Would it be so tragic not to obfuscate my product?


I'm building a software (a concept-mind-mapping/diagramming product in .NET) and seeing trouble with obfuscation (alteration of deliverable code difficult decompilation).
It costs money and time to make it work OK, and I think hackers will break it anyway.

So, would it be so damaging not to obfuscate it?


asked Nov 15 '09 at 13:25
Nestor Sanchez A
690 points
Top agency to build award-winning mobile apps: Utility NYC

7 Answers


Obfuscation doesn't take any time, but Proguard costs a small bit of money.

Hackers will break it, but do you want to leave your car door open, or lock it, knowing that it can still be stolen?

Obfuscation will also help to make the final code smaller, as it gets rid of unneeded code, at times, so that is also helpful.

If you don't mind that people can easily decompile it to see how your program works, then just distribute it as it is, and since you are so helpful, just compile it in debug mode. :)

Obfuscation just makes it more difficult, and if it isn't trivial then it may require someone that has much more experience, and then it is a matter of whether that person will want to be bothered to hack your application.

I can clone your application by using it though, so looking at the code isn't necessarily needed, but I think the other benefits of obfuscation, and the fact that you just pay a price while compiling, makes it worth it.

answered Nov 15 '09 at 14:31
James Black
2,642 points


You said you are building it in .NET, in which case you are in luck. Babble Obfuscator is free and easy to setup in .NET. I've used it to obfuscate an ASP.NET website and SharePoint solution dlls (both coded in C# with ASP.NET ascx/aspx code-behinds) and it works great. Like all obfuscators, if someone really wants your code and is prepared to spend money and/or time they will get it. But why make it easy for all the wanna-be hackers out there? .NET code is so easy to disassemble with Reflector or ildasm, and Babel Obfuscator prevents both from working.

After some tweaking I found I got the best results from Babel after making as many classes as possible have a private or non-public scope. Keep in mind you cannot use the new Visual Studio 2008 code-signing and instead have to use snk keys.

answered Nov 16 '09 at 14:14
219 points


Well, it depends.

One thing you can do is simply outrun the bad guys, i.e. add lots of compelling features in the later versions, so that everyone would want to use the later versions. If you do this, then maybe you don't need to add obfuscation and license management to the first version(s).

On the other hand, obfuscation should be completely safe, and more or less free of charge on most platforms today. I don't know about .NET obfuscation, but try Googling it and try asking over at stackoverflow.com ; I would guess there are OK open-source or inexpensive .NET obfuscators available.

Another thing is some sort of license management system. Again, I don't know what the top contenders on .NET are; I would propose to ask over at OISV, Shareware Professionals or Joel's forum.

answered Nov 15 '09 at 14:49
Jesper Mortensen
15,292 points


I found this article really insightful when thinking about this topic http://www.kalzumeus.com/2006/09/05/everything-you-need-to-know-about-registration-systems/ I think you have to learn to live with the fact that pirates will hack you. They have a lot of time, and tools, and incentive to do it. The harder you make it to steal your product, the bigger the risk you take that you'll also make your paying users unhappy.

(So make it just hard enough that the mostly-honest people won't steal it.)

Someone else (Joel? asmartbear?) once made an observation that he didn't care about competitors reverse engineering his app because that means those guys are busy playing catch up... leaving him free to make his app easier to use, more beautiful, and feature rich. So the takehome lesson there is to use a code obfuscation tool if it's convenient, but not to spend a lot of time or effort on it.

answered Nov 21 '09 at 02:11
143 points


Aren't you jumping the gun a bit? First, you have to make your software successful before anyone is going to try to steal it. While IP protection is be important at any stage of development, don't spend too many of your resources on it.--Focus on getting your code to market and selling it. If you focus on the customer you will by default 'outrun the bad guys' as Jesper Mortensen suggests.

answered Nov 16 '09 at 13:03
649 points


It depends on your market. If you are planning to sell this to businesses, then it almost certainly does not matter. Businesses pay for software that provides more value than it costs. Furthermore, in general, they will not get your software from warez/crack sites. There's too much downside for them especially if your software is not providing enough value to justify buying it.

If you're selling to individuals, it might be important to obfuscate, depending on who the individuals are. Are you selling to a demographic that will steal software? If so, then by all means. If not, then it probably does not matter. Just make sure you make it easy for users to buy it and obvious to them that the software is not freeware.

answered Nov 21 '09 at 15:19
108 points


If you're building a web application in .NET, why are you even concerned about obfuscation?! Your application lives on your servers, obfuscation adds very little protection for the hassle.

If I'm mistaken and this is not a web application, why would you choose desktop software in this day and age?

answered Nov 17 '09 at 07:16
211 points
  • ...because my application is Desktop based. Yes! Browser applications (for diagramming like the mine) either are too simple/basic or slow to load if they have some complexity. Plus, WPF (the technology I use) can print, take advante of graphic acceleration hardware, integrate to Office and things alike. – Nestor Sanchez A 9 years ago

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics: