Analysis of .NET software

A software product can be analyzed by means of static or dynamic analysis.

Static analysis means protection cracking algorithm is based on disassembly results analysis or on decompiling of the protected application. (application does not need to run)

Dynamic analysis is required to crack encrypted or dynamically changing executable(s), because static analysis of such programs proved to be difficult.

For .NET applications static analysis is very easy if the code is not obfuscated. There are several known tools for this, which basically will show you **everything ** inside your application.

Take for example WindowsFormsApp1:

If we open our application in a tool called dnSpy:

As you can see, the whole code is visible 100%. The attacker can also export your application as a Visual Studio solution and ever remake it.

Because of this, there is nothing you can do to stop someone from opening your application for static analysis.

However you can obfuscate the code in such way that it will not be human readable. Obfuscation has it's downside, because almost every obfuscator out there can be de-obfuscated.

There are certain companies that offer tools for obfuscation that claim they are "very strong", but they are not. And they also cost a ridiculous amount of money starting from $150 USD to even $1500 USD.

.NET applications can also be dumped while running to obtain the same result, full source code. A popular tool for this is called MegaDumper (https://github.com/CodeCracker-Tools/MegaDumper).

This should cover for a small bit the analysis of .NET applications.