How can I hide the sensitive data in an assembly since the advent of reflector (from red gate) RRS feed

  • Question

  • I've tried some obfuscator,but they only change the names, my source code is still clear to anyone who want to see it.

    any ideas?
    thanks in advance.
    Monday, April 13, 2009 2:48 PM


All replies

  • Since .NET languages are bytecode (allowing interpreters), you can't. Obfuscation is the best you can get. Better obfuscators can obfuscate program logic, not just rename variables.

    Monday, April 13, 2009 3:06 PM
  • You can find a little bit more about obfuscation techniques here: How to select an obfuscator. Some of them use 'Control flow obfuscation', you might want to look into it.
    Here's a list of some popular obfuscators.

    • Marked as answer by Tom Shark Tuesday, April 14, 2009 8:17 AM
    Monday, April 13, 2009 3:16 PM
  • Most good obfuscators will do many things to deter people from reflection.  Reflector will not display the results of code obfuscated by most obfuscators, including the ones by Preemptive and many other companies.

    Good obfuscators also include control flow obfuscation, which does make it much more difficult (though still not impossible) to follow your code.  String encryption can help tremendously here, as well, since many attacks rely on tracking the usage of a specific string, and following the flow from there.

    However, no obfuscation tool is perfect - they are strong deterrants, but anybody who is truly committed will still be able to reverse engineer your code.  However, the same thing is true in compiled languages.  Tools like IDA Pro do a fairly good job of reverse engineering compiled C++, for example.

    In the end, I think it's better to include some level of protection, but not to stress too much about it.  The goal is to make users want to purchase your software - not to try to protect it from the world.  In the long run, I believe that's a better strategy.

    Monday, April 13, 2009 3:31 PM
  • If you have any sensitive components, why not write them in COM, and call them in .NET.

    Ganesh Ranganathan
    [Please mark the post as answer if you find it helpful]
    Tuesday, April 14, 2009 3:36 AM