When you compile a program written for the Microsoft .NET framework, the program you provide to your users is not compiled into a native executable program, but instead is translated into something called the Common Intermediate Language instructions (CIL). CIL is half way between source code and native code, and is interpreted by the .NET framework when your program is run, rather than executed directly as machine code. Because of this, the source code of your application or library can be easily reproduced. Tools such as .NET Reflector (www.red-gate.com/products/reflector/) can reproduce source code from a compiled .NET assemblies in seconds, and in the .NET language of your choice! Clearly, commercial software distributed to end users without some form of protection is wide open to piracy and intellectual property theft.
So why is obsfucation not enough?
Obfuscation is the process of making your source code more difficult (but not impossible) for humans to understand. Obfuscation works by replacing the meaningful names you assign to classes, methods, properties and variables with meaningless ones. For example, it may replace a variable name of "counter" with "A4DF3CV89G" - to humans these obfuscated names are confusing and difficult to remember, but have no effect on the NET Framework interpreter. Note that obfuscation does nothing to the source code within your methods, so it is not protected at all by obfuscation. .NET Reactor does everything an obfuscator does, but then wraps your intellectual property in several more layers of protection, denying access to your source code to even those who are determined to steal your hard work. .NET Reactor's protection has never been cracked, something which cannot be said about obfuscators.
.NET Reactor [126.96.36.199] *05-Jun-2014
- [+] Improved NecroBit protection
- [+] Improved string encryption
- [+] Improved resource encryption and compression
- [+] Improved 'Inject Invalid Metatada' feature
- [+] New internal encryption algorithms to prevent static analysis by decompiler/deprotector
- [!] Fixed issue failing Windows Store Apps certification
- [!] Fixed issue affecting MarshalAsAttribute using UnmanagedType.SafeArray as paramter
- [!] Fixed control flow obfuscation issue
- [!] Fixed Anti ILDASM problem in case the base type of a class is SafeHandle
- [!] Fixed bug affecting unhandled exception handlers
- [!] Fixed minor bugs