".NET code can still be decompiled even if you use an obfuscator." True??

I don't know how easy .net code is to decompile, but as far as obfuscation, it doesn't prevent decompilation just makes it very hard to understand the code that is decompiled.

Why don't you try it yourself:

http://www.aisto.com/roeder/dotnet/

Check out Reflector.

It's easy to decompile .net applications, and the results are generally quite readable. An obfuscator doesn't stop them from being decompilable, but the results are much harder to read. For example, method and variable names are turned to strings of random characters which makes understanding the code a nightmare.

dotNet Protector (http://dotnetprotector.pvlog.com/) wraps your application in a Win32 executable so it can't be decompiled, and I'm sure there are other tools out there that do the same.

Is your code really that valuable?

I'm sure there are a lot better technologies then the one you coded up for your game available cheaply or freely. Customers arn't bying code when they buy your game, as long as it runs on their machiene, the only thing they are paying you for is the art and design.

Thats why people clone right? code is the easy part, it's design that's worth something. Another developer is far more likely to rip off your design then your code. :)

Hehehe.. you said "code is the easy part".. please.. you WERE joking right?

Tell it to my students.

What I mean is that with all the technology that exists out there now for making games, hooking up all the little prefab components you get is hardly as valuable as knowing what do do with them.

Sure you can still code those things from scratch and that is difficult, but the fact its it's really not necessary to do that anymore. We aren't far from the time when someone with a basic knowledge of VB can make very nice looking games. Hey Whats that? Blitz? oh ya.. they are! :eek:

Hehehe.. you said "code is the easy part".. please.. you WERE joking right?
It totally is. No different than applying yourself to art, or other disciplines. You may start off with stick figures, but in time you make your way to portraits or other stylized mischief. Lots of effort goes in to making programming easier. A shame you don't see people making art easier.

--

I don't want to alarm you guys. There's this dangerously evil and malicious class of software out there. They live in the shady corners of cyberspace, and hang out in dank places like bin and usr/local/bin. They're known as, the DISASSEMBLER. This vile software can "decompile" even the most critical code, your operating system. Soon dangerous disassembler users will be stealing everything, not only dot net code, and releasing their own copy games and OS's. Oh noes! Computers are ending soon!

".NET code can still be decompiled even if you use an obfuscator." True??

100% true. But unless you have some trade secret algorithm I don't think you should worry about it. The cool part is you can look at any managed dll using ildasm.exe including any framework dll. (you can find them under C:\WINDOWS\Microsoft.NET\Framework.) I find it useful to use when I want to know a little more about what microsoft is doing behind the scenes.

Here is MS’s tutorial: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptutorials/html/IL_DASM_Tutorial.asp

Goggle around and you’ll find all kinds of stuff.

I’ve yet to find a good source for looking up the IL commands, but most of the ones I’ve come across so far I figured out because of the context.

MrPhil, you can use Reflector (http://www.aisto.com/roeder/dotnet/) to view the .Net Framework DLLs instead of ildasm. I do this all the time when the help entry for a class or method isn’t clear enough or I’m curious about the MS implementation.

When I added support for XAct (new MS Audio API that will replace DirectSound) to my game, the MS documentation was crap. I had to use Reflector on the Managed DirectX assemblies to see what was going on. Without Reflector (or reflection in general) I’d still be waiting for MS to get back to me.

To show how easy it is, I've attached a screenshot of Reflector viewing the object hierarchy of Managed Direct3D and the decompiled source code for the AnimationController constructor.

As for obfuscation, I agree with Dan. There’s no need to obfuscate games, with a few exceptions. There may be things you don’t want end-users to see or have access too, but this data can be stored in encrypted files.

I recently shipped a commercial .Net application (not a game) and the code contained some trade-secrets that forced us to obfuscate the assemblies. We used Dotfuscator (http://www.preemptive.com/products/dotfuscator/index.html), which is probably the best .Net obfu tool available right now. It has many advanced obfu features and integrates seamlessly into Visual Studio.Net as a new type of project in your solution. Once you configure a few basic settings, obfuscation is simply a part of the build process. It’s a little pricey for at @ $3000 US per developer, but if you REALLY need to obfuscate your .Net code, this is money well spent and I highly recommend it.

