Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I be worried about obfuscating my .NET code? [closed]

I'm sure many readers on SO have used Lutz Roeder's .NET reflector to decompile their .NET code. I was amazed just how accurately our source code could be recontructed from our compiled assemblies.

I'd be interested in hearing how many of you use obfuscation, and for what sort of products?

I'm sure that this is a much more important issue for, say, a .NET application that you offer for download over the internet as opposed to something that is built bespoke for a particular client.

like image 781
John Sibly Avatar asked Aug 15 '08 08:08

John Sibly


People also ask

What is the purpose of obfuscating code?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.

Should I obfuscate my code?

It's essential to hide business logic and code to make it harder for attackers to gain access and start debugging and tampering with your app. (They often repackage an application with malicious code.) 3. Code obfuscation can drastically reduce file size, and download times can be reduced drastically as well.

Is it possible to obfuscate code completely?

What is Code Obfuscation? Code Obfuscation is the process of modifying an executable so that it is no longer useful to a hacker but remains fully functional. While the process may modify actual method instructions or metadata, it does not alter the output of the program.


2 Answers

I wouldn't worry about it too much. I'd rather focus on putting out an awesome product, getting a good user base, and treating your customers right than worry about the minimal percentage of users concerned with stealing your code or looking at the source.

like image 65
Chris Bunch Avatar answered Sep 19 '22 21:09

Chris Bunch


Remember, obfuscation is not encryption. IMHO, if somebody perceives value in reverse-engineering your code, they will do it. That's true for managed code or native code, obfuscated or not. Sure, obfuscation deters the casual observer, but is your business actually threatened by such people? Every .NET obfuscation method I've seen makes your life as a developer harder.

There are services that offer true encryption, such as SLPS from Microsoft. See http://www.microsoft.com/slps/default.aspx

like image 43
Martin Avatar answered Sep 19 '22 21:09

Martin