[Mono-list] How to protect a mono application from reverse engineering?
jonpryor at vt.edu
Mon Oct 25 09:45:16 EDT 2010
On Mon, 2010-10-25 at 15:08 +0200, Stéphane C wrote:
> What I want to protect the most is the algorithms used in the
> application, they represent many years of research and development and
> we don't want them to fall into the hands of a competitor who is just
> running an IL disassembler.
Again, if possible you could move this code to be server-side.
Otherwise you're at best delaying things. That said...
> Trying to reverse-engineer native code using a debugger is a real pain
> when it comes to complex operations. I'm personally convinced that it
> would be a complete waste of time on this kind of software.
> Unfortunately, from what I can tell, mono aot compiler works by
> generating a dll/so file next to the ".exe" assembly, it seems that
> shipping this IL assembly is still required to start the application.
This is incorrect. Actual IL should not be required for AOT invocation
(or full-AOT invocation, I forget which; you may need full AOT). Thus,
after generating your (full-)AOT .so files, it should be possible to
"strip" the IL in your assemblies, leaving only type and member
declarations but no method IL. I'm fairly sure such tools already
exist, though I can't think of anything offhand.
As mentioned earlier, this will "kill" portability to different ABIs,
but that may not be very important for your use case.
More information about the Mono-list