قالب وردپرس درنا توس
Home / Tips and Tricks / What is code corruption and should you use it? – CloudSavvy IT

What is code corruption and should you use it? – CloudSavvy IT



Doubtful coding?

Some languages ​​such as Java and .NET can be easily decompiled into readable source code. Code deletion is a process that makes it more difficult to read software applications with a decompiler. It is an important tool for protecting your company’s intellectual property rights.

Why obscure the code?

Compiled languages ​​such as C ++ are converted directly to bytecode. The only way to rework how they work is with a disassembler, which is a difficult and complicated process. It is not impossible, but trying to derive high-level application logic from a stream of mounting languages ​​is difficult.

On the other hand, languages ​​like C # and Java are not compiled for any particular operating system. Rather, they are compiled into an intermediate language, such as .NET̵

7;s MSIL. The intermediate language is similar to assembly, but it can be easily converted back to the source code. This means that if you have a public DLL or executable file that your company distributes, anyone with a copy of your executable can open it in a .NET decompiler like dotPeek and directly read (and copy) your source code.

Code corruption can not prevent this process – any .NET DLL can be connected to a decompiler. What eclipse does is use a number of tricks to create the source code annoying as hell to read and troubleshoot.

The simplest form of this is to rename devices. It is common to correctly specify variables, methods, classes and parameters according to what they do. But you do not have to, and technically there is nothing to stop you from naming them in a series of lowercase and lowercase letters or random combinations of Chinese unicode characters. There is no problem for the computer, but it is completely illegible for a human being:

IlIIIIlIIIllIIIllIIll
lIIIllIIllIlIIIIlIIIl

A basic obfuscator handles this process automatically, taking output from the building and converting it into something that is much harder to read. There is no performance hit compared to non-obscure code

More advanced confusers can go further and actually change the structure of your source code. This includes replacing control structures with more complicated but semantically identical syntax. They can also insert dummy code that does nothing but confuse the decompiler. The effect of this is that it makes your source look like spaghetti code, which makes it more annoying to read.

Another common focus is to hide strings from decompilers. In managed executable files, you can search for strings as error messages to find code snippets. String embedding replaces strings with encoded messages that are decrypted while running, making it impossible to search for them from a decompiler. This usually comes with a performance penalty.

There are plenty of options for diffusers, but it depends on the language you are clouding. For .NET, there is Obfuscar. For Java, there is ProGuard. For JavaScript, there is a javascript obfuscator.

Other options: Convert to a compiled language

Converting one programming language to another is not a completely crazy idea – Unity uses IL2CPP, a converter that converts .NET code to compiled C ++ bytecode. It is much more efficient, but it also helps secure games against simple cracking, which is crucial for an environment plagued by piracy and cheaters.

Microsoft has CoreRT, an experimental .NET Core runtime with Ahead-Of-Time compilation, but it is not ready for production use.

Are you going to obscure?

If you distribute code in unreliable environments where you want to protect your source code, you should almost always use at least one basic obfuscator to rename functions, methods, and properties to make decompilation a little more effort.

If you really no one needs to be able to decompile your app, you can use a more intrusive obfuscator, but really you should consider whether the problem would be solved better by switching to a language that does not have this problem, such as C ++ or Rust.


Source link