Cheat Engine

NINTENDO

Some people say that .net is not secure and that you can easily get the source code if it is not obfuscated. Is this true? and How would I hack my own app to get it's source code after I have released it.

Thx
Me

Slugsnack · Posted: Fri Sep 10, 2010 9:41 am Post subject:

As with most interpreted languages, .NET applications tend to be easily decompilable. This is not the same as getting the source code. You can quite possibly get something that looks very very similar to the source code however. You will on the other hand, lose a lot of the things that make the source useful, symbol names, etc.

To try it out simply find a decompiler and put your application through it. Reflector is an example of a .NET decompiler.

hcavolsdsadgadsg · Posted: Fri Sep 10, 2010 2:27 pm Post subject:

you can definitely pick apart obfuscated stuff but it's kinda tedious.

you'd probably end up with a bunch of stuff that looks like:

a.f();
b.f();
a.d = c;

Jani · Posted: Fri Sep 10, 2010 3:39 pm Post subject:

Jorg hi · Posted: Fri Sep 10, 2010 7:05 pm Post subject:

atom0s · Posted: Fri Sep 10, 2010 8:01 pm Post subject:

Stock compiled applications with .NET have no security at all. Hard coding anything like passwords or other sensitive information is completely pointless and will just lead to your program being cracked in minutes.

You can obfuscate your program, but it only adds a minor level of security to the program, and most of the obfuscators have deobfuscators already made. Some wont work on large scale projects, but for the most part you can still easily debug something that's obfuscated and manage to get what you need.

If you wish to learn more about .NET specifically:
http://www.microsoft.com/net/
http://en.wikipedia.org/wiki/.NET_Framework

If you are looking into coding with .NET, I would personally suggest and recommend using Visual Studio. Which you can download the free Express edition from Microsoft:
http://www.microsoft.com/express/

AhMunRa · Posted: Fri Sep 10, 2010 10:09 pm Post subject:

.NET is a decent platform, you can develop web apps literally in minutes that would take alot longer in other languages.

Reflector will decompile .NET code and it does give somewhat of an idea what the code is doing. I have seen other decompilers that are much better than Reflector for .NET even going so far as to break down functions into something more readable.

Of course the functions and any variables that go along with it are all along the lines of func1(vara, varb, stringa); but it still does one hell of a job.

For the record, there is a difference between machine code and source.

Jorg hi · Posted: Sat Sep 11, 2010 9:08 am Post subject:

Thats why you convert you encrypt/('create new interpretation') of your .NET exe and create your own launcher to reinterpret it back to MachineCode during runtime. Smile

atom0s · Posted: Sat Sep 11, 2010 8:03 pm Post subject:

Polynomial · Posted: Mon Sep 13, 2010 8:02 pm Post subject:

You can use {smartassembly} to obfuscate your .NET binaries. The result is immensely difficult to de-mung since names entirely made up of non-ascii characters are selected. It also offers control flow obfuscation (e.g. replacing function calls with reflection invokes, adding proxy methods, etc) which makes the flow of the program difficult to understand. It also has the ability to insert jargon streams into the binary and mess with the headers to fool debuggers and decompilers. There's also other options such as string encryption and modification protection.

The great thing is that it saves a name translation database during the obfuscation process, and it comes with an addon for VS that allows you to debug with the names automatically de-munged.

TROLOLOLOLOLOLOLOLOLOLOLO · Posted: Mon Sep 13, 2010 9:16 pm Post subject:

InternetIsSeriousBusiness · Posted: Mon Sep 13, 2010 9:19 pm Post subject:

I like C++ .net the best.

Polynomial · Posted: Tue Sep 14, 2010 8:36 am Post subject:

atom0s · Posted: Tue Sep 14, 2010 3:58 pm Post subject:

Polynomial · Posted: Wed Sep 15, 2010 8:06 am Post subject: