Login
Important alert: (current site time 7/15/2013 9:11:32 AM EDT)
 

article

Microsoft .net insecurities

 Email
Submitted on: 3/7/2005 12:15:38 PM
By: Paul J. Murphy  
Level: Intermediate
User Rating: By 10 Users
Compatibility: C#, VB.NET, C++.NET
Views: 15275
(About the author)
 
     This article explains how easy it is to reverse engineer unprotected .net applications. ilasm's biggest problem is its ease of reading, making it very hard for crackers to crack your program. What im hoping you will get out of this article is to protect your applications from crackers by using .net protectors like Dotfuscator. As I am not cracking any commercial application (only my own one), I am pretty sure this is not breaking the planet source code rules. Please read the document and visit my website at www.donutsoft.net
 
winzip iconDownload article

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come out every day, so no prevention program can catch 100% of them. For your own safety, please:
  1. Re-scan downloaded files using your personal virus checker before using it.
  2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

If you don't have a virus scanner, you can get one at many places on the net including:McAfee.com

 
Terms of Agreement:   
By using this article, you agree to the following terms...   
  1. You may use this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
  2. You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.   
  3. You may link to this article from another website, but ONLY if it is not wrapped in a frame. 
  4. You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:
Your Vote

What do you think of this article (in the Intermediate category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 
Other User Comments
3/7/2005 12:18:41 PMPaul J. Murphy

Please vote, and sign up at my website :)
(If this comment was disrespectful, please report it.)
 
3/7/2005 12:52:43 PMyman

woah great article, I will learn to protect my applications
(If this comment was disrespectful, please report it.)
 
3/7/2005 4:20:56 PMLlama Boy

Still a confusing consept, but i will manage!
(If this comment was disrespectful, please report it.)
 
3/8/2005 6:33:08 AMShazbot

Nothing i didnt know, now what we need is a free obfuscator that works with exe and dlls and probably best not opensource. **** Globes for the effort.
(If this comment was disrespectful, please report it.)
 
3/8/2005 7:37:52 PM

If you need a free obfuscator take a look at www.aspose.com.
There are a couple of free components including an interesting obfuscator.
(If this comment was disrespectful, please report it.)
 
3/9/2005 9:14:22 AMPhoetus

sadly im shocked many still dont know this. U'd think they put a notice on the vs.net splash screen or forewards of .net books ....hahahaha....

proggies like anakrino and reflector can downrite translate the MSIL code into c# /vb.net makin it helluva more readable.

yup im givin u some globes cause u took the time to write it for ppl who wouldnt even have the idea abt searchin such facts online.

troubles me to know theres even ppl that have never heard of SQL INJECTION ...
(If this comment was disrespectful, please report it.)
 
3/9/2005 10:39:12 AMdotNETJunkie

SQL Injection? What's that? J/K Many applications can be reverse engineered no matter what platform. If you absolutely want to protect your code, an obfuscator can be a decent deterent. A while back, I was working on a .NET project and needed to use some methods implemented in this company's toolkit which was in JAVA. I was able to uncompile their libraries, and was able to convert the JAVA to C#. Painful, but made the solution happen.
(If this comment was disrespectful, please report it.)
 
3/9/2005 7:22:59 PMCodeFester

SQL Injection occurs by manipulating command lines of web services calls.
(If this comment was disrespectful, please report it.)
 
3/10/2005 8:36:04 AMPaul J. Murphy

dont forget to click the ads when you go on my site :)
(If this comment was disrespectful, please report it.)
 
3/14/2005 4:47:56 AMNishidh Patel

How cryptography classes are implemented in .net, send me the sample application.
(If this comment was disrespectful, please report it.)
 
3/16/2005 5:10:28 AM

Well... You nail the problem alright, but it would be nice with some answers. Even using an obfuscator will not prevent you from finding the EndApp calls, even if the source will be quite a bit more messy. What we really need is a way to encrypt or compress the source or make it otherwise unreadable to these standard applications available. You will always be able to crack a program if you want to. Our job is to make it difficult.
(If this comment was disrespectful, please report it.)
 
3/31/2005 8:30:35 AMPaul J. Murphy

if there was real answers, the article wouldnt be posted here in the first place :P
(If this comment was disrespectful, please report it.)
 
4/29/2005 12:07:32 PMGary W. Morris

I've investigated this to a good degree, and even though it is a good deal easier to crack .NET software, there are a number of things one can do to increase the difficulty. Even so, it is not much different than Win32 apps if you can make out the machine language. Using a good disassembler, I've managed to crack several Win32 applications, and anyone who works at it can crack ANY program eventually. The bottom line is that most people are honest enough to pay for good software, regardless of the platform. If they weren't, most programmers would move on to another line of work as they could not make any money.
(If this comment was disrespectful, please report it.)
 
Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)
 

To post feedback, first please login.

Search:

Newest postings for .Net.

Add this ticker to my site

Daily code email

Click here to join the 'Code of the Day' mailing list!

This site on CD

Over 7,000 submissions on a super fast CD!

Code/Articles

Top Code

Community

Jobs

Other

Goto…

Copyright© 1997-2013 by Exhedra Solutions, Inc. All Rights Reserved.
By using this site you agree to its Terms and Conditions. Planet Source Code™ and the phrase "Dream It. Code It"™ are trademarks of Exhedra Solutions, Inc.