Securing Assembly

Question

0.00/5 (No votes)

See more:

Hi All,
Can anybody tell me how can I secure my assembly(which i have to give to the client within installation package) so that any person can not opened it with tools such like Reflecter, Disassembler etc.

If somebody is able to view whole code within assembly via tools like reflecter, then what is the benefit of building such dlls.

Its a major security issue. Plz help me and give me some idea how can i secure my assembly file so that any anonymous could not able to view the source code of my application within assembly.

Thanks

Posted 31-Jan-11 1:21am

Pardeep Dhiman

Add a Solution

4 solutions

Solution 2

Your only recourse is to obfuscate it, but even that can eventually be reverse engineered. There are A LOT of obfuscation tools out there. Google is your friend.

Posted 31-Jan-11 1:24am

#realJSOP

v2

Comments

Pardeep Dhiman 31-Jan-11 7:58am

I have used these obfuscates, but how reliable these tools are?

I have read a lot of articles related to this topic on Internet. what i found, by using such tools you can not say my assembly is now 100% secure.

By the way, thanks for the help

Sergey Alexandrovich Kryukov 31-Jan-11 10:01am

Of course not, never.
--SA

Sergey Alexandrovich Kryukov 31-Jan-11 10:07am

There are more powerful commercial tools. I know only CodeVeil.
It's not obfuscation, its protection against reverse engineering and debugging. Anyone can write obfuscation; but it will only do what it does.
Also, sloppy but complex applications often don't work after obfuscation. For example, I saw people loading plug-in assembly and trying to instantiate some class using Reflection and a hard-coded string representing its name.
I always doubt: do you really thing someone will want to reverse-engineer your code? This is the first question to ask...
--SA

Sergey Alexandrovich Kryukov 31-Jan-11 10:08am

My 5, Jonh.
--SA

Solution 3

This problem is not specific to .NET or Java - CPU-specific binaries and even embedded code can be disassembled quite easily.Security by obscurity never works. Obfuscators protect you no better than a sign "beware of the dog" when there's really no dog. Someone determined to read your code will find a way to make an obfuscated disassembly readable. When you give your code to your customers, make sure that its source is completely useless to anyone reading it, i.e. that it does not contain trade secrets, proprietary algorithms that you must protect, or hard-coded passwords or private keys. If possible, move all sensitive code to the server side of which you have undivided control. Otherwise, your only protection is in the hands of the legal system of a country where you distribute your code (which is a fancy way to say that you are mostly unprotected).

Posted 31-Jan-11 7:07am

dasblinkenlight

Solution 4

Use an obfuscator. Your are wrong to say that obfuscator only renames the API. Some like Crypto Obfuscator has a lot of settings including Method Encryption, Method Call Hiding, String/Constant Encryption, etc besides usual like Symbol Renaming, Control Flow Obfuscation, etc.

Posted 8-Aug-12 23:55pm

LogicNP

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**JF2015** · Accepted Answer · 2011-01-31T01:23:00

Solution 1

Have a look at the various obfuscators. For example this one:
http://www.red-gate.com/products/dotnet-development/smartassembly/[^]
or this:
http://www.preemptive.com/products/dotfuscator/overview[^]

Posted 31-Jan-11 1:23am

JF2015

Updated 31-Jan-11 1:24am

v2

Comments

Pardeep Dhiman 31-Jan-11 8:07am

Is there any other way except this, because these fuscators only change member names nothing else. my code is still visible via tools like reflector.
Thanks

JF2015 31-Jan-11 8:14am

Basically what you need to understand is: in the .NET environment every application can be decompiled. Obfuscators are only helping you to increase the security bus never make it impossible - it's just a question of effort that an attacker uses to see your source.

Sergey Alexandrovich Kryukov 31-Jan-11 10:11am

This is some answer - my 5.
I never understood the need for this obfuscation. Just an extra hassle in development.
By the way, I tested dotfuscator, it's quite bad, I even had cases when it hangs. Maybe it was improved since that time, I don't know...
--SA

Espen Harlinn 31-Jan-11 14:58pm

Nice links, 5+ :)