Q

Obfuscation may prevent reverse engineering

Reverse engineering can reveal all of the source code in your .NET applications. Expert Dan Cornell recommends code obfuscation as a protective measure.

How can I protect my code in .NET from reverse engineering?

Languages like C and C++ are compiled down to machine code – the binary instructions passed in to the processor for execution. It is possible to reverse engineer these binaries into Assembly language which is slightly higher level than the machine code, but still fairly inscrutable. Platforms such as Java and .NET compile their source down into bytecodes that are fed to a virtual machine before being interpreted and actually executed...

by the processor. The drawback of this approach -- from a code security standpoint -- is that most platforms using this approach have fairly high-level bytecodes and often store a lot of metadata in the bytecode files. This makes it possible to reconstruct part or all of the original source code from the binary application via decompilation.

Obfuscation is a technique that is often used to protect application source code. Obfuscation is the practice of stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels and adding unused or meaningless code to an application binary in order to defeat reverse engineering.

There are a number of obfuscation tools available for NET. For example, Visual Studio .NET ships with the Dotfuscator Community Edition obfuscation tool to use as a starting point. It is important to understand that obfuscation is not a drop-in solution to code reverse engineering problems. Because of the object-oriented, late-binding nature of many .NET constructs, some .NET code requires that classes maintain their original names. Obfuscation will need to be tuned to the particular application where it is used to ensure that systems continue to behave properly.

More information:
This was first published in November 2006

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close