如何防止反编译任何 C# 应用程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1276237/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to prevent decompilation of any C# application
提问by Kalpak
We are planning to develop a client server application using C# and MySQL. We plan to sell the product on the shelf like any other software utility. We are worried about the decompilation of our product which does have some sort of edge over our competitors in terms of usability and bundled functionality.
我们计划使用 C# 和 MySQL 开发客户端服务器应用程序。我们计划像任何其他软件实用程序一样在货架上销售产品。我们担心我们产品的反编译在可用性和捆绑功能方面确实比我们的竞争对手具有某种优势。
How can we prevent our software from decompilation, so the business logic of the product remains intact?
如何防止我们的软件反编译,让产品的业务逻辑保持完整?
We have heard about Reflector and other decompilers which makes our code very much vulnerable for copying.
我们听说过 Reflector 和其他反编译器,它们使我们的代码非常容易被复制。
Our customer base is not Corporates but medical practitioners who themselves may not do it but our competitors may want to copy/disable licensing or even replicate the code/functionality so the value of our product goes down in the market.
我们的客户群不是企业而是医生,他们自己可能不会这样做,但我们的竞争对手可能想要复制/禁用许可甚至复制代码/功能,因此我们产品的价值在市场上下降。
Any suggestion to prevent this is most welcome.
任何防止这种情况的建议都是最受欢迎的。
采纳答案by Bevan
If you deploy .NET assemblies to your client machines, some kind of decompilation will always be possible using reflector and similar tools.
如果您将 .NET 程序集部署到您的客户端计算机,则始终可以使用反射器和类似工具进行某种反编译。
However, this situation isn't materially different to what you'd encounter if you wrote the application in native C++. It is always possible to decompile things - if it were impossible, the processor couldn't understand it either.
但是,这种情况与您使用本机 C++ 编写应用程序时遇到的情况没有本质上的不同。反编译总是可能的——如果不可能,处理器也无法理解它。
You're never going to defeat the expert cracker - they'll treat your security as an intellectual puzzle to be solved for the challenge alone.
您永远不会打败专家破解者 - 他们会将您的安全视为智力难题,需要单独解决挑战。
The question revolves around how hard it is to defeat your licensing practices and the return on investment.
问题围绕着打败您的许可实践和投资回报有多难。
Sit down with a spreadsheet and look through the possible scenarios - the danger is probably less than you think.
坐下来查看电子表格并查看可能的情况 - 危险可能比您想象的要小。
Factors like "ease of use" are visible in your software for any user to observe - so you'd think it easy to copy. But, good User experience is rare (and seldom copied well), because most developers (myself included) are nothing like typical users.
“易用性”等因素在您的软件中是可见的,任何用户都可以观察 - 所以您会认为它很容易复制。但是,良好的用户体验很少见(并且很少被很好地复制),因为大多数开发人员(包括我自己)都与典型用户完全不同。
I'd suggest you concentrate on making the job of a cracker harder, cause you can never make it impossible, just non-profitable.
我建议你专注于让饼干的工作更难,因为你永远不可能让它变得不可能,只是无利可图。
One possibility to try: It's possible to pre-compile assemblies into native code as a part of the installation process. Paint.NET does this for performance reasons. I believe that once you've done this, you can discard the original assemblies and use the optimised, native code editions.
尝试的一种可能性:作为安装过程的一部分,可以将程序集预编译为本机代码。Paint.NET 这样做是出于性能原因。我相信,一旦您完成了这些,您就可以放弃原始程序集并使用优化的本机代码版本。
回答by Ganesh R.
Google for .NET Obfuscator. You will find a lot of products that will help in this. Also there are related questions already asked in Stack Overflow.
Google for .NET Obfuscator。你会发现很多产品可以帮助你做到这一点。Stack Overflow 中也已经提出了相关的问题。
Here are some:
这里有一些:
EDIT: While searching for De-Obfuscating tools, I came across an open source tool De4Dot. This tool supports decompiling obfucated dlls created by most commercial tools and does a pretty good job too.
编辑:在搜索去混淆工具时,我遇到了一个开源工具De4Dot。该工具支持反编译大多数商业工具创建的混淆 dll,并且也做得很好。
回答by ine
The last time I looked into this, Spices.Net Obfuscatorlooked like the best thing on the market.
上次我研究这个时,Spices.Net Obfuscator看起来是市场上最好的东西。
No, I don't work for them. :)
不,我不为他们工作。:)
回答by Geoff Appleford
I use smartassembly. It is simple to use and also has the ability to send crash reports back too you built in.
