.NET 源代碼的安全性(源代碼工具真正比拼) (論)（3）

上面我們展現了反編譯技術對混淆過後代碼的比較,我們清楚的看到了三個工具的強大性.從C#的反編譯結果上來說,無疑MaxtoCode是最優秀的,它已經完全的杜絕你的源代碼外泄.

 

但C#只是一種高級語言,我們希望更底層一點,希望讀到更深層的代碼MSIL,那麼,現在讓我們來用各種工具取得它的MSIL代碼吧.

 

源文件的MSIL代碼如下:

.method private instance string Encrypt(string inStr) cil managed

{

      // Code Size: 84 byte(s)

      .maxstack 5

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: nop

      L_0001: ldstr "a#2151336fdaghksfges"

      L_0006: stloc.3

      L_0007: ldarg.1

      L_0008: callvirt instance int32 string::get_Length()

      L_000d: stloc.1

      L_000e: ldc.i4.0

      L_000f: stloc.s num3

      L_0011: ldc.i4.0

      L_0012: ldloc.1

      L_0013: ldc.i4.1

      L_0014: sub.ovf

      L_0015: stloc.s num4

      L_0017: stloc.2

      L_0018: br.s L_0048

      L_001a: ldloc.s text3

      L_001c: ldarg.1

      L_001d: ldloc.2

      L_001e: ldc.i4.1

      L_001f: callvirt instance string string::Substring(int32, int32)

      L_0024: ldloc.3

      L_0025: ldloc.s num3

      L_0027: ldc.i4.1

      L_0028: callvirt instance string string::Substring(int32, int32)

      L_002d: call string string::Concat(string, string, string)

      L_0032: stloc.s text3

      L_0034: ldloc.s num3

      L_0036: ldc.i4.1

      L_0037: add.ovf

      L_0038: stloc.s num3

      L_003a: ldloc.s num3

      L_003c: ldc.i4.s 20

      L_003e: blt.s L_0043

      L_0040: ldc.i4.0

      L_0041: stloc.s num3

      L_0043: nop

      L_0044: ldloc.2

      L_0045: ldc.i4.1

      L_0046: add.ovf

      L_0047: stloc.2

      L_0048: ldloc.2

      L_0049: ldloc.s num4

      L_004b: ble.s L_001a

      L_004d: ldloc.s text3

      L_004f: stloc.0

      L_0050: br.s L_0052

      L_0052: ldloc.0

      L_0053: ret

}

 

.method private instance string Register(string instr) cil managed

{

      // Code Size: 44 byte(s)

      .maxstack 5

      .locals (

            [mscorlib]System.Text.ASCIIEncoding encoding1,

            [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: nop

      L_0001: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()

      L_0006: stloc.1

      L_0007: newobj instance void [mscorlib]System.Text.ASCIIEncoding::.ctor()

      L_000c: stloc.0

      L_000d: ldloc.0

      L_000e: ldloc.1

      L_000f: ldloc.0

      L_0010: ldarg.0

      L_0011: ldarg.1

      L_0012: callvirt instance string TestRegister.Form1::Encrypt(string)

      L_0017: callvirt instance unsigned int8[] [mscorlib]System.Text.Encoding::GetBytes(string)

      L_001c: ldc.i4.0

      L_001d: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)

      L_0022: callvirt instance string [mscorlib]System.Text.ASCIIEncoding::GetString(unsigned int8[])

      L_0027: stloc.2

      L_0028: br.s L_002a

      L_002a: ldloc.2

      L_002b: ret

}

 

1.      Dotfuscator Community Edition MSIL

.method private instance string b(string A_0) cil managed

{

      // Code Size: 84 byte(s)

      .maxstack 5

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: nop

      L_0001: ldstr "a#2151336fdaghksfges"

      L_0006: stloc.3

      L_0007: ldarg.1

      L_0008: callvirt instance int32 string::get_Length()

      L_000d: stloc.1

      L_000e: ldc.i4.0

      L_000f: stloc.s num3

      L_0011: ldc.i4.0

      L_0012: ldloc.1

      L_0013: ldc.i4.1

      L_0014: sub.ovf

      L_0015: stloc.s num4

      L_0017: stloc.2

      L_0018: br.s L_0048

      L_001a: ldloc.s text3

      L_001c: ldarg.1

      L_001d: ldloc.2

      L_001e: ldc.i4.1

      L_001f: callvirt instance string string::Substring(int32, int32)

      L_0024: ldloc.3

      L_0025: ldloc.s num3

      L_0027: ldc.i4.1

      L_0028: callvirt instance string string::Substring(int32, int32)

      L_002d: call string string::Concat(string, string, string)

      L_0032: stloc.s text3

      L_0034: ldloc.s num3

      L_0036: ldc.i4.1

      L_0037: add.ovf

      L_0038: stloc.s num3

      L_003a: ldloc.s num3

      L_003c: ldc.i4.s 20

      L_003e: blt.s L_0043

      L_0040: ldc.i4.0

      L_0041: stloc.s num3

      L_0043: nop

      L_0044: ldloc.2

      L_0045: ldc.i4.1

      L_0046: add.ovf

      L_0047: stloc.2

      L_0048: ldloc.2

      L_0049: ldloc.s num4

      L_004b: ble.s L_001a

      L_004d: ldloc.s text3

      L_004f: stloc.0

      L_0050: br.s L_0052

      L_0052: ldloc.0

      L_0053: ret

}

 

.method private instance string a(string A_0) cil managed

{

      // Code Size: 44 byte(s)

