|
Finally I find my job title: "the obfuscator"
William Shakespeare
Three sentences for getting SUCCESS:
a) Know more than other.
b) Work more than other.
c) Expect less than other.
|
|
|
|
|
Don't forget to wear a mask and a cape.
Why can't I be applicable like John? - Me, April 2011 ----- Beidh ceol, caint agus craic againn - Seán Bán Breathnach ----- Da mihi sis crustum Etruscum cum omnibus in eo! ----- Just because a thing is new don’t mean that it’s better - Will Rogers, September 4, 1932
|
|
|
|
|
I obfuscate less than 1% of my code. Only one or two crucial assemblies. The rest of the code is unobfuscated.
Why can't I be applicable like John? - Me, April 2011 ----- Beidh ceol, caint agus craic againn - Seán Bán Breathnach ----- Da mihi sis crustum Etruscum cum omnibus in eo! ----- Just because a thing is new don’t mean that it’s better - Will Rogers, September 4, 1932
|
|
|
|
|
Interesting, why do you only obfuscate those 2 assemblies? I would think of obfuscation as an all or nothing venture.
I think by obfuscating the "important" stuff you don't want me to see you, you're telling me which stuff is the important stuff you don't want me to see. Whereas if you obfuscated everything it would take more work to determine where the good stuff was.
|
|
|
|
|
You're right to a certain point, but I'm lazy so I'm only obfuscating the licensing components... The rest of the code is of no use to 99% of the people who would look at it as it is an application aimed at a very narrow niche.
Why can't I be applicable like John? - Me, April 2011 ----- Beidh ceol, caint agus craic againn - Seán Bán Breathnach ----- Da mihi sis crustum Etruscum cum omnibus in eo! ----- Just because a thing is new don’t mean that it’s better - Will Rogers, September 4, 1932
|
|
|
|
|
If you obfuscate only the licensing components then you are basically waving a red flag in front of this code saying "this is really really really important." People will know not to waste their time on the unobfuscated code and get to work on the really really really important code.
Just a thought.
m.bergman
For Bruce Schneier, quanta only have one state : afraid.
To succeed in the world it is not enough to be stupid, you must also be well-mannered. -- Voltaire
Honesty is the best policy, but insanity is a better defense. -- Steve Landesberg
|
|
|
|
|
You're right, but as I mentioned it's an app targeted at a very select clientele, and almost all of them will not know anything about how to crack software, probably not even be interested in it. Just a precaution to keep curious eyes away. If somebody cracks it all the same, it's not that big of a deal. You can't protect yourself completely anyway.
Why can't I be applicable like John? - Me, April 2011 ----- Beidh ceol, caint agus craic againn - Seán Bán Breathnach ----- Da mihi sis crustum Etruscum cum omnibus in eo! ----- Just because a thing is new don’t mean that it’s better - Will Rogers, September 4, 1932
|
|
|
|
|
The same principle works when Google Maps (and others) blacks out certain areas.
|
|
|
|
|
Obfuscation protects IP? Who are we kidding here. It does nothing of the sort. The only thing it does it making it harder for the average script kiddie to reverse engineer your code - and he'll just download a de-obfuscator so it wouldn't even be That hard.
A script kiddie isn't going eat into your profits. Professionals will have no trouble reverse engineering your code - even assuming "worse than anything currently on the market" obfuscation they could fire up OllyDbg or equivalent and read the JITted code.
No, it's not going to actually help. What it can do though is make your manager/boss/legal dept. happy.
|
|
|
|
|
If done correctly it can be just another layer of CYA. One place I worked was actually hard coding connection strings to the DB in their software. Obfuscation would at least make that harder to spot. If somebody is going to rip you off you might not be able to stop them but you can at least make them work for it.
And as everybody knows connection strings belong in plain text config files sitting in your projects root directory.
|
|
|
|
|
Connection strings do not belong anywhere. If you put them anywhere in any form, that's security by obscurity at best.
|
|
|
|
|
If you have some secret algorithms, it might make sense to hide it, but if it's Plain old Programming, I don't think there's much advantage to obfuscating it. My sense is that obfuscation serves either to hide algorithms, or to make your work unmaintainable as shipped. If you think someone is going to take the entire work and start competing against you with your own code, then you probably have a pretty good lawsuit for copyright violation.
And when it comes to ordinary programming techniques, don't we naturally share these? I mean, here we are on CP, writing and sharing articles in order to educate each other.
|
|
|
|
|
A lot of programmers I've met over the years write obfuscated code.
Oh you mean a commercial product...No need.
|
|
|
|
|
If anyone in the office could decompile or otherwise reverse engineer my code, they would be in my department. And if any of our field reps were capable of cracking into the website's App_Code folder... nah. Most of them can bare use email.
|
|
|
|
|
Well, security is key. Never know.
Sir.Dre
|
|
|
|
|
That's the option I would have chosen
Look at me still talking when there's science to do
When I look out there it makes me glad I'm not you
|
|
|
|
|
I second this one. Although I would rather put it as "I think we should", as I don't really know how much harder it actually is. While I'm reading through some of the comments here, I'm beginning to wonder if it even makes that much of a difference.
|
|
|
|
|
When I look out there it makes me glad I
Yeah, same here , phuk u 2
|
|
|
|
|
We are UI vendors and we do share the source with the customers in one of our licensing method. Though any one can de compile it from the assemblies, there are laws that covers it all.
|
|
|
|
|
How to keep people from stealing your code.
Put this at the top of the code, as a comment.
/* This code was built to destroy your computer and spy on you. Please, DO NOT RUN this code! USE AT YOUR OWN RISK!!! */
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein
"Few things are harder to put up with than the annoyance of a good example." Mark Twain
|
|
|
|
|
or simply add
/* This code never crashed an Windows OS pc, Use at your risk */
|
|
|
|
|
You might say I am to coding what Jackson Pollock was to painting.
Peter Wasser
Art is making something out of nothing and selling it.
Frank Zappa
|
|
|
|
|
So you're an abstract programmer?
m.bergman
For Bruce Schneier, quanta only have one state : afraid.
To succeed in the world it is not enough to be stupid, you must also be well-mannered. -- Voltaire
Honesty is the best policy, but insanity is a better defense. -- Steve Landesberg
|
|
|
|
|
Our company keeps all the code (all the versions, branches) in a file server. It is accessible for all employees, and anyone can copy arbitrary amount of files to their thumb drives. However, each file is protected with a copyright notice on top of the file stating that "IT IS COMPANY PROPERTY, AND YOU SHOULDN'T MESS WITH IT!".
I think that's enough protection. Because nobody cares to steel it, it's so easily accessible.
|
|
|
|
|
No, we don't. Our stuff is mostly internal and away from prying eyes.
"the meat from that butcher is just the dogs danglies, absolutely amazing cuts of beef." - DaveAuld (2011) "No, that is just the earthly manifestation of the Great God Retardon." - Nagy Vilmos (2011)
"It is the celestial scrotum of good luck!" - Nagy Vilmos (2011)
|
|
|
|