Armin576301

How can I make my application, so no reflector software can get it's source code



Re: Visual C# General ANTI-REFLECTOR SOURCE

Nimrand

There is no way to prevent reflector from extracting "source code" from an assembly. What reflector is doing is just reverse-engineering the code from the IL code and metadata in the assembly. It is actually possible to reverse-engineer any sort of application, such as one compiled in native C++. However, because of some of the properties of IL and all the metadata that .NET stores in assemblies (which is needed by the CLR for linking and other things), reflector and programs like it are able to derive source code that is much more readable than what it typically possible with native applications.

For example, .NET metadata includes names of class fields, and so the reflector is not only able to reconstruct the structure of the class, but also the descriptive names.

You can't stop people from using reflector, but what you can do is use an obfuscator that jumbles all the names in the assemby and performs transformations on the code that do not modify its behavior but makes it much harder to understand. If someone tries to use reflector on an obfuscated assembly, they will have a very hard time understanding the resulting source code, and it will most likely be useless to them because it would be easier for them to write their own code from scratch rather than try to steal yours.




Re: Visual C# General ANTI-REFLECTOR SOURCE

Armin

Tnx for the reply. I can't believe there is no bette way to protect your source. Misteake by microsoft...





Re: Visual C# General ANTI-REFLECTOR SOURCE

Matthew Watson

There are obfuscators, of which the best known is Dotfuscator (a cut down version of that comes with Visual Studio).




Re: Visual C# General ANTI-REFLECTOR SOURCE

boban.s

There are many dotfuscators these days, some of them are good some of them are not that good. Here is a link for many of them.

http://sharptoolbox.com/categories/code-protectors-obfuscators

My favorites are CodeVeil, Dotfuscator and {SMARTASSEMBLY}. With these one's you can protect your source at highes level.






Re: Visual C# General ANTI-REFLECTOR SOURCE

Karioth

Almost the same question.
Can I prevent invokation of some private method via reflection from other code




Re: Visual C# General ANTI-REFLECTOR SOURCE

Eugene Dolinskyy

Hello Karioth,

No, you can't prevent invokation of methods of your types via reflection.

Thanks,

Eugene






Re: Visual C# General ANTI-REFLECTOR SOURCE

Matteo Spreafico

Eugene Dolinskyy wrote:

No, you can't prevent invokation of methods of your types via reflection.



False!!. See ReflectionPermissionAttribute: http://msdn2.microsoft.com/en-us/library/System.Security.Permissions.ReflectionPermissionAttribute.aspx






Re: Visual C# General ANTI-REFLECTOR SOURCE

Matteo Spreafico

And about preventing decompilation of your assemblies, i know a great article, but it's written in italian. The link is:

http://www.dotnet2themax.it/blog/PermaLink,guid,d40b1b7e-3499-44af-9692-90f37a70bb33.aspx

The author is the great Francesco Balena, nothing else needs to be said, I think. May be you can write to him and ask a quick summary of the article in English.

m.





Re: Visual C# General ANTI-REFLECTOR SOURCE

Nimrand

As the author of the assembly, however, you generally can't control the permissions that the person who uses your assembly assigns to another assembly that may attempt to call a private method on your assembly via reflection.





Re: Visual C# General ANTI-REFLECTOR SOURCE

Eugene Dolinskyy

Matteo Spreafico wrote:
Eugene Dolinskyy wrote:

No, you can't prevent invokation of methods of your types via reflection.



False!!. See ReflectionPermissionAttribute: http://msdn2.microsoft.com/en-us/library/System.Security.Permissions.ReflectionPermissionAttribute.aspx

Sorry, but you are not right. You can't control permissions user using your assembly will have.

If you think that you are right you can provide me with dll that can prevent me from invokation of some private method.

Eugene.






Re: Visual C# General ANTI-REFLECTOR SOURCE

Matteo Spreafico

@ Nimrand and Eugene:

Yes, you're right. With ReflectionPermission you can deny reflection capabilities only down the callers chain, not up.

My fault, sorry.

m.





Re: Visual C# General ANTI-REFLECTOR SOURCE

PowderGoblin

Hey Armin,
For whatever it is worth,
I just went through the same thing and thought it might be helpful for you and others.
I tested Dotfuscator, .NET Reactor and dotNetProtector.
Dotfuscator experience was not good - the interface is a bit confusing and it broke my assemblies no matter what I tried with the help of support. My assemblies are really simple.
dotNetProtector was OK but it cost 300 Euro. (well Dotfuscator was not cheap either)
I got all I needed for just 175 bucks from .NET Reactor.
The support is nice and very knowledgeable - you are talking to somebody who knows things inside out.
You can get more than obfuscation - you can have also licensing methods embedded. You can decide not to obfuscate certain portions and stuff like that.
There was only one thing I did not get but it was OK at the end - just remember that if your assembly breaks in EXE mode you can still obfuscate in LIBRARY mode. Also if you get trouble with serialization err messages after obfuscation - just disable the "Obfuscate serializable types".
Btw. the obfuscated assemblies cause an exception in Lutz Roeder's REFLECTOR - so you are safe there Smile

Hope it was helpful.




Re: Visual C# General ANTI-REFLECTOR SOURCE

Matteo Spreafico

PowderGoblin wrote:

I just went through the same thing and thought it might be helpful for you and others.
I tested Dotfuscator, .NET Reactor and dotNetProtector.

So you just went through the same thing. And you registered today and wrote your first post because you thought it might be helpful...

You know, I don't mind if you try to advertise your product. But if you do it while dissimulating your intention... well, I will never try your product.






Re: Visual C# General ANTI-REFLECTOR SOURCE

PowderGoblin

No - I went through this thing starting Jan 10 - my first e-mail to .NET Reactor that it broke the assebly
I researched this web-site and found the post to the link from which I found this product to begin with (reply from boban.s).
I also got the other products from this link.
I had correspondence to Dotfuscator between Jan 2 and Jan 18th.
I don't have it on top of my agenda to go around and post messages - till today when I was bored and was looking what to do - working from home and the business is slow.
Then I remembered that my search started from this forum and decided that I can give something back.
In general, however, I can understand your reaction.

Then - again - where is the line between giving feedback and abusing feedback.
Don't know - you tell me.
btw - It is also very easy to find spammers - see what their activity was on the forums - then ban them from the forums.
Also - the forum hosts can identify them as they see the personal information.
Honestly - if I had a company I would not try to risk to piss forum users when at the end of the day the scam gets uncovered.

At the end of the day though - I am glad that you had this reaction.