Comments on: Obfuscation? Gesundheit!

By: .NET Obfuscators : C# 411

.NET Obfuscators : C# 411 — Tue, 29 Apr 2008 16:43:45 +0000

[...] Obfuscation? Gesundheit! [...]

By: Gourav

Gourav — Thu, 03 Apr 2008 12:28:21 +0000

Nice article

By: Timm

Timm — Wed, 30 Jan 2008 15:34:14 +0000

wcoenen:

You bring up some very good discussion points. I don't know of any formal studies regarding obfuscation, but absent hard scientific data, sometimes one has to make decisions based on common sense.

For example, you are correct that business logic is relatively easy to decipher just by studying how software works, but it still takes a lot of effort to write the detailed code. An application we developed recently took 14 months of coding by ten highly skilled developers. So naturally one would expect that it would take a competitor somewhere around 140 man-months to copy our software, maybe a little less with our application as a guide. But without obfuscation, a competitor armed with a good decompiler could reproduce our entire application in about 10 minutes. Without obfuscation, you might as well publish your original C# source code on the Web.

Regarding piracy, our experience is that piracy does indeed affect sales. Given a choice between paying and getting something for free, especially when it comes to something intangible such as software or music or web content, most people will choose free. If you read the blogs of very successful shareware authors such as Nick Bradbury (HomeSite, TopStyle, FeedDemon) and Chris Thornton (Clipmate), they are able to detect exactly when their software is cracked and posted on the Web because of a sudden dramatic drop in sales. While there may be a small percentage of customers who obtain software via piracy but then develop a conscience and later pay, marketing through piracy is not a winning strategy. A better strategy is to provide a basic free version of your software and have an advanced pay version.

Bottom line, if you feel comfortable posting your source code on the web, then obfuscation will not benefit you. But if your source code and intellectual property is something you wish to protect, then obfuscation is a must for .NET applications and libraries.

Thank you for commenting!

By: wcoenen

wcoenen — Wed, 30 Jan 2008 14:52:39 +0000

Do there exist studies which show that obfuscation decreases piracy or reverse engineering?

Even if piracy is decreased, is revenue increased? Piracy doesn't necessarily equal lost sales. It may even have the opposite effect of free advertising.

As for protecting your business logic from competitors reverse engineering it… What kind of applications are we talking about here? The business logic of a typical applications is more or less trivial to figure out by just using the application.

I'm not so sure this obfuscation thing is useful at all. I'll believe it when I see some real data.

By: Alex

Alex — Sun, 06 Jan 2008 23:32:15 +0000

Reactor is not bat at all, however the support is the worst ever.
They stop responding to your emails if something is wrong.
For instance it you install a new hard drive in your computer ,
the Reactor license expires and you will never ever get your license
from the vendor.

By: Sameera

Sameera — Tue, 16 Oct 2007 03:43:09 +0000

Hi,
Can you please let me know of your experiance with .NET Reactor. We are considering it vs. {smartassembly}. The problem with Reactor is that there's hardly any reviews on it other than those on download sites (which are hard to trust).
Any input from you would be great.

Thanks.

By: Timm

Timm — Thu, 26 Jul 2007 14:40:45 +0000

Update: We are switching obfuscators from Xenocode to Eziriz .NET Reactor. Article and obfuscator review coming soon…