One of the advantages of the .NET framework is the extra data built into the executable that allows for easy debugging and integration with an IDE. The downside is that anyone with access to this executable can use that extra information to decompile or reverse engineer the software. The executable can be protected using obfuscation techniques to prevent reverse engineering.
Programs written in .NET are not compiled to machine code that runs on the processor. Instead they are compiled into an intermediate language which then runs of a virtual machine, similar to Java. This code, being at a much higher level than binary code contains a lot of metadata that can be used to easily debug a program, but also can be recovered and used to find security vulnerabilities, steal ideas and remove protections.
A solution to this is to obfuscate the executable. Visual Studio provides a Dotfuscator tool for this purpose. The obfuscator renames and rearranges code while keeping the functionality intact. The obfuscator performs tasks such as removing non essential metadata that is used by the debuggers and IDE but is not needed to run the program. This can reduce the size of the executable and improve performance. This tool can also alter the control flow of the program, for example breaking up WHILE loops into IF statements to make it harder to trace through the code. Another useful feature is string encryption which prevents an attacker from easily locating critical sections of the program.
The structure of the .NET framework is such that it provides the ability for rapid software development and easy debugging by embedding extra metadata into assemblies. Unfortunately this information can also be used to reverse engineer software. Obfuscation provides an easy way to protect your code. -PM
|