Don’t rely on Obfuscation
16 August 2007 in Programming & Security
With the now common use of managed code, unlike native code, the application can be easily decompiled to its source code. Most times that’s not something you want happening to your code.
Obfuscation is a very common “solution” used by many projects. Although it not protects your code from being decompiled, it makes very hard for understanding the logic behind the code. But, similar to others protection techniques, this method has its weaknesses.
I recently found this large post describing in detail why obfuscation shouldn’t be relied to save the application from being reverse engineering. Although its using C#/.NET to demonstrate, this is also reproducible with other managed code like Java.
If you need to protect your code from being altered, I think the combination of a good obfuscator with signing the assembly with a Strong name. Even if this method is not perfect, it can really be a big delay when attacking your application.
Search
Pages
Top Posts
- 15 Visual Studio .NET Add-Ins you won't live without
- Using SQLite in .NET
- How to get started with Silverlight Streaming
- Avoid chaos, don't let bugs take your project away
- Best-Ever Ad from Microsoft
Categories
- All
- Random tidbits
- Links
- Windows
- Fun
- Portuguese
- WebDev
- Programming
- Blogging
- Personal Experience
- Microsoft
- Tech
- OS
- Linux
- Security
- TV
- Software
- Databases
- Hardware
- WPF
Leave a Comment