tags:

views:

184

answers:

3
+4  Q: 

I'm releasing my software. Do I have to use .net obfuscator?

I'm planning to release an alpha version of my freeware-closed source software shortly(It's an authoring tool written in C#), do I have to use .net obfuscator?

Generally i wouldn't like for people to effortlessly browse the code and - most importantly - modify it.

(I'm afraid, i'm not ready to opensource it at this point in time.)

If indeed i do need to use an obfuscator, would you suggest one what does a "good enough" job and preferably integrates itself with MS Visual Studio (obfuscates automatically on release builds)?

+3  A: 

I wouldn't bother. Anyone who is going to go through that much trouble will figure out a way, and the rest of your users just want something that works and don't care or want to know what the code looks like.

That said, the community version of dotfuscator is very limited. I hear the pro version is good, but haven't played with it.

David Lively  2010-10-10 21:22:47
So who would be a typical user of an obfuscator? Software which contains some sort of "trade secrets"? Software containing algorithms dealing with national identification numbers and stuff like that? I have no sensitive things like that. I just wouldn't like my software to be modified and tinkered with.
JBeurer  2010-10-10 23:34:05
Honestly, if your code contains some whiz-bang oh-my-lord-wow-that's-new-and-sweet way of doing something, I'd consider implementing at least that portion of it in non-managed code to make decompilation more difficult. CIL is inherently easy to disassemble. Obfuscators just add degrees of difficulty.
David Lively  2010-10-11 19:17:18
And, to answer your other question, it is incredibly unlikely that anyone will attempt to *distribute* a modified version of your app. Focus on building your application. If this becomes a problem in the future, solve it then.
David Lively  2010-10-11 19:18:04
I agree to what Jason said - there's nothing to lose by using obfuscation. Moreover accessing source code is indeed pretty much effortless and it looks very close to the original if i don't use any obfuscation. Even basic obfuscation using dotfuscator community edition makes me at least feel like i'm not releasing source code along with the executable.
JBeurer  2010-10-11 21:33:50
That's certainly your prerogative, and I agree with your point. I certainly don't want to *give away* my source. Having been in the position to reverse engineer several apps (legally - my client had lost the source when a former dev lost his mind), I can say it would have been a lot more difficult - though still not impossible - if some obfuscator had been used. Just depends on whether your app and market warrant the effort.
David Lively  2010-10-11 21:54:01
+3  A: 

If you obfuscate your code, then you will slow down and possibly dissuade anyone who might try to reverse engineer it.

If you don't, then you might as well make it open source.

It's your choice - you have nothing to lose by obfuscating it.

Dotfuscator Community Edition comes included with Visual Studio these days, and it'll do a basic job (though obviously you need to pay if you want all the bells and whistles) - or there are a number of free/shareware options if you search.

Jason Williams  2010-10-10 21:23:20
"If you don't, then you might as well make it open source." does this imply that disassembling .net assembly into a human readable source code in(C# or VisualBasic) using the proper tools are next to effortless? And does it mean that making changes is rather easy?
JBeurer  2010-10-10 23:15:38
@JBeurer - There is a free tool called .Net Reflector which makes it possible for anyone to easily decompile your source code. Obfuscation simply makes it harder to read the source, but not impossible to recreate.
Josh  2010-10-11 00:00:13
Yeah. Just checked my assemblies using redgate's reflector. You definitely have to USE obfuscator. It's pretty much open source otherwise.
JBeurer  2010-10-11 00:28:58
Don't forget about the Reflector plugins that make it possible to modify *compiled DLLs* - obfuscation will help, but you might also want to strong-name them.
arootbeer  2010-10-11 01:31:07
+2  A: 

I'd recommend that you take a look at CliSecure .NET Code Proetction Tool, it takes a different approach compared with other obfuscators available. It'd hide your IL code completly, leaving your code showing empty stubs instead of the original code statements. My code heavily uses reflection API therefore obfuscation wasn't an option for me thus I preferred this tool.

Roger Smith  2010-10-17 07:37:55

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?