Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
I'm trying to protect my VB.NET app. I've been advised to obfuscate the code. But what good does this do if you can deobfuscate the code easily?
https://www.youtube.com/watch?v=eK3D-qgLY80&t=43s
I'm aware that protecting code 100 percent is impossible. But it seems to me that an obfuscator that can easily be defeated is pretty much useless. Does an obfuscator exist that can't easily be defeated?
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
At best, it is probably a race. I believe there are some commercial obfuscators that do a much more thorough job of obfuscating than the one that came with .NET (I don't know whether that is still there, or has changed). However, all code has to end up as clear code by the time it gets executed, so all obfuscation has to be reversible, simply, at some point. Therefore, any obfuscator can be de-obfuscator, and it is likely that what you are really doing with a commercial obfuscator is choosing one that is too obscure for there to be a freely available deobfuscator, a situation that can change at any time.
So, the general question that has to be asked is this: What are you trying to protect?
In my case, there is nothing worth protecting. The code will generally be given away for free. I'm paid to write it, but it isn't sold, and often is freely shared upon request. Usually, it's in such an obscure and specialized area that nobody would bother requesting it. There just aren't many people who would benefit from it. Also, there is nothing in the code that is secret or proprietary. If there were, then I'd probably come up with a scheme such that the sensitive code would be running off a server, and be accessed through a service. After all, .NET is only somewhat easier to decomplie than many other languages, and not nearly as easy to decompile as JavaScript. All languages can be decompiled, it's really just a matter of effort. In the case of the very popular JavaScript, the decision was effectively made not to bother even hiding it, since you don't need more of a tool than a computer to be able to have it all, yet it's still very widely used.
So, it really does come down to what you are trying to protect.
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
I'm trying to protect an application which I developed in VB.NET and want to sell. This app contains code that took me many hours to develop. I am also going to add a password scheme into the code.
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
It's a difficult subject, and one that I'm glad I don't have to deal with. Nearly every valuable piece of software gets pirated. So, even big companies with extensive talent have a hard time preventing theft. What really protects most software is that it isn't worth stealing. What I've written might be amazing, but it's only useful if you happen to count spawning salmon in certain, highly specialized, ways. I can't even give it away, for the most part, because even the people who could use it find the decision mired in politics, rather than ethics.
Keep in mind that most simple software can be copied without ever being cracked. A game like Space Invaders made a lot of money. It probably was pirated many times over, but lots of people looked at the interface and simply replicated it, since the game itself wasn't that complicated. With any security, you are just trying to provide a lock strong enough that most thieves will look for an easier target. You don't need much of a lock if what you are protecting has no value to OTHER people (the value to yourself is a different matter), so nobody has ever locked an outhouse, except as a joke, but most regular houses have locks on the doors. You have to decide: 1) Would somebody want to steal the code? 2) How badly?
If they can simply steal the program without stealing the code, then nobody will bother stealing the code, cause that would take effort. If they can crack the password, then that would also be easier than stealing the code. If they would steal the program to use, then they have no reason to steal the code (don't bother even obfuscating). If they would steal the program to re-sell, that's the only time where code obfuscation makes sense. Even in that scenario, you also have to decide whether what you have written is so unique that somebody couldn't just replicate the software by observing its performance.
Only you know, and you likely don't know for sure how much value somebody else puts in the code itself (as opposed to the program). The bigger the lock, the harder it will be for you to implement, and also, the harder it will be for the user to use the product. Where you draw the line is a really difficult decision in most cases.
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
I suppose I'm being a bit ambiguous. The bottom line is usually this: If you think that hiding the code is going to make a bit of difference, you're wrong, so don't bother.
There are exceptions, and you may have one, but far too often, people think of the effort they put into a program and want to protect it for that reason. Other people will see it differently, because they put no effort into it. You have to understand how and why others would steal, and what they would steal, to decide how to secure it....and that ain't easy. People steal what they perceive to be valuable. As the author, what you perceive to be valuable is likely not what a thief would perceive to be valuable, so you are likely to waste effort securing the wrong thing.
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
Quote:
Originally Posted by
projecttoday
I am also going to add a password scheme into the code.
It seems like that might be part of the problem. If someone is able to log into your app when they shouldn't by reading your code then you have written bad code. Passwords should be stored in a database as hashes so even if the someone can access all the data in the database they will still not be able to log in.
Re: Is it possible to obfuscate VB.NET code without it easily being deobfuscated?
If its an application that you are going to be supporting then look into using some sort of Authentication API that you can link to your program. There was a good one out there called "Netseal" but that has now stopped development, with a bit of a search you can find the reason's why.
There are others out there tho, im currently using one that's free and still in development called "Betterseal" and i know of another in development by the name of 961api.
As for obfuscation, there are plenty of small developers out there, there is a site i visit on a regular basis that have these sort of things but i am not sure if i can give the site name.