Software developers and companies who have entered the .NET space without
having had the experience of working with JAVA are in for some surprises,
not the least of which is the fact that all .NET code is disassemble-able
at the click of a button by tools provided for you free along with .NET
by Microsoft itself! ILDASM can be run on any .NET executable or
DLL and will dump a beautifully formatted, commented file of all the CIL
(Common Intermediate Language) source code for you to enjoy - including
all the metadata, external references, and so on. At this point, if you've
studied the ECMA Partition documents and / or read any of a very few excellent
books on CIL, you are ready to disable, hack, change and reassemble
(with ILASM) virtually any program, whether it was obfuscated
or not! Except - for the product I am reviewing here, so read
Now having said this, it should be obvious that most developers would
prefer a DECOMPILER, not a disassembler, since there is very little interest
from high-level language developers in learning IL. However, the fact
of the matter is something that must be understood very well by companies
interested in protecting their intellectual property: It
doesn't matter which obfuscator your product was mangled with. If it compiled
to a .NET EXE or DLL, ILDASM will disassemble it and all your work is
exposed to the viewer in CIL. In this domain, you remain utterly
Obfuscation, as I've written about in other reviews and rants here, is
both an art and a science. Over the last couple of months, I"ve had
the pleasure of corresponding with Huihong Luo, who runs RemoteSoft and
provided me with a private review copy of the .NET Explorer, Salamander
Decompiler and Obfuscator product suite.
RemoteSoft offers a productivity package for professional .NET software
developers that is unparalleled in the industry for ease of use and effectiveness.
The ".NET Explorer" interface is the familiar Windows Explorer
view with all the toolbox buttons and shortcuts you would expect. This
is your "dashboard" to efficient disassembly, decompilation,
editing, obfuscation and even execution of the .NET types you are working
with. Here is an example screen show where I am decompiling a class out
As can be seen in the right pane, that's
C# source code which Salamander Decompiler has rendered
from the AltSerialization class, without a hitch! I could have also chosen
VB.NET code or even Intermediate Language. The RemoteSoft product is -
to my knowlege - the only commercially available product suite for .NET
that can do this.
Remotesoft's obfuscator is excellent,
I think after "having been through the mill" with some of these
products, the only good advice I can give about obfuscators for .NET is
"Don't buy one that costs $99". A good one, because of the limited
market, is going to be expensive. And The Remotesoft obfuscator is as
good or better than any other I have seen.
However, based on my factual statement
above that regardless of the quality of the obfuscator it still has to
compile the IL, which means the .NET assembly can be disassembled by ILDASM
in a heartbeat, there is one more piece of ammunition in the arsenal,
and only RemoteSoft offers it:
Salamander .NET Protector
is the only technology that offers real protection for your intellectual
properties. In contrast to an obfuscator that makes decompilation more
difficult, the Protector completely stops CIL decompilation and disassembling.
With this tool, you are assured that no one will be able to steal your
Protector, unlike the competitors' products, is not an obfuscator. Rather
it converts the decompilable Common Intermediate Language code (CIL) of
your assemblies into native format while keeping all
.NET metadata intact, and thus it provides the same level of protection
as native C/C++ code. Furthermore, it offers code, string and resource
encryption, and therefore provides better protection than native C/C++
IL_0000: ldstr "Hello World using C#!"
IL_0005: call void [mscorlib]System.Console::WriteLine(string)
IL_000a: ldstr "another string"
IL_000f: call void [mscorlib]System.Console::Write(string)
00000000 mov eax,dword ptr ds:[20004000h]
00000006 mov ecx,dword ptr [eax]
00000008 mov eax,dword ptr ds:[200046C0h]
0000000e call dword ptr [eax]
00000010 mov eax,dword ptr ds:[20004004h]
00000016 mov ecx,dword ptr [eax]
00000018 mov eax,dword ptr ds:[200046C8h]
0000001e call dword ptr [eax]
Protector prevents your assemblies from being decompiled by any
.NET decompiler. It prevents ILDASM and other disassemblers from
disassembling your .NET code. It keeps class, method, and other symbol
It transforms IL into native code, and this is then encrypted by default.
You can choose to encrypt literal strings used in your programs. Available
in Version 1.1, you have resource protection. You can choose to encrypt
resources associated with your programs. You can choose to assign a password
to your program, and a user has to type the correct password in order
to execute your program. Protected assemblies behave exactly the same
as the original in all situations. It supports mixed images that contain
both managed and unmanaged code. Almost every image produced by Visual
C++.NET belongs to this category.
Protector is extremely easy to use through a command-line utility that
simply takes .exe or .dll files as input and transforms them into the
new format. Comprehensive testing has been conducted, and in all cases
the protector generates code that behaves exactly the same as the original
but with a new format that is as difficult to decompile as C/C++ code.
Protector works with a small native image helper library, rscoree.dll.
Unfortunately, at this time Protector will not work for ASP.NET assemblies.
However, I've been assured by Dr. Luo that they are hard at work on new
innovations and more surprises!
In sum, these kinds of products are like an insurance policy for your
intellectual investment. You don't cancel your home insurance policy because
your house didn't burn down last year, right? For companies that develop
.NET - based products and need to protect their investment, the Remotesoft
products are a cost - effective form of insurance. You can find more information
about the Remotesoft software suite here. Recommended.
|Peter Bromberg is a C# MVP, MCP, and .NET consultant who has worked in the banking and financial industry for 20 years. He has architected and developed web - based corporate distributed application solutions since 1995, and focuses exclusively on the .NET Platform. |