5 replies to this topic

[Neophyte]

My question is basically as per the topic suggests:

 

Can the app code deployed from Visual Studio onto the Netduino Plus 2 be copied by someone else for reverse engineering? Is there a reliable way of protecting the code?

 

Reason I am asking is purely to be able to give my client an educated answer as it is a solution we want to go to market with soon.

[JerseyTechGuy]

It's very difficult to de-compile the source once you get it off the Netduino. As with all .NET assemblies you can probably take it back to IL but it's pretty useless.  I haven't tried with NETMF but I'm sure you can probably Obfuscate your code.

[CW2]

Technically, there is almost no way to protect against reverse engineering, but it is very unlikely for it to happen for your application, unless you are creating something very attractive (*). Even if you enable the hardware read protection fuses, which guards against the vast majority of attempts, a truly dedicated hacker can dissolve the chip package and access the chip's internal circuitry directly. It requires very expensive equipment (millions of $), but it can be done...

 

(*) And it is also possible to simply mimic the behavior of your application, without the need to actually reverse engineer anything, given the limited resources of the microcontroller board.

[Nevyn]

It's very difficult to de-compile the source once you get it off the Netduino. As with all .NET assemblies you can probably take it back to IL but it's pretty useless.  I haven't tried with NETMF but I'm sure you can probably Obfuscate your code.

 

Have a look at ILSpy - translate you IL into VB or C#.  That's a free option.

 

Reflector does the same but is no longer free.

 

For me it's not a question about the disassembly back to source, it's more of a question of can you get the exe/dll's off of the Netduino.

 

For instance, this c# code:

public static void Main(){    BasicModule myModule = null;    while (myModule == null)    {	    try	    {		    myModule = new BasicModule();	    }	    catch (Exception ex)	    {		    Debug.Print("Exception: " + ex.Message);	    }    }    while (true)    {	    for (byte index = 0; index < 100; index++)	    {		    Debug.Print("Adding 5 to " + index.ToString() + " gives: " + myModule.AddFive(index));		    Thread.Sleep(2000);	    }    }}

 

When compiled and then presented to ILSpy is generates this C# code:

 

public static void Main(){BasicModule myModule = null;while (myModule == null){  try  {   myModule = new BasicModule();  }  catch (Exception ex)  {   Debug.Print("Exception: " + ex.get_Message());  }}while (true){  for (byte index = 0; index < 100; index += 1)  {   Debug.Print(string.Concat(new object[]   {    "Adding 5 to ",    index.ToString(),    " gives: ",    myModule.AddFive(index)   }));   Thread.Sleep(2000);  }}}

So it's not the original but it's close enough.

 

You'd need to look at some obfuscation tools - there are some out there but I've never used them.

 

Regards,

Mark

[Neophyte]

Thanks guys...much appreciated

[ziggurat29]

... a truly dedicated hacker can dissolve the chip package and access the chip's internal circuitry directly. It requires very expensive equipment (millions of $), but it can be done...

fyi if you ever do find need to be 'a truly dedicated hacker', you can deencapsulate the without incurring the equipment expense by sending it to a failure analysis lab, e.g.

http://www.eaglabs.com/mte/

and theyll do it for you for under $100 and send it back to you.  bonding wires still intact (but Id send a couple samples just in case).