NET applications are said to be easy to reverse engineer. Software sold commercially may be subject to copyright infringement if the content of the code is the company’s own special technology.
Also, regardless of commercial use, if the application contains user IDs, passwords, etc. to enter the company’s servers, it is a bad idea from a security standpoint.
It is said that reverse engineering cannot be completely prevented, but it can be prevented to some extent by using obfuscation tools.
First, to see how easy it is to reverse engineer, we will try with ILSpy, a reverse engineering tool for .NET applications.
Download ILSpy
Dowload the ILSpy binary file from GitHub.
Download ILSpy_binaries_4.0.1.4530.zip.
*This is the current version as of 3/4/2019.
Unzip the ZIP file to a desired location. No installation is required, so start ILSpy.exe directly by double-clicking it.
Since various things are loaded by default, select all of them with “Ctrl” + “A” in the white frame on the left, right-click, and click “Remove”.
Drag and drop the EXE file into the white frame on the left. Or click on the folder icon to select the EXE file. In this example, drag and drop the “ConsoleApplication1.exe” file.
In this sample, the source is in Program.cs, so select “Program”. The “+” button is closed by default, so right click in the yellow box on the right and click “Toggle All Folding” to expand them all.
Actual Source code
using System;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace ConsoleApplication1
{
class Program
{
//password
string password = "abcABC123456789";
static void Main(string[] args)
{
CountNum();
}
//count
private static void CountNum()
{
string test = "aa";
for (int i = 0; i < 100; i++)
{
for (int j = 0; j < 50; j++)
{
test = "test" + i.ToString() + j.ToString();
}
}
}
}
}
ILSpy
It is almost the same as before. The only thing I would say is that comments are not loaded.
ILSpy can be helpful in some situations if it is not abused. If the software used in your company was written a long time ago, and the person in charge at that time has retired and cannot be contacted, and the original source code has gone somewhere, it would be helpful to be able to see what is inside.
I had downloaded it from sourceforge until now, and Ver. 2.2 on June 29, 2014 was the last updated version. Thank you! (Thank you, TACO!). (Thank you, TACO!) Wow, now it’s up to 4.0.
So I updated the download procedure to the GitHub version.
I haven’t used ILSpy for a long time, but I remembered that I had a real problem with it a long time ago and ILSpy helped me a lot.
A few years ago, a client told me that they wanted to rework an old application, but they didn’t have the source code and they had a design document. I received a set of what was available, but although the design and table definitions were vaguely present, they were incomplete documents that seemed to have not been properly rewritten for the additional changes after development.
The application was full of items that were displayed in the application that had no data source or logic, such as, “Where did this content come from? I had no idea where the data was coming from or the logic behind it.
At that time, ILSpy helped me a lot. When I looked at the source code after decompiling it with ILSpy, I found that the choices were hard-coded in the program, and the logic was branching depending on the choices, and without a design document, I was at my wits’ end.
コメント