Protect .NET code from reverse engineering?

I can recommend using Obfuscator.

I also made some considerataions regarding hacking security in my design and wanna add them as some of them seem not to be mentioned:

I have a scripting interface in my application. To ensure, Scripts can only call methods which are intended to be called by (python)-scripts i have a scriptvisibilityattribute and System.Dynamic.DynamicMetaObjectProvider which recognizes these attributes.

Licenses use public/private key.

ViewModels need to be unlocked giving a password to a unlock function.

CoreRoutines may be implemented on a dongle. (There are dongles around which support that)

Big solution like wrappers was not planned.

Of course this scripting/viewModel apporach doesnt make it impossible to unlock and call script-nonvisible functions from the code but it makes it a bit more difficult doing so - like with all that's related to anti-hacking-efforts.

Yes, .NET binaries (EXE and DLL) can be easily decompiled to nearly source code. Check the tool .NET Reflector. Just try it against any .NET binary file. The best option is to obfuscate files, they still can be decompiled by .NET Reflector, but they create an unreadable mess. I don't think that good obfuscators would be free or cheap. The one is Dotfuscator Community Edition that comes with Visual Studio.

The best answer is the first one from the small developer speaking from his own expierence, all the anti-reversing techniques discussed above are 101 textbook cases for any serious reverse-engineer.

Some commercial DRM solutions are pretty decent, but they crack every triple AAA game with custom DRM solutions all the time within hours (or days). Only the introduction of a completely new DRM solution - sometimes - delays in inevitable for perhaps a couple of weeks.

Getting the most out of the DRM costs a lot of time & money and can easily hurt performance, reliability, compatibility/portability and customer-relations in general. Either stick with some decent commercial DRM without trying to be too smart about and take your (less) losses or just forget about it totally ...

One example of a DRM solution which dug it's own (commercial) grave: http://en.wikipedia.org/wiki/StarForce

According bellow question in microsoft blog :

https://blogs.msdn.microsoft.com/amb/2011/05/27/how-to-prevent-ildasm-from-disassembling-my-net-code/

How can I prevent ILDASM from disassembling an assembly?

.NET has an attribute called SuppressIldasmAttribute which prevents disassembling the code. For example, consider the following code :

using System;
using System.Text;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasmAttribute()]

namespace HelloWorld
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello world...");
        }
    }
}

As you can see, there are just two differences:

1. We have added System.Runtime.CompilerServices namespace deceleration.

2. We have added [assembly: SuppressIldasmAttribute()] attribute.

After building the application in Visual Studio, when we try to open the resulting EXE file in ILDASM, now we get the following message :

Looks like native forever and no needs in obfuscators now; Looks like net core RT workable solutions; soon all apps will go to .net core; https://www.codeproject.com/Articles/5262251/Generate-Native-Executable-from-NET-Core-3-1-Proje?msg=5753507#xx5753507xx https://learn.microsoft.com/en-us/archive/msdn-magazine/2018/november/net-core-publishing-options-with-net-core

not tested maybe with old win .net sdk possible do similar.

I see this topic in 2 major aspects.

A) Is .NET only be reverse engineered and native not ?

B) What type of programmer we are Commercial/Hobbyist ?

Title: Protect .NET code from reverse engineering

My view:

1. Least preference to make commercial application in .NET, because it will expose even your comments on the built binary after decompile. (I don't know what is the logic to include the comments also with binary) So any one can just decompile it, rename/modify/change the look and resell the application in 24 hours.

2. In native application rename/modify/change of look is not possible as easy as one could do in .NET

3. Worried part in .NET is that you could get the whole project with solution from a single binary exe/dll.

Just imagine how week it is in security. So even a lay man could reverse engineering the .NET application easily.

4. If it is native application like C++/VB6/Delphi only expert cracker who knows ASM could patch the exe and not 100% reverse engineering like .NET.

But now the whole world is running behind the .NET because it is very easy to make projects with the advance features and libraries.

5. Good News is that Microsoft seems supporting native output from .NET in 2020 which will make coders like me to consider .NET C# as a primary language.

https://www.codeproject.com/Articles/5262251/Generate-Native-Executable-from-NET-Core-3-1-Proje?msg=5755590#xx5755590xx

Use Skater .NET obfuscator. That .NET protection tool works against de4dot, the deobfuscator that renames original-protected assembly members names to human readable strings. Skater fights against that!

Recently MindSystemm group has released a special tool called Skater.NetDeobfuscator [url: https://github.com/MindSystemm/Skater.NetDeobfuscator] which exploits the vulnerabilities of the Skater .NET obfuscator. The developer of the obfuscator, Rustemsoft LLC, received a signal of an urgent need to protect the critical Skater .NET obfuscator algorithms and software infrastructure in order to provide Skater users with stronger source code protection. That has been resolved.