Obfuscate .NET code |
Do you know that .NET compiled code can be revert back to C# or VB.NET source code? Yes it is possible by using decompiler we can get the original source code, then what about security. We can use .NET obfuscation using Skater for source code protection. |
All the language compilers currently exist are producing the byte code or intermediate code that could be understandable to their language interpreters. Microsoft .NET compiler converts the VB.NET or C# source code to MSIL (Microsoft Intermediate Languages). |
|
An interesting part is there are lots of decompilers are available in market like Reflector for .NET hackers can get back the source code anytime from intermediate code script using these decompilers. How do we provide security for the .NET source code? Here is the solution using obfuscation software tools like Skater. |
Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering or as a puzzle or recreational challenge for readers. It is a form of security through obscurity. Programs known as obfuscators transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanisms. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit modified to hide its functionality. |
Obfuscating code to prevent reverse engineering is typically done to manage risks that stem from unauthorized access to source code. These risks include loss of intellectual property, ease of probing for application vulnerabilities and loss of revenue that can result when applications are reverse engineered, modified to overreach metering, security logic or usage control and then recompiled. Obfuscating code is, moreover, also a compensating control to manage these risks. |
The risk is greater with technologies such as Java and Microsoft's .NET which take advantage of just-in-time compilation technology that allow developers to deploy an application as intermediate code rather than code which has been compiled into machine language before being deployed. Those are far easier to reverse engineer because the virtual machine code is simpler than real machine code and thus, can be decompiled as, nearly, the original source code. |
Obfuscators may be used to compact object code or interpreted code without affecting its behavior when size is important. .NET languages are far easier to reverse engineer because they do not compile to machine code, they compile into intermediate MSIL code. |
Microsoft recommends using the Script Encoder to obfuscate the ASP files, so in case the web server is compromised, the cracker would be unable to find out how your ASP applications work. The Script Encoder works also on JScript and VBScript files. Note that the encoded JScript is only functional in Internet Explorer. However, that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you have done and how. |
Control Flow Obfuscation |
String Encryption |
Assembly Linking |
Skater .NET obfuscator significantly enhances source code security |
|
Copyright © 2001-2024 Rustemsoft LLC All Rights Reserved. |