I wonder what would come out of the disassembler if you fed it some IronPython compiled code. Is that possible? Would that make it a de facto Python to C# translator?

Java is easy to decompile too, but I don't think there's much to see/steal, when there's LWJGL and SPGL already available...

As for obfuscation, I agree with Dan. There’s no need to obfuscate games, with a few exceptions. There may be things you don’t want end-users to see or have access too, but this data can be stored in encrypted files.

Assuming that the game decrypts this encrypted data, they can get both the key and the decryption algorithm by decompiling.

Assuming that the game decrypts this encrypted data, they can get both the key and the decryption algorithm by decompiling.
Not necessarily, Rainer.

First, there is nothing secret or obfuscated about (good) encryption algorithms. Knowing which one was used won’t help you crack the encryption. If you don't want people to know what algoritm you use, you should probably choose a different one ;)

Second, there are ways to encrypt and decrypt data WITHOUT storing a plain-text version of the key anywhere. Most notably the DPAPI (Data Protection API) (http://www.codeproject.com/system/protected_data.asp) in Windows, which essentially encrypts/decrypts data using the current machine or user credentials as a key.

Mot, you are correct, a .Net assembly written in IronPython can be decompiled into C# or any supported .Net language. Send me one and I’ll prove it ;)

All .Net source code is “compiled” into MSIL (Microsoft Intermediate Language), a CPU-independent instruction set. Unlike unmanaged code, .Net assemblies are not native object code when they are distributed to users, and decompiling the MSIL code is easy since the gnarly, CPU dependant stuff is done later by the JIT.

Right before an assembly is executed for the first time on a machine, the Just-In-Time (JIT) compiler (part of the .Net runtime) compiles the MSIL code into native object code. The JIT can also optimize the native code for the specific CPU it will be run on, instead of relying on the most compatible instruction set. This will also allow .Net code to use the Itaniums strange instruction set without even requiring a recompile.

Wohoo, this post elevated me from Junior Member to Member. Can someone teach me the secret handshake now?

First, there is nothing secret or obfuscated about (good) encryption algorithms. Knowing which one was used won’t help you crack the encryption. If you don't want people to know what algoritm you use, you should probably choose a different one ;)

Second, there are ways to encrypt and decrypt data WITHOUT storing a plain-text version of the key anywhere. Most notably the DPAPI (Data Protection API) (http://www.codeproject.com/system/protected_data.asp) in Windows, which essentially encrypts/decrypts data using the current machine or user credentials as a key.

The point is that users can easily get to the decrypted data if they have access to the source code to the program that decrypts it. This level of "security" can be trivially broken by anyone who can use a decompiler and knows a .NET language. If you're only interested in stopping casual snooping, you don't need real encryption. If you want to stop serious hackers, encryption won't even slow them down if they have access to the unobfuscated source code of a program that can decrypt the data without needing an external key.

I wonder what would come out of the disassembler if you fed it some IronPython compiled code. Is that possible? Would that make it a de facto Python to C# translator?

That is a really interesting question. Why don't you try it and let us know what happened? :)

Is your code really that valuable?

I'm sure there are a lot better technologies then the one you coded up for your game available cheaply or freely. Customers arn't bying code when they buy your game, as long as it runs on their machiene, the only thing they are paying you for is the art and design.


Zuma in .net would have been casual cloner heaven.

Hmm.. now you got me thinking about a Lands of Legend clone. :)

Hmm.. now you got me thinking about a Lands of Legend clone. :)

hehe... just port it to C++/DirectX 7 first. ;)

MrPhil, you can use Reflector (http://www.aisto.com/roeder/dotnet/) to view the .Net Framework DLLs instead of ildasm. I do this all the time when the help entry for a class or method isn’t clear enough or I’m curious about the MS implementation.
Hey that looks like a very handy tool! Thanks!

We used Dotfuscator, which is probably the best .Net obfu tool available right now

When I checked out Dotfuscator, the UI was a mess.

I think this obfuscator is the best: http://www.xenocode.com