C# – Protecting the code from reverse engineering


As discussed in similar questions here and here I want to protect my code from reverse engineering.

My situation is as Simucal describes in his (excellent) answer here:

Basically, what it comes down to is
the only chance you have of being
targeted for source theft is if you
have some very specific, hard to
engineer, algorithm related to your
domain that gives you a leg up on your
competition. This is just about the
only time it would be cost-effective
to attempt to reverse engineer a small
portion of your application.

I have exactly this situation. A hard to engineer algorithm which is elegant and valuable for our specific domain.

After spending months fine tuning and developing this the end result is very compact (approx. 100 lines of code) and elegant. I want to protect this specific part of the code from reverse engineering or at least make it reasonable difficult.

The scenario is a rich-client application written in C# and I have to deploy this part of the code – I cannot execute it from a webservice.

I think extracting the code and rewriting it in a unmanaged native binary is not an option due to performance reasons (and cross boundary issues).

Initially I wanted to do simple obfuscation but given the small size of the code I don't think this will offer much protection.

Ideally I would like to protect my whole application but there are two main issues that seem to make ordinary obfuscaters and 3rd party packers difficult to use:

  1. The application offers a plugin interface and therefore some assemblies (and interfaces/classes) should not be obfuscated and packed

  2. We still want to be able to get to a real stack trace when receiving error reports – potentially this could be done my mapping obfuscation to the real code.

Setting these issues aside (although I would appreciate any input on this as well), what is a good way to protect a tiny part of my code from reverse engineering? I am not concerned about anyone altering or hacking the code but want to make it difficult to understand and reverse engineer it.

Best Solution

You should obfuscate the complete code since it gets harder to reach that small valuable part. The smaller the code gets, the easier it becomes to understand it. Most obfuscators should not mess with public interfaces since there are many obfuscated libraries out there.

However I think you should rather convince users that there are no special tricks there instead of trying to hide it. To quote Kaiser Soze, "the greatest trick The Devil has ever pulled is to convince the world that he doesn't exist".

And of course you can always file a patent for your invention and protect yourself legally.