.NET Zone is brought to you in partnership with:

Den is a DZone Zone Leader and has posted 460 posts at DZone. You can read more from them at their website. View Full User Profile

.NET Decompilation is Common: Be Aware

  • submit to reddit

A while ago I ran a poll asking .NET developers whether they reverse engineer applications that weren't created by them. The results were predictable, and from 110 total votes we got, 84 were cast for yes. As I mentioned before, .NET decompilation is extremely easy in multiple situations where developers do not obfuscate their code. Whether you want it or not, but if no precautions are taken, your code will most likely be torn apart.

I should mention, that code reflection is not a bad thing. Despite the common misconception, disassembling other's code has educational value. If you were developing with the .NET platform at least a year, you probably peeked at existing Microsoft .NET assemblies at least once. It is a great way to see how a re-usable codebase is built. It also allows (in very seldom cases) to see how existing framework code can be optimized and adapted to a specific task.

But does this mean that .NET code is not secure and should not be used for applications that have sensitive elements integrated in their source? No. Are there any solutions that can reduce the chances of your source code being disassembled? Yes.

The answer is obfuscation. Here are some resources that might help you learn more about obfuscation:

Obfuscation, however, is not a completely bulletproof solution. At the end of the day, there is always going to be a slight risk with your code being decompiled, whether it is written in managed or native code. Decompilers exists even for obfuscated code.


Imdadyano Yano replied on Tue, 2012/03/13 - 6:22am


I really appreciate you for throwing light on this i.e. using reflector to decompile the code. Even I decompile a lot of code from the Dll or other projects that are available. But I think sometimes this one is very helpful but at the same time someone can get access to our code. I will go to links where obfuscator is implemented or the links you have recommended. THanks once again for this I really appreciate thi. Thnaks

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.