Dynamic decrypting and compiling of source code

StackOverflow https://stackoverflow.com/questions/21449225

Question

I am having the following scenario:
I need to dynamically compile an assembly at client machine, so currently I am deploying the source of that assembly along with my primary executable and then using MSBuild to dynamically compile the source into an assembly.
Since I don't want to openly distribute my source along with the application, I am thinking of shipping the encrypted source files and then decrypting it at client machine before building. But even here, anyone can stop the execution after decrypting point and my source will be there unencrypted before it is compiled and source deleted.
Is there a way I can protect my source and at the same time compile it at the client location?

PS: I know it is best to stop worrying about theft of source code but I also don't want to make it available so easily to a script kiddie.


Edit: I probably need an obfuscating tool which converts source code into obfuscated code (not obfuscated assembly). Then, I can ship this obfuscated code along with my application and compile it on the fly.

Was it helpful?

Solution

You could make use of Obfuscation (Obfuscation in .NET), which essentially will make your code difficult to understand for a human reader.

If that still doesn't cut it for you, then you might consider creating your logic as web services and you then simply expose your API instead of the entire solution. That being said, this will most likely end up being more work since you will have to create a client application which will consume your web services.

EDIT: As per your comment, you might want to take a look at this MSDN page which shows how can the obfuscation process be automated by calling Dotfuscator. This should ship freely with your IDE. In my case, I have an MSI file (I think you need to install it first) located here: {VS2010 ISO}\WCU\Dotfuscator\DotfuscatorCE.msi

OTHER TIPS

Random suggestions:

For slightly hiding code you can embed it as resources into your assemblies and save before compiling.

As additional step you can save as IL instead of C# - may be more painful to do but harder to read (especially if you use IL of obfuscated code).

Or use CodeDOM or IL builders to create assemblies from code directly.

Indeed it may be better to reorganize code so you don't need to include your code at all and just add client's code...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top