How to avoid .NET DLL files from being disassembled? [duplicate]

This question already has answers here: How can I protect my .NET assemblies from decompilation? (13 answers) Closed 5 years ago.

I am writing a .NET application (a Windows class library) for implementing the licensing our product.

The开发者_开发百科 problem is that the DLL can be easily disassembled by the MSIL disassembler or any other third-party tools and one can easily break the code.

I have even tried signing the assembly, but still it can be disassembled.

So how do I prevent this?

Is there any tool to available for this?

---

Check out the answers for this question.
You cannot achieve complete protection, but you can hinder disassembly in ways that make it more difficult for people to succeed at it. There are more ways to do this, some of them detailed in the answers to the question in my link above:

• Obfuscate your code.
• Use public/private key or asymmetric encryption to generate product license keys.
• Use a packer to pack your .NET executable into an encrypted w32 wrapper application.

What I would add would be incremental updating, both for your core functionality and the protection code, so your users will constantly benefit from the new features while making crackers lag behind you in breaking your software. If you can release faster than they can break and distribute your software, you are in gain. Legitimate users will always have technical support and a word to say regarding new features. They are your best market, as the ones who crack your software wouldn't have payed for it anyway.

---

You can't, but you can use an obfuscator so that it's impossible to make sense out of your code.

For example, have a look at Dotfuscator.

The community edition of this program is included with Visual Studio.

---

.NET has an attribute called SuppressIldasmAttribute which prevents disassembling the code. For example, consider the following code:

using System;
using System.Text;
using System.Runtime.CompilerServices;

[assembly: SuppressIldasmAttribute()]

namespace HelloWorld
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello world...");
        }
    }
}

As you can see, there are just two differences:

1. We have added System.Runtime.CompilerServices namespace decleration.
2. We have added [assembly: SuppressIldasmAttribute()] attribute.

After building the application in Visual Studio, when we try to open the resulting EXE file in ILDASM, now we get the error message.

---

Anything written for the .NET framework is subject to disassembly. You cannot prevent it.

There are obfuscation tools available that will change variable names and insert other 'noise' into your IL, for instance Dotfuscator.

You might want to consider taking another approach with your licensing library, that is, using something else other than .NET, if licensing your product is absolutely necessary.

---

As mentioned above in the selected answer, there is no true full proof way to secure you code. Even in something like c++, if your applications code is in your customers hands : Eg - they have physical access to the binary, that application could potentially be disassembled.

The solution would be to keep the functionality that you are licensing, out of reach of people who may want to disassemble it, let them use it, but don't let them hold it.

Consider using :

1. Web Services Keep your marketable content server side and beyond the reach of your clients. They can use it, but not examine the code.
2. Encrypted Binaries and Online Binaries Maybe even streaming assemblies in an encrypted format to a wrapper application. Keep your decryption keys server side to prevent offline disassembly. This might be circumvented however if someone found a way of exporting the assembly from the app domain of the application, once it has loaded it. (You cannot load an encrypted binary, so an end user might wait until your application has done the work of decryption, then exploit that to export the finished binary) (I was investigating a way to accomplish this (the exporting) - I didn't quite get it working, doesn't mean someone else wont)

The only thing to remember is that ANY code, no matter how well coded it may be, is vulnerable if it is on a users system. You have to assume the worst when you put binaries on their system. A really talented Engineer can disassemble any dll, be it c++ or c#.