HOME
|
|
HOME |
|
DOWNLOADS |
|
|
|
|
|
|
|
Exposing your software’s inner workings
is as easy as… |
|
|
Key Threats · Loss of Intellectual Property · Hackers looking for weak links in your system · Viruses scanning your software for holes and/or sending your code back to the virus writer What makes this possible? Links to further reading |
If its .Net then its open source...almost
The .NET Framework ships with a decompiler (ILDASM.exe) that allows you to reverse engineer .NET assemblies into Microsoft Intermediate Language (MSIL) instructions with ease. There are several applications available on the Internet that will take a .Net assembly file as an input and return what looks unbelievably close to your original code. How hard would it be for a competitor to get a copy of one of your files? Impossible? Ok then no problem. Do you ship your software outside of your business walls? How about an employee leaving with a few files burnt on a CD? Maybe competitors are not your issue. What do you think about a virus or spy ware app finding its way onto a PC with your software on it and decompiling all your .Net files looking for paths, addresses, ports, login info, or worse? Being able to do this is very helpful and just plain cool for a software developer. However this also requires the developer to think very carefully about what types of information they may be putting into these files. You most certainly do not want any type of login information stored in a .Net file such as usernames or passwords. For the owner of a company the feeling may be much different. The theft of intellectual property is a real issue in many industries. Although security conscious systems engineers are always dealing with intruders, spy ware, and virus attacks; having this additional vulnerability probably isn’t welcome. If you are thinking that your code is only
obtainable by a select group of hackers with specialized skills think again.
From the time this compiler was downloaded until the time this code was generated took all of one minute; hardly a difficult task. Many developers wouldn’t bother trying to reverse engineer your code to get at your trade secrets, but when it is this easy... it becomes very tempting. Not only are these tools easy to come by, they are easy to use as well. Go to the File menu, click Open, navigate to a file on the hard disk, select it, and click Open again. Now all of your code is broken out into a well organized tree for easy searching. With just a few clicks, searching for a method can be done quickly; now your reverse engineered code is just a copy-paste away for anyone to view, distribute, copy, or manipulate. |
Below
is a small screenshot of a .Net decompiler in action. In this case you are
seeing Microsoft’s own System.Security.Principal file being reverse
engineered back into source code.