Decompilation - C#

[v6v]

Upon making my game, I saw something similar to this in the Game Maker topics.

Does this scare anyone?

http://forums.whirlpool.net.au/archive/592414
http://stackoverflow.com/questions/179741/how-do-i-decompile-a-net-exe-into-readable-c-sharp-source-code

The whole concept is new and foreign to me, and although I do plan on releasing source code, (and not selling this) the idea of someone potentially reverse engineering to the point where they gain full control seems to strike fear in my heart.

Ah, the internet.

[Vincent]

Don't worry, reflection and decompilation isn't new at all.

The reflectors I have seen only shows class constructors, methods and how to call them, you don't see the actual source code.

And the decompilers I have seen do not generate an exact copy of the code you compiled to create the binary file.  The source generated with the decompiler lose your comments, indentation, etc.  But maybe some decompilers are more advanced now than what I have seen.

But anyway, unless someone wants to copy your program to modify it or wants to learn how you did a specific feature, there is not much risk.

So, no fear in my heart. :p

[v6v]

I'm still thinking ahead- I've heard that obfuscation won't completely defend the code for reverse engineering, but rather, makes it harder for the code to be interpreted by an attacker.
Of course, whenever there's data, there's always a way to manipulate it.

Do any of you have any insight in obfuscation in C#?

Would it be overkill? (I do plan on releasing separate sample portions of what I used to make my game to the repository- aka Dimensional Sound, Drawing in 3D, and the Networking in Lidgren, but I want to keep the actual game's code secure and unknown (To some extent)

De-compilers have come a long way.
 I've seen the newer ones in action. It's scary. The only advantage I have it seems is that I'm not using a commercial game maker- (Game Maker, for example, which already has hundreds of programs specialized for the de-compiling of games.)

Still, I've had big dreams that were shattered thanks to this sort of thing- malicious users using the code *Or rather, script and vulnerability in those cases* (and taking advantage of my n00bish-ness through methods that I could have easily prevented). I really want to be on defense mode and ensure all possible threats are encumbered greatly.

[bluemonkmn]

Really?  You've had dreams shattered by people taking your code?  I started out worrying about that kind of thing, but come to the realization that I'd be lucky if my code were popular enough for people to steal.  What exactly has happened to you in the past?  Nothing like the past to take lessons from.  Also, Minecraft.  It's written in Java, which is probably at least as exposed to de-compilation as C#.  Do you know if Minecraft does anything to obfuscate the code?  In any case, whatever attacks Minecraft has been subject to don't seem to have reduced its popularity any.  If anything, the ability to plug in modules to Minecraft have made it more popular.  I think if you can get your game to be popular enough that people are wanting to de-compile it, you've already arrived at your "success" point.  De-compiling and analyzing code take a good deal of effort, and people aren't going to honor just any project with that kind of effort.

If your game relies entirely on secrets for it's popularity, you should maybe come up with something more.  Yes, secrets are an important part of the mystery, but people who value the mystery are usually pretty good about disciplining themselves so as not to spoil the game.  They just need a safe forum to talk about the game without having it spoiled for them (and I could certainly help with that -- deleting posts that spoil the game if necessary -- if you wanted to start out hosting discussion in the projects forum here).

Some secrets I agree, though, are vital, and no amount of obfuscation is going to be enough there.  If you want people to pay for your game, for example, and you have a mechanism to validate a user, then you can't be distributing that mechanism opening up the opportunity for your game to be hacked so that anyone can play without a legitimate account. In those cases, you should make sure that those secrets are never even part of distributed code.  They should be encoded into your server side logic.  And that something essential about the game cannot function without contacting the server (if that's your preference).  (Otherwise someone could just hack out the code that relies on server validation altogether.)

[v6v]

Yeah, I guess I'm being paranoid. Don't get me wrong, I'm all for user customization with the game's resources and behavior, and I will add features for that (As shown by the Sequence Editor, One baby step at a time)

But I'm in a pessimistic mindset for this frankly because (And I'm not referring strictly to de-compilers) before I came back to these forums, I was working with user accounts system for a website formatted for the Nintendo DSi. Now albeit the fact that the website only had 9 regulars, somehow, a user managed to insert some bad code that allowed them to execute MySQL commands.

Dropped tables, banned users, you name it. I had never accounted for this when starting, one because I was new to web development (as I am for web based desktop applications now) and I never thought the website would become anywhere near that popular.

Time and time again I remember. There's always someone who wants to prove their worth on the internet by doing such things. It's something I keep in mind when I have any kind of ambition for internet based applications.

(To be honest, I myself was once guilty of this.)