of verification process? Also, just becuase you provide checksums doesn't mean they will be used. You give them the tools (checksums/strong names) and the means (documentation) to verify the software. If they fail to do so, it is my opinion that they got what was coming -- there is nothing you can do about it. Take the reasonable percautions and steps to protect yourself and make it known that others are expected to do the same. Your documentation should inlcude, how to verify and even recomending a person talk to the owner/administrator of the computer before proceding. Take reasonable precautions and it won't be your fault if a person thought they downloaded something that wasn't what you made... Quote
Administrators PlausiblyDamp Posted August 23, 2005 Administrators Posted August 23, 2005 To reverse engineer a specific application, add in code for a key logger or similar, recompile and redeploy is an awful lot of work and most definately not a trivial undertaking regardless of the individuals age; most definately not within the abilities of the typical 'script kiddie' style of hacker. Plus this will have to be undertaken every time a new revision is released. As has been mentioned before - your best bet is to give your application a strong name and implement a policy of only fully trusting signed applications and restricting all non-signed applications to a safer subset of functionality rather than overly worrying about the possibility of reverse engineering. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
neodammer Posted August 23, 2005 Posted August 23, 2005 Omg Script kiddie! 1337! dUde.. rofl Seriously he's right there are very few..very few who can..and even more so very few of those very few who will care enough to try to reverse engineer your software. Unless you housed something they wanted. Quote Enzin Research and Development
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.