[Mono-list] How to protect a mono application from reverse engineering?
alan.mcgovern at gmail.com
Mon Oct 25 10:42:45 EDT 2010
Just to expand on jonathans answer, you can strip all the method
bodies from your assembly once you AOT. The tool you're looking for is
'mono-cil-strip'. It's as simple as AOT'ing your assembly and then
running: mono-cil-strip in_file out_file. Anyone who decompiles the
binary will end up seeing a bunch of class names and method names, but
nothing inside the methods. That should be enough to dissuade all but
the most dedicated people.
On Mon, Oct 25, 2010 at 2:45 PM, Jonathan Pryor <jonpryor at vt.edu> wrote:
> On Mon, 2010-10-25 at 15:08 +0200, Stéphane C wrote:
>> What I want to protect the most is the algorithms used in the
>> application, they represent many years of research and development and
>> we don't want them to fall into the hands of a competitor who is just
>> running an IL disassembler.
> Again, if possible you could move this code to be server-side.
> Otherwise you're at best delaying things. That said...
>> Trying to reverse-engineer native code using a debugger is a real pain
>> when it comes to complex operations. I'm personally convinced that it
>> would be a complete waste of time on this kind of software.
>> Unfortunately, from what I can tell, mono aot compiler works by
>> generating a dll/so file next to the ".exe" assembly, it seems that
>> shipping this IL assembly is still required to start the application.
> This is incorrect. Actual IL should not be required for AOT invocation
> (or full-AOT invocation, I forget which; you may need full AOT). Thus,
> after generating your (full-)AOT .so files, it should be possible to
> "strip" the IL in your assemblies, leaving only type and member
> declarations but no method IL. I'm fairly sure such tools already
> exist, though I can't think of anything offhand.
> As mentioned earlier, this will "kill" portability to different ABIs,
> but that may not be very important for your use case.
> - Jon
> Mono-list maillist - Mono-list at lists.ximian.com
More information about the Mono-list