[Mono-list] How to protect a mono application from reverse engineering?
Alan
alan.mcgovern at gmail.com
Mon Oct 25 10:42:45 EDT 2010
Just to expand on jonathans answer, you can strip all the method
bodies from your assembly once you AOT. The tool you're looking for is
'mono-cil-strip'. It's as simple as AOT'ing your assembly and then
running: mono-cil-strip in_file out_file. Anyone who decompiles the
binary will end up seeing a bunch of class names and method names, but
nothing inside the methods. That should be enough to dissuade all but
the most dedicated people.
Alan.
On Mon, Oct 25, 2010 at 2:45 PM, Jonathan Pryor <jonpryor at vt.edu> wrote:
> On Mon, 2010-10-25 at 15:08 +0200, Stéphane C wrote:
>> What I want to protect the most is the algorithms used in the
>> application, they represent many years of research and development and
>> we don't want them to fall into the hands of a competitor who is just
>> running an IL disassembler.
>
> Again, if possible you could move this code to be server-side.
> Otherwise you're at best delaying things. That said...
>
>> Trying to reverse-engineer native code using a debugger is a real pain
>> when it comes to complex operations. I'm personally convinced that it
>> would be a complete waste of time on this kind of software.
>> Unfortunately, from what I can tell, mono aot compiler works by
>> generating a dll/so file next to the ".exe" assembly, it seems that
>> shipping this IL assembly is still required to start the application.
>
> This is incorrect. Actual IL should not be required for AOT invocation
> (or full-AOT invocation, I forget which; you may need full AOT). Thus,
> after generating your (full-)AOT .so files, it should be possible to
> "strip" the IL in your assemblies, leaving only type and member
> declarations but no method IL. I'm fairly sure such tools already
> exist, though I can't think of anything offhand.
>
> As mentioned earlier, this will "kill" portability to different ABIs,
> but that may not be very important for your use case.
>
> - Jon
>
>
> _______________________________________________
> Mono-list maillist - Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
More information about the Mono-list
mailing list