Hi Edwin,
And as i said, let's not strand into discussions about decompiling to a
level of win32 assembly code.
Would you be surprised if I told you I have a decompiler that can
decompile .Net assemblies, obfuscated or not, into C#, and that it is a
commercially-available product?
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.
If we post our dll's on another compagny's server or even distribute
simple apps for the consumer market.
We don't want to give away our programming skills.
And as i said, let's not strand into discussions about decompiling to a
level of win32 assembly code.
There will be no one interested to decompile ASP.NET code to assembly
to get a hint of how our code works.
But as i see it, the current stuff seems easy to be decompiled into a
useful language.
I don't know exactly since i never seen decompiled code.
Maybe someone can post a not to complex procedure, before and after..
??
"Kevin Spencer" <
[email protected]> schreef in bericht
Comparing of apples and oranges..?
Not at all.
Obfuscation is not fool-proof once the DLL is obtained. In fact,
nothing is. Decompilation is always possible. If the computer can read
the DLL, so can a decompiler.
Earlier, John asked if "we [are] all getting a false sense of
security." I would argue that we are all getting a false sense of
INsecurity. In fact, obfuscation should not be necessary at all. If
anyone other than the author can get to the DLLs on the server file
system, there is already a huge hole in the security for that system.
Software thievery is exactly like "real-life" thievery. It is the
illegal acquisition of another person's property. And just as in
"real-life" thievery, there are levels of expertise in the thievery
realm. There are shoplifters, and there are safe-crackers. And
software should be protected in the same way that "real-life" property
should be protected, according to its value, because the higher the
level of protection you wish to employ, the more it will cost you.
Nobody has yet robbed Fort Knox. but in 1936 it cost over a
half-million dollars to build the gold depository vault, and the Fort
has an annual budget of over 12 million dollars. Obviously, you don't
want to spend that much money to protect your wallet.
So, the amount of trouble, time, and expense to protect intellectual
property should be proportional to the value of the property. And
again, if a hacker can break into the file system of the web server,
obfuscation isn't any solution at all. Fixing the security hole in the
web server is the solution.
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.
Comparing of apples and oranges..?
"Mark Rae" <
[email protected]> schreef in bericht
How much difference does that make?
It will deter the casual decompiler, nothing more.
Is source still retrievable?
Yes, given enough time and resource...
I mean are we getting a false sense of security?
It largely depends. A skilled and determined car thief will be able
to steal your car no matter how carefully you lock it...