I am having the following scenario:
I need to dynamically compile an assembly at client machine, so currently I am deploying the source of that assembly along with my primary executable and then using MSBuild to dynamically compile the source into an assembly.
Since I don't want to openly distribute my source along with the application, I am thinking of shipping the encrypted source files and then decrypting it at client machine before building. But even here, anyone can stop the execution after decrypting point and my source will be there unencrypted before it is compiled and source deleted.
Is there a way I can protect my source and at the same time compile it at the client location?
PS: I know it is best to stop worrying about theft of source code but I also don't want to make it available so easily to a script kiddie.
Edit: I probably need an obfuscating tool which converts source code into obfuscated code (not obfuscated assembly). Then, I can ship this obfuscated code along with my application and compile it on the fly.
- 565
- 5
- 18
2 Answers
You could make use of Obfuscation (Obfuscation in .NET), which essentially will make your code difficult to understand for a human reader.
If that still doesn't cut it for you, then you might consider creating your logic as web services and you then simply expose your API instead of the entire solution. That being said, this will most likely end up being more work since you will have to create a client application which will consume your web services.
EDIT:
As per your comment, you might want to take a look at this MSDN page which shows how can the obfuscation process be automated by calling Dotfuscator. This should ship freely with your IDE. In my case, I have an MSI file (I think you need to install it first) located here: {VS2010 ISO}\WCU\Dotfuscator\DotfuscatorCE.msi
-
For the obfuscation part, I would need a free tool which provides obfuscation through an API or commandline, since I would need to do it through code. I am not aware of any such obfuscator. Please let me know if you know any. And I don't wish to involve Web services. – Samarsh Jan 30 '14 at 06:30
-
Thanks, just one thing, Do I have the rights to it be ship it to client machine as well? – Samarsh Jan 30 '14 at 07:04
-
@HarshMaurya: Unfortunately I do not know. – npinti Jan 30 '14 at 07:14
-
After some thought, I realized that obfuscators aren't going to work here. Because obfuscator will convert the source code into obfuscated assembly(not obfuscated source code), which brings me to the same situation that at some point my code is un-obfuscated. If however, some tool can obfuscate source code into obfuscated source code or IL, then I can ship this version of code along with my application. – Samarsh Jan 30 '14 at 08:44
-
@HarshMaurya you mean you don't know about ILDasm which is part of SDK? Compile -> obfuscate -> ILDasm and you get IL of obfuscated code... – Alexei Levenkov Jan 30 '14 at 09:03
-
I didn't knew I could export the IL as well using ILDASM :) But thanks anyways. That solves my problem. Marking it as answer – Samarsh Jan 30 '14 at 09:15
Random suggestions:
For slightly hiding code you can embed it as resources into your assemblies and save before compiling.
As additional step you can save as IL instead of C# - may be more painful to do but harder to read (especially if you use IL of obfuscated code).
Or use CodeDOM or IL builders to create assemblies from code directly.
Indeed it may be better to reorganize code so you don't need to include your code at all and just add client's code...
- 98,904
- 14
- 127
- 179
-
I am indeed hiding it inside resource but that isn't the solution. And IL code can be as easily decompiled into any CLS compliant language. – Samarsh Jan 30 '14 at 08:47