How to prevent a particular .NET DLL from being decompiled?

Using satellite assemblies and other similar options, you convert your source code into DLL and deploy it. You convert your program into DLL files because they don’t include any source code thereby ensuring security of your code.




However you have provisions to decompile your DLL back to your source code. For performing such DLL decompilation, many third party products like Reflector are available. Even Microsoft provides a tool to perform such DLL decompilation. That tool is termed as ILDASM. But performing such decompilation and getting hold of the code is very dangerous in terms of security when the decompilation is performed by some one who is not part of your team. Hence it is always recommended to prevent your DLL from being decompiled. This is achieved using Obfuscation.

Microsoft provides a solution called Dotfuscator Community editor to perform obfuscation. This solution is available as part of Visual Studio .NET. Several other third party solutions are also available to accomplish obfuscation. Few of them are: Demeanor and Xenocode.

Advantages of Obfuscation:

• Protecting sensitive information of the code like licensing implementations, trade secrets if any

• If you have done hard coding of your database login credentials then you can perform encryption with the help of obfuscation, thereby ensuring that your login credentials are not shown to other users even when the DLL is decompiled

• When some one opens the obfuscated code that some one should not understand or get any clued about your code. For that, obfuscation even renames your identifiers. When doing so, identifiers with long names will be converted into identifiers of length one character. This will obviously reduce the program size

Drawbacks of Obfuscation:

• Obfuscation alone cannot prevent malicious user from fetching the code back. You cannot judge what level of security that obfuscation provides. Moreover such malicious users can use powerful debuggers and decompilers to perform reverse engineering of obfuscated code and get the original source code out of it. Hence it is always recommended to use additional encryption mechanisms or security measures along with obfuscation to ensure security of your code

• When you deploy obfuscated code, it is hard to debug it. This is because obfuscated code will contain different variable names and unreadable code which on debugging will not make sense to the programmer. Hence you might be forced to maintain two different builds, one containing the actual source code and the other containing the obfuscated code. You should maintain both the codes in sink.

• You might perform obfuscation on code or obfuscation on intermediate languages. If you perform code obfuscation, it is platform specific and compiler specific. Using that particular obfuscated code on a different platform or compiling it with different compiler will lead to error. This forces a restriction that you should not change the platform and compiler of your application. This restriction is not posted on obfuscation performed on intermediate languages.

• Few obfuscation solutions do not support reflection API’s and create conflicts if they are used in the source code.

_______________________________________________________________________

Add to My Yahoo!


FREE Subscription

Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.

Name:
Email:

Note : We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
and protected.

Visit .NET Programming Tutorial Homepage

______________________________________________________

Recommended Resource

| How do you prevent a class from overriding in .NET? | How are classes related to objects in .NET Application | How are Delegates different from Events in .NET? | How are system exceptions different from application exceptions in .NET? | How are Value Types different from Reference Types in .NET? | How can a finalize method be suppressed in .NET? | How can you call Stored Procedure in ADO.NET? | How can you force Dispose method to be called automatically in .NET? | How do you call a Base Class Constructor from Derived Class Constructor in .NET? | How do you connect your VB.NET application to SQL Server? | How do you implement Cloning in .NET? | How do you implement Façade Design Pattern in .NET? | How do you implement MVC Pattern in ASP.NET? | How do you install .NET Assembly in GAC? | How is shadowing different from overriding in .NET? | How to prevent a particular .NET DLL from being decompiled? | Illustrate Delay Signing Process of an Assembly in .NET? | What are Reference Types in .NET? | What are the advantages of C#? | What are the advantages of VB.NET? | What are the differences between Namespace and Assembly in .NET? | What are the similar features between class and structure in .NET? | What are Value Types in .NET? | What do you mean by mixed mode authentication in .NET? | What do you mean by Satellite Assembly in .NET? | What do you mean by shadowing in .NET? | What is CTS in .NET? | What is ILDASM in .NET? | What is Managed Code in .NET? | What is Manifest in .NET? | What is MSIL in .NET Framework? | What is the importance of finalize method in .NET? | What is the need for Visitor Pattern in C#? | What is the purpose of bindingRedirect tag in web.config file of .NET? | What is the purpose of CodeDom in .NET? | What is the purpose of dispose method in .NET? | What is the purpose of Ngen.exe in .NET? | What is the purpose of Strong Name in COM Components of .NET? | What is the purpose of virtual keyword in .NET? | What Object Oriented Principles can be incorporated in .NET Application? |


| Privacy Policy for www.dotnet-guide.com | Disclosure | Contact |

Copyright - © 2004 - 2017 - All Rights Reserved.