How Protect .NET code from reverse engineering

[sddd1]

As per my understanding, we can reverse engineer any compiled dll whose source language is a .net language like c#,vb.net.

There are many tools availablein the market for obfuscation and prevent reverse engineering of the dll.

 

[Skydiver]

Your understanding is correct.

Be aware that all obfuscation will do is slowdown a determined attacker and possibly convince them to go for easier pickings, though. It's not bullet proof like strong encryption.

Do you have a question?

 

[Skydiver]

The answer above is for the current way .NET apps are typically built. I should also mention that MS is also doing some forays into ahead-of-time compilation of .NET IL languages (C#, VB.NET, F#, etc.) directly into native instructions for the target platforms. I don't know the quality of the generated code and whether that will also be as easy to reverse engineer, or if it will be comparable to the difficulty of reverse engineering other languages that eventually get compiled to native.

 

[Skydiver]

Another thing I will mention on this thread. Most people over estimate the value of the Intellectual Property they think they are trying to protect within their assemblies. There are very few truly original ideas at present, which someone else can't figure out how to reimplement in a whitebox environment without having to see your code.

If it is truly valuable IP, keep it running server side and just expose as an API. If what you are trying to protect is actually local secret information (as opposed to a secret algorithm or process) then encryption rather than obfuscation is a much better approach. Security experts will tell you that security through obscurity is not true security.