      .maxstack 5

      .locals (

            [mscorlib]System.Text.ASCIIEncoding encoding1,

            [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: nop

      L_0001: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()

      L_0006: stloc.1

      L_0007: newobj instance void [mscorlib]System.Text.ASCIIEncoding::.ctor()

      L_000c: stloc.0

      L_000d: ldloc.0

      L_000e: ldloc.1

      L_000f: ldloc.0

      L_0010: ldarg.0

      L_0011: ldarg.1

      L_0012: callvirt instance string c::b(string)

      L_0017: callvirt instance unsigned int8[] [mscorlib]System.Text.Encoding::GetBytes(string)

      L_001c: ldc.i4.0

      L_001d: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)

      L_0022: callvirt instance string [mscorlib]System.Text.ASCIIEncoding::GetString(unsigned int8[])

      L_0027: stloc.2

      L_0028: br.s L_002a

      L_002a: ldloc.2

      L_002b: ret

}

 

評價:還是和源代碼基本上一樣…我不知道把這種東西給我們有什麼意思

 

2.      XeonCode MSIL

.method private instance string x246b032720dd4c0d(string x96c91b85a03f00b0) cil managed

{

      // Code Size: 105 byte(s)

      .maxstack 6

      .locals (

            string text1,

            int32 num1,

            int32 num2,

            string text2,

            string text3,

            int32 num3,

            int32 num4)

      L_0000: ldstr "/uec3b/uf2fa/ufa06/u0102/u0803/u0efc/u15fb/u1cf8/u23f8/u2b25/u3220/u391a/u401d/u471b/u4e1b/u5520/u5c10/u630e/u6a09/u7114"

      L_0005: ldc.i4 281144282

      L_000a: call string x2715eff98365d956.x1110bdd110cdcea4::_d574bb1a8f3e9cbc(string, int32)

      L_000f: call string string::Intern(string)

      L_0014: stloc.3

      L_0015: ldarg.1

      L_0016: callvirt instance int32 string::get_Length()

      L_001b: stloc.1

      L_001c: ldc.i4.0

      L_001d: stloc.s num3

      L_001f: br.s L_0043

      L_0021: stloc.s text3

      L_0023: ldloc.s num3

      L_0025: br.s L_0030

      L_0027: ldc.i4.s 20

      L_0029: blt.s L_0038

      L_002b: ldc.i4.0

      L_002c: stloc.s num3

      L_002e: br.s L_0038

      L_0030: ldc.i4.1

      L_0031: add.ovf

      L_0032: stloc.s num3

      L_0034: ldloc.s num3

      L_0036: br.s L_0027

      L_0038: ldloc.2

      L_0039: ldc.i4.1

      L_003a: add.ovf

      L_003b: stloc.2

      L_003c: ldloc.2

      L_003d: ldloc.s num4

      L_003f: ble.s L_004c

      L_0041: br.s L_0066

      L_0043: ldc.i4.0

      L_0044: ldloc.1

      L_0045: ldc.i4.1

      L_0046: sub.ovf

      L_0047: stloc.s num4

      L_0049: stloc.2

      L_004a: br.s L_003c

      L_004c: ldloc.s text3

      L_004e: ldarg.1

      L_004f: ldloc.2

      L_0050: ldc.i4.1

      L_0051: callvirt instance string string::Substring(int32, int32)

      L_0056: ldloc.3

      L_0057: ldloc.s num3

      L_0059: ldc.i4.1

      L_005a: callvirt instance string string::Substring(int32, int32)

      L_005f: call string string::Concat(string, string, string)

      L_0064: br.s L_0021

      L_0066: ldloc.s text3

      L_0068: ret

}

 

.method private instance string x2a0cb95ab84ba877(string x5b3e4cba383dedd9) cil managed

{

      // Code Size: 39 byte(s)

      .maxstack 6

      .locals (

            [mscorlib]System.Text.ASCIIEncoding encoding1,

            [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider provider1,

            string text1)

      L_0000: newobj instance void [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::.ctor()

      L_0005: stloc.1

      L_0006: newobj instance void [mscorlib]System.Text.ASCIIEncoding::.ctor()

      L_000b: stloc.0

      L_000c: ldloc.0

      L_000d: ldloc.1

      L_000e: ldloc.0

      L_000f: ldarg.0

      L_0010: ldarg.1

      L_0011: callvirt instance string x9324a7f62e6a3ae4.xaa4f033827d75b4d::x246b032720dd4c0d(string)

      L_0016: callvirt instance unsigned int8[] [mscorlib]System.Text.Encoding::GetBytes(string)

      L_001b: ldc.i4.0

      L_001c: callvirt instance unsigned int8[] [mscorlib]System.Security.Cryptography.RSACryptoServiceProvider::Encrypt(unsigned int8[], bool)

      L_0021: callvirt instance string [mscorlib]System.Text.ASCIIEncoding::GetString(unsigned int8[])

      L_0026: ret

}

 

評價:有點花指令,不過在MSIL的狀態下,源碼的邏輯盡顯無疑,也可以暢讀一番,不太理想

 

3.      MaxtoCode MSIL

 

.method private instance string Encrypt(string inStr) cil managed

{

}

 

.method private instance string Register(string instr) cil managed

{

}

 

  評價:依然無法看到代碼,那怕是較底層的MSIL也無法看見.這下應該安全了.

 

以上的比較讓您更清楚誰對您的知識產權保護更完美了吧。

排除代碼層面上的因素，我們再看看其它方面吧。

待續。。。