Ask the Expert

Obfuscation may prevent reverse engineering

How can I protect my code in .NET from reverse engineering?

Requires Free Membership to View

Languages like C and C++ are compiled down to machine code – the binary instructions passed in to the processor for execution. It is possible to reverse engineer these binaries into Assembly language which is slightly higher level than the machine code, but still fairly inscrutable. Platforms such as Java and .NET compile their source down into bytecodes that are fed to a virtual machine before being interpreted and actually executed by the processor. The drawback of this approach -- from a code security standpoint -- is that most platforms using this approach have fairly high-level bytecodes and often store a lot of metadata in the bytecode files. This makes it possible to reconstruct part or all of the original source code from the binary application via decompilation.

Obfuscation is a technique that is often used to protect application source code. Obfuscation is the practice of stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels and adding unused or meaningless code to an application binary in order to defeat reverse engineering.

There are a number of obfuscation tools available for NET. For example, Visual Studio .NET ships with the Dotfuscator Community Edition obfuscation tool to use as a starting point. It is important to understand that obfuscation is not a drop-in solution to code reverse engineering problems. Because of the object-oriented, late-binding nature of many .NET constructs, some .NET code requires that classes maintain their original names. Obfuscation will need to be tuned to the particular application where it is used to ensure that systems continue to behave properly.

More information:

This was first published in November 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: