.NET 源代碼的安全性(源代碼工具真正比拼) (論)(3)
上面我們展現了反編譯技術對混淆過後代碼的比較,我們清楚的看到了三個工具的強大性.從C#的反編譯結果上來說,無疑MaxtoCode是最優秀的,它已經完全的杜絕你的源代碼外泄.
但C#只是一種高級語言,我們希望更底層一點,希望讀到更深層的代碼MSIL,那麼,現在讓我們來用各種工具取得它的MSIL代碼吧.
源文件的MSIL代碼如下:
{
// Code Size: 84 byte(s)
.maxstack 5
.locals (
string text1,
int32 num1,
int32 num2,
string text2,
string text3,
int32 num3,
int32 num4)
L_0000: nop
L_0001: ldstr "a#2151336fdaghksfges"
L_0006: stloc.3
L_0007: ldarg.1
L_000d: stloc.1
L_000e: ldc.i4.0
L_000f: stloc.s num3
L_0011: ldc.i4.0
L_0012: ldloc.1
L_0013: ldc.i4.1
L_0014: sub.ovf
L_0015: stloc.s num4
L_0017: stloc.2
L_0018: br.s L_0048
L_001a: ldloc.s text3
L_001c: ldarg.1
L_001d: ldloc.2
L_001e: ldc.i4.1
L_0024: ldloc.3
L_0025: ldloc.s num3
L_0027: ldc.i4.1
L_0032: stloc.s text3
L_0034: ldloc.s num3
L_0036: ldc.i4.1
L_0037: add.ovf
L_0038: stloc.s num3
L_003a: ldloc.s num3
L_003c: ldc.i4.s 20
L_003e: blt.s L_0043
L_0040: ldc.i4.0
L_0041: stloc.s num3
L_0043: nop
L_0044: ldloc.2
L_0045: ldc.i4.1
L_0046: add.ovf
L_0047: stloc.2
L_0048: ldloc.2
L_0049: ldloc.s num4
L_004b: ble.s L_001a
L_004d: ldloc.s text3
L_004f: stloc.0
L_0050: br.s L_0052
L_0052: ldloc.0
L_0053: ret
}
{
// Code Size: 44 byte(s)
.maxstack 5
.locals (
[mscorlib]System.Text.ASCIIEncoding encoding1,
string text1)
L_0000: nop
L_0001: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()
L_0006: stloc.1
L_000c: stloc.0
L_000d: ldloc.0
L_000e: ldloc.1
L_000f: ldloc.0
L_0010: ldarg.0
L_0011: ldarg.1
L_001c: ldc.i4.0
L_001d: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)
L_0027: stloc.2
L_0028: br.s L_002a
L_002a: ldloc.2
L_002b: ret
}
1. Dotfuscator Community Edition MSIL
{
// Code Size: 84 byte(s)
.maxstack 5
.locals (
string text1,
int32 num1,
int32 num2,
string text2,
string text3,
int32 num3,
int32 num4)
L_0000: nop
L_0001: ldstr "a#2151336fdaghksfges"
L_0006: stloc.3
L_0007: ldarg.1
L_000d: stloc.1
L_000e: ldc.i4.0
L_000f: stloc.s num3
L_0011: ldc.i4.0
L_0012: ldloc.1
L_0013: ldc.i4.1
L_0014: sub.ovf
L_0015: stloc.s num4
L_0017: stloc.2
L_0018: br.s L_0048
L_001a: ldloc.s text3
L_001c: ldarg.1
L_001d: ldloc.2
L_001e: ldc.i4.1
L_0024: ldloc.3
L_0025: ldloc.s num3
L_0027: ldc.i4.1
L_0032: stloc.s text3
L_0034: ldloc.s num3
L_0036: ldc.i4.1
L_0037: add.ovf
L_0038: stloc.s num3
L_003a: ldloc.s num3
L_003c: ldc.i4.s 20
L_003e: blt.s L_0043
L_0040: ldc.i4.0
L_0041: stloc.s num3
L_0043: nop
L_0044: ldloc.2
L_0045: ldc.i4.1
L_0046: add.ovf
L_0047: stloc.2
L_0048: ldloc.2
L_0049: ldloc.s num4
L_004b: ble.s L_001a
L_004d: ldloc.s text3
L_004f: stloc.0
L_0050: br.s L_0052
L_0052: ldloc.0
L_0053: ret
}
{
// Code Size: 44 byte(s)
.maxstack 5
.locals (
[mscorlib]System.Text.ASCIIEncoding encoding1,
string text1)
L_0000: nop
L_0001: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()
L_0006: stloc.1
L_000c: stloc.0
L_000d: ldloc.0
L_000e: ldloc.1
L_000f: ldloc.0
L_0010: ldarg.0
L_0011: ldarg.1
L_001c: ldc.i4.0
L_001d: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)
L_0027: stloc.2
L_0028: br.s L_002a
L_002a: ldloc.2
L_002b: ret
}
評價:還是和源代碼基本上一樣…我不知道把這種東西給我們有什麼意思
2. XeonCode MSIL
{
// Code Size: 105 byte(s)
.maxstack 6
.locals (
string text1,
int32 num1,
int32 num2,
string text2,
string text3,
int32 num3,
int32 num4)
L_0000: ldstr "/uec3b/uf2fa/ufa06/u0102/u0803/u0efc/u15fb/u1cf8/u23f8/u2b25/u3220/u391a/u401d/u471b/u4e1b/u5520/u5c10/u630e/u6a09/u7114"
L_0005: ldc.i4 281144282
L_0014: stloc.3
L_0015: ldarg.1
L_001b: stloc.1
L_001c: ldc.i4.0
L_001d: stloc.s num3
L_001f: br.s L_0043
L_0021: stloc.s text3
L_0023: ldloc.s num3
L_0025: br.s L_0030
L_0027: ldc.i4.s 20
L_0029: blt.s L_0038
L_002b: ldc.i4.0
L_002c: stloc.s num3
L_002e: br.s L_0038
L_0030: ldc.i4.1
L_0031: add.ovf
L_0032: stloc.s num3
L_0034: ldloc.s num3
L_0036: br.s L_0027
L_0038: ldloc.2
L_0039: ldc.i4.1
L_003a: add.ovf
L_003b: stloc.2
L_003c: ldloc.2
L_003d: ldloc.s num4
L_003f: ble.s L_004c
L_0041: br.s L_0066
L_0043: ldc.i4.0
L_0044: ldloc.1
L_0045: ldc.i4.1
L_0046: sub.ovf
L_0047: stloc.s num4
L_0049: stloc.2
L_004a: br.s L_003c
L_004c: ldloc.s text3
L_004e: ldarg.1
L_004f: ldloc.2
L_0050: ldc.i4.1
L_0056: ldloc.3
L_0057: ldloc.s num3
L_0059: ldc.i4.1
L_0064: br.s L_0021
L_0066: ldloc.s text3
L_0068: ret
}
{
// Code Size: 39 byte(s)
.maxstack 6
.locals (
[mscorlib]System.Text.ASCIIEncoding encoding1,
string text1)
L_0000: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()
L_0005: stloc.1
L_000b: stloc.0
L_000c: ldloc.0
L_000d: ldloc.1
L_000e: ldloc.0
L_000f: ldarg.0
L_0010: ldarg.1
L_001b: ldc.i4.0
L_001c: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)
L_0026: ret
}
評價:有點花指令,不過在MSIL的狀態下,源碼的邏輯盡顯無疑,也可以暢讀一番,不太理想
3. MaxtoCode MSIL
{
}
{
}
評價:依然無法看到代碼,那怕是較底層的MSIL也無法看見.這下應該安全了.
以上的比較讓您更清楚誰對您的知識產權保護更完美了吧。
排除代碼層面上的因素,我們再看看其它方面吧。
待續。。。
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.