[Mono-list] How to protect a mono application from reverse engineering?

Abe Gillespie abe.gillespie at gmail.com
Sun Oct 24 13:40:59 EDT 2010


Disclaimer: personal opinions.

The easy answer - don't worry about it.  There's the school of thought
that the resources required to defend yourself against the threat way
outweighs the benefit from doing so.  Focus your time and efforts on a
great product and one that's well supported by your company.  The
people / clients that matter will flock to you for your expertise and
pay you for it.

Another thing to consider is pirating may actually be *good* for your
product.  Consider Adobe Photoshop.  Next to Office or Windows it's
probably the most pirated consumer grade software out there.  I'm sure
Adobe cringes at the fact but think just how much influence it's had
on the market.  Would PS be that popular on its on accord?  I submit
no.  I think PS would not be nearly as popular w/o the rampent
pirating.  Eventually that popularity returns real dividends to
Adobe's profits - the kid in school with stolen PS eventually enters
the marketplace and demands PS, the blogger doing PS tutorials
influences other upstanding consumers.

The hard answer - AOT.  I don't think you totally understand the
documentation.  You can do a full AOT compilation and ship binaries.
Now I haven't done this myself but I know for a fact this is how
MonoTouch works today and must be the method Miguel and Co. use.

But this comes with the huge drawback that you can no longer take
advantage of a virtual machine's "run anywhere" capability.  You'll
have to compile, ship, install, and manage an image for each platform
you target.  The problem only magnifies when you have to send out
patches, updates, and / or additions during the lifecycle of your
software.  Again, the "too much effort for what it's worth" argument
applies.

The other option is to obfuscate as you've already mentioned.

On Sun, Oct 24, 2010 at 12:42 PM, Stéphane C <skip5500 at hotmail.com> wrote:
> H
> Hello,
>
> I am currently evaluating mono as a replacement of Qt/C++ for a commercial
> application but I'm a bit worried about the way it compiles. Extracting the
> source code from an IL assembly seems a very easy task, in fact I found it
> quite alarming, thus I am looking for ways to protect my application.
>
> So far I have found commercially supported native compilers for .Net but
> they don't seem to cover linux and the mono world. Regarding Mono own AOT
> compiler, it looks like it stills requires you to ship your IL code because
> it works like microsoft ngen. On the other hand, I really don't think
> obfuscation is a good solution.
>
> It's not that I'm a paranoid, thinking the entire world is going to hack my
> software but I need to prevent people from running modified versions of some
> crucial parts.
>
> Any advice welcome!
> Thanks in advance
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
>


More information about the Mono-list mailing list