|
I second this one. Although I would rather put it as "I think we should", as I don't really know how much harder it actually is. While I'm reading through some of the comments here, I'm beginning to wonder if it even makes that much of a difference.
|
|
|
|
|
When I look out there it makes me glad I
Yeah, same here , phuk u 2
|
|
|
|
|
We are UI vendors and we do share the source with the customers in one of our licensing method. Though any one can de compile it from the assemblies, there are laws that covers it all.
|
|
|
|
|
How to keep people from stealing your code.
Put this at the top of the code, as a comment.
/* This code was built to destroy your computer and spy on you. Please, DO NOT RUN this code! USE AT YOUR OWN RISK!!! */
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein
"Few things are harder to put up with than the annoyance of a good example." Mark Twain
|
|
|
|
|
or simply add
/* This code never crashed an Windows OS pc, Use at your risk */
|
|
|
|
|
You might say I am to coding what Jackson Pollock was to painting.
Peter Wasser
Art is making something out of nothing and selling it.
Frank Zappa
|
|
|
|
|
So you're an abstract programmer?
m.bergman
For Bruce Schneier, quanta only have one state : afraid.
To succeed in the world it is not enough to be stupid, you must also be well-mannered. -- Voltaire
Honesty is the best policy, but insanity is a better defense. -- Steve Landesberg
|
|
|
|
|
Our company keeps all the code (all the versions, branches) in a file server. It is accessible for all employees, and anyone can copy arbitrary amount of files to their thumb drives. However, each file is protected with a copyright notice on top of the file stating that "IT IS COMPANY PROPERTY, AND YOU SHOULDN'T MESS WITH IT!".
I think that's enough protection. Because nobody cares to steel it, it's so easily accessible.
|
|
|
|
|
No, we don't. Our stuff is mostly internal and away from prying eyes.
"the meat from that butcher is just the dogs danglies, absolutely amazing cuts of beef." - DaveAuld (2011) "No, that is just the earthly manifestation of the Great God Retardon." - Nagy Vilmos (2011)
"It is the celestial scrotum of good luck!" - Nagy Vilmos (2011)
|
|
|
|
|
Anyone who worked back in the day of the K&R C probably had a disassembler (so you could optimize parts of your code) which would generate labeled subroutines, variables, etc. You could then use grep to find tokens and replace them with more meaningful names.
Seriously, obfuscation is a silly exercise which saves your code for a better thief and if you were really interested in protecting your code you would go with encryption.
m.bergman
For Bruce Schneier, quanta only have one state : afraid.
To succeed in the world it is not enough to be stupid, you must also be well-mannered. -- Voltaire
Honesty is the best policy, but insanity is a better defense. -- Steve Landesberg
|
|
|
|
|
As our apps are in-house only (or rather, so-far), I document them continuously as they're written in an attempt to make it as plain as possibly what's going on.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "As far as we know, our computer has never had an undetected error." - Weisert | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Our customers are all internal, and all code is run on internal servers that can't be seen from the outside.
|
|
|
|
|
I don't think we do any obfucation per se, but we do minify[^] our JavaScript code and it ends up pretty obfuscated.
|
|
|
|
|
At least thats what the other programmers in the office say...
If you vote me down, my score will only get lower
|
|
|
|
|
I've done it for one set of apps; where Customer A brokered our selling something we originally developed for them to Customer B; but insisted that we preclude non-trivial reverse engineering.
Since every .net obfuscator tool company also claims their advanced reflection tool is able to break every competitors obfuscation tool; I suspect that A just ordered us to waste a few thousand of B's money directly; and a few more thousand if they want to be snoopy. With our contract in the 7 figure range and the total system being significantly more the roadblocks put in added up to rounding error.
OTOH our software lead says if he knew about this requirement back when we started deving for Customer A; he'd've insisted on MFC, and that without being able to give A a security blanket we'd've probably had to port all the backend logic to C/C++ before selling to B, so I guess it wasn't entirely a waste.
Other than this we haven't bothered because the whole thing is a crock of elephanting fertilizer; which actually should be a 2nd new option: No because anyone with skills can still reverse it.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Agreed, there should be a sometimes option.
|
|
|
|
|
Obfuscation is about making it harder to reverse engineer an application.
Its purpose is not to completely stop a decompile of an .NET application, but to discourage it.
Anyone with the required skills, given the resources, can decompile even a Win32/VC++ application which is compiled to assembly language.
|
|
|
|
|
As I said the intent was to preclude "preclude non-trivial reverse engineering". Any yahoo can fire up a reflector and have a useable source listing of a standard .net program in minutes. There's no general purpose tool to convert asm back to C/C++ that I'm aware of; so anyone wanting to muck around in your codebase will have to work for it.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
IDA Pro Advanced with the HexRays plugin does a pretty good job of turning machine-code (binary executables for all sorts of platforms) back into C.
Used it ages ago to work out how windows calculator draws coloured text on it's buttons. Sure, I could have custom-coded it - but the approach used allows for the colours to fade gently as they do in calc after a button has been moused-over.
|
|
|
|
|
Thanks for the tip; I'll have to take a look at it sometime.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
My code is so badly written that people either cannot read it or do not wish to.
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
English League Tables - Live
|
|
|
|
|
Brilliant.
"the meat from that butcher is just the dogs danglies, absolutely amazing cuts of beef." - DaveAuld (2011) "No, that is just the earthly manifestation of the Great God Retardon." - Nagy Vilmos (2011)
"It is the celestial scrotum of good luck!" - Nagy Vilmos (2011)
|
|
|
|
|
despite this achivement you aren't the lead architect at Microsoft
|
|
|
|
|
What about the option - we don't, but we're considering it. I know that as more of our companies code becomes managed, we're starting to consider obfuscation.
|
|
|
|
|
Many years ago, my ex-colleague used to use an .NET tool on trial mode. Using reflector, he can see that there is a method called GenerateKey. He wrote an app to call that method and used the generated key to input into the tool to turn it to a full fledged product.
I believe developer should not have added product key generator capability into the the software. I wondered how many developers gotten that tool for free.
|
|
|
|