Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to protect .net applications from reverse engineering

    • 0
    • 1
    • 1
    • 1
    • 0
    • 0
    • 0
    • 0
    • 610
    Comment on it

    When we write code and compile them,our class files are converted in to Dlls, and we assume them as safe.
    But those Dll files can be used for backtracking to your code,your application logic and your secret algorithms(If you have any).
    What?Are you talking real? I thought I was secured with Dlls and I implemented security too.
    Yes, you implemented security but that was for your data.What about code and logic? You didn't implement anything for that purpose.

    You don't need to freak out that much. You have some tools for shielding your code and the process of shielding is called "Obfuscation".
    Ok. And How it's done?

    There is one tool named "Dotfuscator" which ships with your Visual Studio. So let's see the steps for securing our code.
    For this article I have a file named "TimeZone.dll". If I try opening this file in IL Disassembler(Will tell you about that too) it will look something like following:-

    alt text
    Fig 1-Dll structure exposed in IL Disassmbler

    Here we can see that our method structure is clearly visible and can be guessed. So we need to obscure it in a way that it can't be guessed easily.
    Open the Dotfuscator tool. You can find it in following path in your system.
    "C:\Program Files (x86)\Microsoft Visual Studio 12.0\PreEmptive Solutions\Dotfuscator and Analytics Community Edition"

    The drive and version may differ according to your installation path and your visual studio version. You can also find it in visual studio->tools.

    After the Dotfuscator opens,you need to right click and click on "AddInput". The following pic shows the process:- alt text
    Fig 2-Dotfuscator screen

    Select the desired file("TimeZone.dll" in my case) and click open file selection dialog. So the file shows here and it looks something like following:-

    alt text
    Fig 3-Dotfuscator screen

    Now that you've selected your Dll,click the green arrow and start the conversion(You can see the button just below the "Build" menu option on top left).
    After the process has been completed,we need to take a look at our obfuscated dll file. By default it is found in "Dotfuscated" folder (Created by Dotfuscator right where your file exists). You can change the output path to a specific one.
    Now we can check the changed file and it looks something like following:-
    alt text
    Fig 4-Obfuscated DLL

    We can see that names of all of the methods or variables are changed and they provide almost no clue about the Dll functionality.

    IL Disassembler

    IL Disassembler is a tool which can be used to see the definition of assemblies by disassembling them. For opening it you will go to Visual Studio Command Prompt.
    And then you need to type "ildasm" and press enter. The IL Disassembler will open. Now you can open any Dll file in it.

    So any obfuscating software makes the code more secure or less secure than others available in market but they can't make it 100% impenetrable.The obfuscation should be your last line of defense that means you should implement other means of code security like secure servers(in case of web or client server system) or user permissions to your installation folder(can be configured when you are creating the setup of application) when your application is one standalone systems etc.

    Happy Coding:-)

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: