subject: .net Obfuscation An Insider View [print this page] The assemblies in .NET can be broadly classified in two categories metadata and intermediate language code. The properties of these assemblies are such that they can be easily reverse engineered. They can be easily decompiled into easily recognized source code that will be either identical or similar to the original source code. Thus coders developing codes for individual machines are indirectly distributing their source code that can be replicated and used on other systems without any authentication from the coder or the company that has manufactured or marketed it. Thus the real owner of the code will be deprived of the revenue that will be compromised in the gray market. Source code is intellectual property and needs to be protected at any cost from hackers and people working in the gray market.
Its easy for a hacker to make out the class name, namespaces, method names and the signatures that are in the source code if they are present in the native form. This is a primitive practice that used to exist in the initial years of computers when one required a system analyst to operate the basic functions of a computer but with the growing usage of computers and the ease to get access to the backend of the applications.
Ideally the use of obfuscator ideally mangles the larger features of the code instead of getting into the nitty gritty of the whole code. Thus one need not disturb the functionality and the basic structure of the code. If the mangling is done aggressively then it can be an area of concern for the source code as it will not run the same it was intended to. Thus in nutshell a good obfuscator will keep the functionality of the source code same and if the obfuscated assembly is decompiled it will provide the source code as it was in its original format.
One of the shortcomings of a .NET obfuscator is that it is really difficult to debug. Thus if an exception is reported by a user and reaches the coder it will not be really possible for the coder to fix it in the fist instance as the exception will be in a mangled form. Thus it becomes essential for the coder to provide a clearly labeled map file in the obfuscation tool.
Although the technique of obfuscation has several shortcomings still it is the most widely used mode of protection for .NET Applications. Using Obfuscation techniques properly will let a coder use this technique to its full potential and keep the code free from malware and attacks from hackers.
For more details on Code Protection technology, .net Obfuscator, .net Code Security and .net Code Security feel free to visit us at http://www.secureteam.net
