Review: RemoteSoft Explorer, Decompiler, Obfuscator and Protector
By Peter A. Bromberg, Ph.D.
Printer - Friendly Version
Peter Bromberg

Software developers and companies who have entered the .NET space without having had the experience of working with JAVA are in for some surprises, not the least of which is the fact that all .NET code is disassemble-able at the click of a button by tools provided for you free along with .NET by Microsoft itself!  ILDASM can be run on any .NET executable or DLL and will dump a beautifully formatted, commented file of all the CIL (Common Intermediate Language) source code for you to enjoy - including all the metadata, external references, and so on. At this point, if you've studied the ECMA Partition documents and / or read any of a very few excellent books on CIL, you are ready to disable, hack, change and reassemble (with ILASM) virtually any program, whether it was obfuscated or not! Except - for the product I am reviewing here, so read on!



Now having said this, it should be obvious that most developers would prefer a DECOMPILER, not a disassembler, since there is very little interest from high-level language developers in learning IL. However, the fact of the matter is something that must be understood very well by companies interested in protecting their intellectual property: It doesn't matter which obfuscator your product was mangled with. If it compiled to a .NET EXE or DLL, ILDASM will disassemble it and all your work is exposed to the viewer in CIL. In this domain, you remain utterly unprotected.

Obfuscation, as I've written about in other reviews and rants here, is both an art and a science. Over the last couple of months, I"ve had the pleasure of corresponding with Huihong Luo, who runs RemoteSoft and provided me with a private review copy of the .NET Explorer, Salamander Decompiler and Obfuscator product suite.

RemoteSoft offers a productivity package for professional .NET software developers that is unparalleled in the industry for ease of use and effectiveness.

The ".NET Explorer" interface is the familiar Windows Explorer view with all the toolbox buttons and shortcuts you would expect. This is your "dashboard" to efficient disassembly, decompilation, editing, obfuscation and even execution of the .NET types you are working with. Here is an example screen show where I am decompiling a class out of System.Web:

As can be seen in the right pane, that's C# source code which Salamander Decompiler has rendered from the AltSerialization class, without a hitch! I could have also chosen VB.NET code or even Intermediate Language. The RemoteSoft product is - to my knowlege - the only commercially available product suite for .NET that can do this.

Remotesoft's obfuscator is excellent, I think after "having been through the mill" with some of these products, the only good advice I can give about obfuscators for .NET is "Don't buy one that costs $99". A good one, because of the limited market, is going to be expensive. And The Remotesoft obfuscator is as good or better than any other I have seen.

However, based on my factual statement above that regardless of the quality of the obfuscator it still has to compile the IL, which means the .NET assembly can be disassembled by ILDASM in a heartbeat, there is one more piece of ammunition in the arsenal, and only RemoteSoft offers it:

Salamander .NET Protector is the only technology that offers real protection for your intellectual properties. In contrast to an obfuscator that makes decompilation more difficult, the Protector completely stops CIL decompilation and disassembling. With this tool, you are assured that no one will be able to steal your source code.

Protector, unlike the competitors' products, is not an obfuscator. Rather it converts the decompilable Common Intermediate Language code (CIL) of your assemblies into native format while keeping all .NET metadata intact, and thus it provides the same level of protection as native C/C++ code. Furthermore, it offers code, string and resource encryption, and therefore provides better protection than native C/C++ code.

Before:
IL_0000: ldstr "Hello World using C#!"
IL_0005: call void [mscorlib]System.Console::WriteLine(string)
IL_000a: ldstr "another string"
IL_000f: call void [mscorlib]System.Console::Write(string)
IL_0014: ret

After:
00000000 mov eax,dword ptr ds:[20004000h]
00000006 mov ecx,dword ptr [eax]
00000008 mov eax,dword ptr ds:[200046C0h]
0000000e call dword ptr [eax]
00000010 mov eax,dword ptr ds:[20004004h]
00000016 mov ecx,dword ptr [eax]
00000018 mov eax,dword ptr ds:[200046C8h]
0000001e call dword ptr [eax]
00000020 ret

Protector prevents your assemblies from being decompiled by any .NET decompiler. It prevents ILDASM and other disassemblers from disassembling your .NET code. It keeps class, method, and other symbol names unchanged.
It transforms IL into native code, and this is then encrypted by default. You can choose to encrypt literal strings used in your programs. Available in Version 1.1, you have resource protection. You can choose to encrypt resources associated with your programs. You can choose to assign a password to your program, and a user has to type the correct password in order to execute your program. Protected assemblies behave exactly the same as the original in all situations. It supports mixed images that contain both managed and unmanaged code. Almost every image produced by Visual C++.NET belongs to this category.

Protector is extremely easy to use through a command-line utility that simply takes .exe or .dll files as input and transforms them into the new format. Comprehensive testing has been conducted, and in all cases the protector generates code that behaves exactly the same as the original but with a new format that is as difficult to decompile as C/C++ code. Protector works with a small native image helper library, rscoree.dll.

Unfortunately, at this time Protector will not work for ASP.NET assemblies. However, I've been assured by Dr. Luo that they are hard at work on new innovations and more surprises!

In sum, these kinds of products are like an insurance policy for your intellectual investment. You don't cancel your home insurance policy because your house didn't burn down last year, right? For companies that develop .NET - based products and need to protect their investment, the Remotesoft products are a cost - effective form of insurance. You can find more information about the Remotesoft software suite here. Recommended.


Peter Bromberg is a C# MVP, MCP, and .NET consultant who has worked in the banking and financial industry for 20 years. He has architected and developed web - based corporate distributed application solutions since 1995, and focuses exclusively on the .NET Platform.