Is .NET code obfuscation really worth it?

Question

From what I\'ve read, code obfuscation isn\'t really that hard to \"crack\", and it will only delay the inevitable. In that case, what is it\'s purpose?

If someone re

Answer 1

Of course nothing is 100% protected. But not obfuscating for that reason is like not closing your house door because "any determined thieve can open it anyway". You lock the door anyway!!

I think that the main threat is some dude decompiling your app using ildasm, spotting SQL sentences, tampering with them, and then compiling it again. This way, he/she can eliminate restrictions and get full customer list, as an example, or just make plain harm.

You, as the application provider, will be held responsible in the first place...

BitHelmet's dudes explain it rather well in http://www.bithelmet.com/Overview.html.

I worked in a medium sized credit card company some years ago. There were three thefts (big time money) involving employees that we kwnew of, and all of them were performed not by a russian or chinese world-class hacker, but by kwnow-just-enough-of-programming employees that made just some little twists to the cashiers software.

I was a junior then :), my boss had to deal with it. I always wonder how many of these thefts were never discovered ;-). I could have done it, but never did!

Fact is, you must think in some level of protection, and you must consider in inhouse attacker. And will make life harder to the determined reverse enginner too.