DeployLX Software Protection System

Code Encryption

Each assembly contains Microsoft Intermediate Language (MSIL) instructions that are executed by the .NET runtime when your application is run on the user's machine. MSIL instructions are interpreted by the .NET runtime and converted to native machine instructions understood by the machine the application is running on. This intermediate state makes it simple for tools like .NET Reflector and ILDASM to read your code and reveal them to unauthorized users. Some tools are also able to translate this code to their original language like C# or Visual Basic that are remarkably similar to the original source.

Obfuscation does not have any effect at all on these MSIL instructions. Obfuscation simply changes the names of classes, methods, etc. but still leaves the code in a readable state. By adding encryption you add an additional layer of security that makes it significantly more difficult for unauthorized users to read your source code or modify your assembly. When your assembly is processed by CodeVeil, all the MSIL for encrypted methods is stripped from the assembly and encrypted in secure storage in that assembly. When the assembly is loaded the CodeVeil runtime-executive assumes control of portions of the .NET runtime and manages decrypting the MSIL as needed. The decrypted MSIL is never stored in memory where it can be dumped with the assembly so that a hacker can't ever dump the assembly back to its original unencrypted state.

Some other protection companies have argued that encryption offers no additional security because the application must be decrypted in memory and the key most be stored in the assembly. Even though the key is stored in the application that does not make is insecure. In fact the key itself is not as important as the transformation of the data itself. CodeVeil also uses many runtime-protection operations to frustrate hackers attempting to capture the decrypted assembly. In addition CodeVeil uses a very special decryption system that decrypts only enough information for the .NET runtime to execute that specific method. The code is never stored in the same memory as the assembly itself so the decrypted code cannot be dumped to disk for analysis.

Using Code Encryption

To enable Code Encryption

To enable Code Encryption for only a specific set of methods

Using Code Encryption in your assembly will change the minimum system requirements of your end users. Please see the System Requirements topic for details.

See Also