We create a greate deal of DLL addins for Inventor using microsoft VB.NET. The code security is very important to us. I hear certain program such " Lutz Roeder's Reflector " can reverse engineer the DLL assemblies and get the actual code from it. This would cause concern when we deploy the DLL to various users.
So, is it true that DLL from VB.NET (or C# and C++) is so vulnerable from reverse engineering? if yes, what is any practice to add security to it?
It is a surprise there is no message in this forum on this imporant issue. Hope someone can help out or shed a light on that.
Thanks a lot
You are correct about the code being reversable and there are lots of programs to achieve this.
There are some things you can do do protect your addins but there is nothing stopping someone with enough skills from bypassing any security you use.You have to weigh up if it is worth protecting your addins as it requires more time & effort and if you go for a third party solution, cost is an issue.
Here are a few things you can do that will provide some basic protection.
* Compile using the signed dll option (I don't do this because it's a pain updating & installing etc.)
* Use obfuscation (google for more info, lots of software to choose from)
* Use a built in protection of your own design (this won't provide much security unless your a codeing genius [which I am not ] but at least it will provide a deterrent for someone who just tries to flat out copy and paste the addins)
* Use a third party protection (lots to choose from but make sure it is implemented correctly as the weak point in a lot of third party software is how people implement it)
I use a basic serial number protection for only a handful of my addins and the rest I don't bother because it's not worth the extra time for me to do it and I share them around anyway.
Hope this info helps you out. Google is your friend on this one, plenty of info out there.
Thank you very much. Your information is very helpful.
Looks like I have to add some disguised code or take out all the comments to make the possible-reversable code more difficult to follow. Is it another way? ^_^
I do not see more ways than Matt advised. You may need to google to choose the way which is best to you.
It is my understanding that code that is reverse engineered using these tools will already have the comments removed. The comments are of no use to the compiler, and therefore not compiled into the .dll or .exe you are creating.
Access a broad range of knowledge to help get the most out of your products and services.