我使用smartassembly。它易于使用,并且还具有将崩溃报告发送回您内置的功能。
回答by Charlie Salts
The obfuscators others have mentioned are likely very good.
其他人提到的混淆器可能非常好。
An alternative approach you might not have considered is to code some of the core business logic using a language that is fully compiled to machine code, such as C++.
您可能没有考虑过的另一种方法是使用完全编译为机器代码的语言(例如 C++)编写一些核心业务逻辑。
The benefit of doing this is that it makes it far more difficult for someone to decompile your code. A drawback to this is that you have code in two languages to maintain. This might not be the best approach for your situation, but is useful in cases where only a small part of the code needs to be obfuscated while the remainder of the code is UI fluff.
这样做的好处是它使某人反编译您的代码变得更加困难。这样做的一个缺点是您需要维护两种语言的代码。这可能不是适合您的情况的最佳方法,但在只需要混淆一小部分代码而其余代码是 UI 绒毛的情况下很有用。
As an example, your medical software package might be performing edge detection of say, certain glands for the purpose of telling a doctor the size of said gland. The algorithm for calculating the size of the gland from a bitmap image would be contained in a DLL written in C++.
例如,您的医疗软件包可能正在执行某些腺体的边缘检测,目的是告诉医生所述腺体的大小。从位图图像计算腺体大小的算法将包含在用 C++ 编写的 DLL 中。
回答by user20358
to answer your question about the C++ wrapper around the .net code; I dont think it would work, because when you deploy the application the final c++ dll and .net dll containing the business logic code will be separate entities and the ones who want to get to your business logic would still be able to just pick out the .net dll and peek inside.
回答您关于 .net 代码周围的 C++ 包装器的问题;我不认为它会起作用,因为当您部署应用程序时,包含业务逻辑代码的最终 c++ dll 和 .net dll 将是单独的实体,而那些想要访问您的业务逻辑的人仍然能够挑选出.net dll 并查看内部。
回答by Noon Silk
If it were me, I wouldn't be attempt to obfuscate; I would:
如果是我,我不会试图混淆;我会:
- Not worry about it and aim to continually improve and stay in front
- 不用担心,旨在不断改进并保持领先
But secondly
但其次
- Consider providing the 'secret' services over the Web. It's up to you to decide how critical and possible this is; but it does "prevent" decompilation, because the end user doesn't even have the code.
- 考虑通过 Web 提供“秘密”服务。由您决定这有多重要和有多可能;但它确实“防止”反编译,因为最终用户甚至没有代码。
回答by Spencer
you might want to consider Remotesoft Salamander Protectorthis is much better than anything else in that it makes it impossible to decompile to the high level language.
您可能需要考虑Remotesoft Salamander Protector,它比其他任何东西都要好得多,因为它无法反编译为高级语言。
Of course, anybody who is an expert can spend enough time with your software and figure it out because it does decompile some,but it hides all the set and get methods
当然,任何一个专家都可以在你的软件上花足够的时间来弄清楚,因为它确实反编译了一些,但它隐藏了所有的 set 和 get 方法
So, they can get a peak,but that is about it. they have to figure out the rest which lowers the probability of anybody just cracking it.
所以,他们可以达到一个峰值,但仅此而已。他们必须找出其余的,以降低任何人破解它的可能性。
hope this helps
希望这可以帮助
回答by Kalpak
Writing on this thread after a long time. We have purchased a software called Intellilockwhich is helpful in preventing decompilation, obfuscation and also has a strong licencing module.
隔了好久才写这个帖子。我们购买了一个名为Intellilock的软件,它有助于防止反编译、混淆,并且具有强大的许可模块。
We did not go for .Net Reactoreven though it has more prevention controls as Intellilock was serving our purpose well enough.
我们没有选择.Net Reactor,尽管它有更多的预防控制,因为 Intellilock 已经很好地满足了我们的目的。
回答by Kalpak
Intellilock has served our purpose well in terms of obfuscation as well as licensing. But I would not recommend the product as the support is not upto the mark. We never got replies in time for the problem we were facing. We had to search and research on our own or even change the business requirement to achieve some goals.
Intellilock 在混淆和许可方面很好地满足了我们的目的。但我不会推荐该产品,因为支持不达标。对于我们面临的问题,我们从来没有及时得到答复。我们必须自己搜索和研究,甚至更改业务需求以实现某些目标。
Via this answer I am not intending to promote or demote any software but just want make people aware about the product we are using so they can make wise decision.
通过这个答案,我无意推广或降级任何软件,只是想让人们了解我们正在使用的产品,以便他们做出明智的决定。
