How to Protect My .Net Assemblies from Decompilation

How can I protect my .NET assemblies from decompilation?

One thing to keep in mind is that you want to do this in a way that makes business sense. To do that, you need to define your goals. So, exactly what are your goals?

Preventing piracy? That goal is not achievable. Even native code can be decompiled or cracked; the multitude of warez available online (even for products like Windows and Photoshop) is proof a determined hacker can always gain access.

If you can't prevent piracy, then how about merely reducing it? This, too, is misguided. It only takes one person cracking your code for it to be available to everyone. You have to be lucky every time. The pirates only have to be lucky once.

I put it to you the goal should be to maximize profits. You appear to believe that stopping piracy is necessary to this endeavor. It is not. Profit is simply revenue minus costs. Stopping piracy increases costs. It takes effort, which means adding cost somewhere in the process, and so reduces that side of the equation. Protecting your product also fails to increase your revenue. I know you look at all those pirates and see all the money you could make if only they would pay your license fees instead, but the reality is this will never happen. There is some hyperbole here, but it generally holds that pirates who are unable to crack your security will either find a similar product they can crack or do without. They will never buy it instead, and therefore they do not represent lost sales.

Additionally, securing your product actually reduces revenue. There are two reasons for this. One is the small percentage of customers who have trouble with your activation or security, and therefore decide not to buy again or ask for their money back. The other is the small percentage of people who actually try a pirated version of software to make sure it works before buying. Limiting the pirated distribution of your product (if you are somehow able to succeed at this) prevents these people from ever trying your product, and so they will never buy it. Moreover, piracy can also help your product spread to a wider audience, thus reaching more people who will be willing to pay for it.

A better strategy is to assume that your product will be pirated, and think about ways to take advantage of the situation. A couple more links on the topic:

How do i prevent my code from being stolen?

Securing a .NET Application

Prevent Decompiling

You cannot prevent decompiling, if you compile into MSIL (intermediate language). In such case you need to use obfuscation

For a deeper discussion on the subject check out this post .NET obfuscation tools/strategy

You can find a similar discussion here How can I obfuscate my c# code, so it can't be deobfuscated so easily?

You can also opt to generate a native image using Ngen.exe for a specific platform - that will bypass the IL and generate compiled processor specific machine code, and that one is pretty much safe from standpoint of reverse - engineering.

Using an IL is a quite common design choice - and it has it's drawbacks and benefits - the main ones being easier support of multiple languages on one platform, and multiple target platforms, i.e cross platform

To get a glimpse of some of the benefits of using IL - check this out - stackoverflow.com/questions/1926386/…

Java also uses an intermediate language - java bytecode - javaworld.com/article/2077233/core-java/bytecode-basics.html

Is it possible to prevent decompilation of .NET MSIL DLL?

No

All code can be reverse engineered, copied, cloned, reused, relinked and other things. What open source means is that it is free in the legal sense from restrictions, so people can learn from the code. This also means technology can grow and a stronger long-term tech economy can be created, rather than short-termism. Read the "Cathedral and the Bazaar" for a biased but relevant point of view.

I am not aware of a sufficiently strong code protection method that isn't just high obfuscation and is only security through obscurity. Your question alone says you need to know more about the topic you are asking about by reading and researching the technical, logical and possibly the philosophical qualities of the question's intent.

Edit: I stand by my principle even though the use of the term "Open source" was retracted.

How to prevent decompilation of any C# application

If you deploy .NET assemblies to your client machines, some kind of decompilation will always be possible using reflector and similar tools.

However, this situation isn't materially different to what you'd encounter if you wrote the application in native C++. It is always possible to decompile things - if it were impossible, the processor couldn't understand it either.

You're never going to defeat the expert cracker - they'll treat your security as an intellectual puzzle to be solved for the challenge alone.

The question revolves around how hard it is to defeat your licensing practices and the return on investment.

Sit down with a spreadsheet and look through the possible scenarios - the danger is probably less than you think.

Factors like "ease of use" are visible in your software for any user to observe - so you'd think it easy to copy. But, good User experience is rare (and seldom copied well), because most developers (myself included) are nothing like typical users.

I'd suggest you concentrate on making the job of a cracker harder, cause you can never make it impossible, just non-profitable.

One possibility to try: It's possible to pre-compile assemblies into native code as a part of the installation process. Paint.NET does this for performance reasons. I believe that once you've done this, you can discard the original assemblies and use the optimised, native code editions.

---

Related Topics