Obsfucation


Some people asked me about obsfucation and IP protection.

Myself is strongly against obsfucation. And I believe as a platform vendor, it is critical that we ship our framework without obsfucation.

Fortunately, most people do agree with me. And we do ship .Net framework not obsfucated.

But I do understand why you need obsfucation.

This MSDN page discusses .Net obsfucation. It uses Dotfuscator by PreEmptive Solutions as an example. But the concept can be applied to other obsfucators.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dotfuscator/dotf3e5x.asp

If you want to find a commercial obsfucator, google and you will find some.

Comments (4)

  1. Smeghead says:

    This is what PATENTS (when theyre not being ABUSED) is for, so we dont need to OBSFUCATE. If its worth protecting then its worth patenting. Simple.

    Reverse Engineering is LEGAL in the EU under EU Directives for market fairness and interop. If a company does NOT give you specs on a protocol or a way to interop, or information you are LEGALLY PERMITTED to reverse engineer it under EU law to prevent monopoly abuse.

    Before you argue this is not the case, go read the EU Directives.

    Could open up new market oppertunities for reverse engineering that cant be done elsewhere.

  2. Kevin Westhead says:

    But doesn’t a public API count as a protocol and provide a means for interop? The API could provide access to some very clever algorithms that a company has invested heavily (time and money) in developing. It seems perfectly reasonable to want to protect that investment and the road to gaining a patent is not a short one. Patents are also not a guarantee of protection as they can be legally challenged and defeated. There is also the possiblity that someone could learn from examining an implementation and develop an alternative without infringing the original patent, so it seems to me that there is a legitimate need for obfuscation as a means of raising the bar on the ease of reverse engineering.

    Having said that, I agree that the .NET Fx should not be obfuscated.

  3. For products in highly competitive, highly specializes field, you may want to use obsfucation. But of course, you can also develop the sensitive piece in unmanaged code, and use managed code for the rest, and use interop to connect the two.

    For .Net Framework, the goal is reach. It will be a disaster if we shipped it obsfucated. Just imagine how we are going to support it.