none
.net reflector RRS feed

  • Question

  • hey guys :)

     

    recently I've made a project and published it, after a couple of days, someone sent me the full source code of my project!!! 

    At first, I got surprised, but I asked him back how could he do this, he told me that he used a program called ( .net reflector ) I downloaded that program, and tried it, and it really worked with almost all of the projects I previously made.

     

    So with that program you can get the source code of any program made using visual studio!!

     

    is there any way to protect my projects from such programs?!


    • Edited by Nightmare1994 Wednesday, December 21, 2011 6:18 PM
    • Moved by spacewrangler Wednesday, December 28, 2011 4:28 PM (From:Building Development and Diagnostic Tools for .Net)
    Wednesday, December 21, 2011 5:41 PM

Answers

  • Actually what it does it convert the IL into equivalent statements of the chosen language. Some of it looks very much like what your wrote and sometimes the compiler makes choices that result in different code to that what you actually wrote. 

    You can use an obfuscator program, as previously mentioned, if you are really worried but they will not protect you from a determined attacker, just slow them down. Question you have to ask yourself is why are you protecting it and from whom? Once you have assessed the risk you can determine you level of protection. And remember yo have other protections especially if you use the right sort of licence agreements and of course copyright still, as I understand it, counts for something in most countries.

    Not sure why someone sent you the full source code as that would be in violation of a normal commercial licence agreement, I assume this is a commercial application if you are interested in protecting it.

     

    • Marked as answer by Paul Zhou Thursday, December 29, 2011 8:31 AM
    Thursday, December 22, 2011 11:36 AM
  • If you're interested in obfuscation for your code, I recommend taking a look at one of the third-party obfuscators that work on managed code. For example, Visual Studio ships with the community edition of Dotfuscator, a popular obfuscation package.

     

    Moreover, you can refer to the articles and code project below:

    Obfuscation

    Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

    PHP Obfuscator

    Obfuscation


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us
    • Marked as answer by Paul Zhou Thursday, December 29, 2011 8:31 AM
    Monday, December 26, 2011 8:41 AM

All replies

  • > is there any way to protect my projects from such a programs?!
     
     
    see "Obfuscated code", "Obfuscation"
     
     
    Wednesday, December 21, 2011 6:15 PM
  • True - but it will not protect you from a determined attacker.
    Thursday, December 22, 2011 11:15 AM
  • so! there isn't any way to protect my projects completely :S

    well, anyway thx guys for your reply  
    Thursday, December 22, 2011 11:32 AM
  • Actually what it does it convert the IL into equivalent statements of the chosen language. Some of it looks very much like what your wrote and sometimes the compiler makes choices that result in different code to that what you actually wrote. 

    You can use an obfuscator program, as previously mentioned, if you are really worried but they will not protect you from a determined attacker, just slow them down. Question you have to ask yourself is why are you protecting it and from whom? Once you have assessed the risk you can determine you level of protection. And remember yo have other protections especially if you use the right sort of licence agreements and of course copyright still, as I understand it, counts for something in most countries.

    Not sure why someone sent you the full source code as that would be in violation of a normal commercial licence agreement, I assume this is a commercial application if you are interested in protecting it.

     

    • Marked as answer by Paul Zhou Thursday, December 29, 2011 8:31 AM
    Thursday, December 22, 2011 11:36 AM
  • ---> And remember yo have other protections especially if you use the right sort of licence agreements and of course copyright still, as I understand it, counts for something in most countries.

     

    As you said, it counts for something in most countries, but unfortunately my country isn't one of that countries :/

     

     

    --->Not sure why someone sent you the full source code as that would be in violation of a normal commercial licence agreement, I assume this is a commercial application if you are interested in protecting it.

     

    And he sent me the source code to tell me that "Yeah you take months to make a program, and I can get its source code in just a minute! and I can even add my own marks on it, then publish it as if it were mine"


    Thursday, December 22, 2011 12:03 PM
  • Ouch, what a ********. Do you have any friends with baseball bats by any chance - only kidding - just.

    Then obfuscation looks like it is your only hope but as I said it will only slow a determined hacker down.

    However you have to determine the cost it would take for someone to break your app compared to the benefit they would get - hopefully the nuisance value and that people would move to some other low hanging fruit (something easier).

    I'd also consider things like a licensing solution to stop someone just using your assemblies with their own resources/branding etc. something like this (first hit in google) http://www.eziriz.com/intellilock.htm declare they can give you both licencing and obfuscation.

    Obviously you haven't mentioned what the application is or what country your are in but does your app have to be desktop? If you can make the same service online then you can protect a good chunk of your IP by not delivering it the end user - just the UI via HTML/Silverlight/Desktop.

    Sunday, December 25, 2011 11:30 AM
  • well, my previous project was a Desktop Image processing application, I guess it'll be hard to make it a web project, and I'm from Palestine :)

     

    thank you, and I'll try the solutions you mentioned  :) 

    Sunday, December 25, 2011 7:54 PM
  • If you're interested in obfuscation for your code, I recommend taking a look at one of the third-party obfuscators that work on managed code. For example, Visual Studio ships with the community edition of Dotfuscator, a popular obfuscation package.

     

    Moreover, you can refer to the articles and code project below:

    Obfuscation

    Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

    PHP Obfuscator

    Obfuscation


    Paul Zhou [MSFT]
    MSDN Community Support | Feedback to us
    • Marked as answer by Paul Zhou Thursday, December 29, 2011 8:31 AM
    Monday, December 26, 2011 8:41 AM