Does anyone know if it is possible to disassemble a hex file back into .net c# code?.. I want to understand how vulnerable my code would be without application protection on a G400 project I am working on… If an attacker could use something like Reflector to disassemble a hex file into c# code we would be in big trouble… Thoughts?

It is going to be hard as the hex file is not really a dll. It is a combination of multiple pe files which are a netmf thing.

So while possible it is complicated I think.

If your stuff is valuable or interesting, count on it happening. If your stuff is potentially a target for an exploit (basically, it has a network connection), count on it happening within hours of release.

I think that depends on how many devices you sell.
There are very few exploits for Linux, even that there are quite many systems running with it.
But in general you are right.

How would a network connection contribute to the internal code on a netmf device?! It Is simply impossible! This is not an operating system here, it is a simpler runtime. I guess this is another benefit of netmf, no virus, no hacks!

My guess is that reading and parsing code from a netmf device will take no less than two weeks of work today, and you need to be an expert on the internals of netmf. Of course once it is figured out and have a software to parse then it takes minutes.

@ Gus - psst.
Don’t say that too loud.
Some might take this as a challenge :whistle:

Are there any good obfuscaters for net mf code, that make code at least less readable…

I have just purchased my first FEZ Cerbuino Bee and started to playing with it.

@ Gus: Does GHI plan to implement some HEX file password protection into the board and/or FEZ Config? (I mean, on incorrect password, the board refuses to let FEZ Config to download the deployed application as a hex/bin file.)
Or shall I just put some superglue into the USB Client port on release-boards? :slight_smile:

On the Cerb Bee (an open source hardware design) I would not expect to see something like that. But I’d suggest looking at the G80/G30 families which are newer and I’d expect to see the innovation focused on these platforms

oh and also, if you are talking commercial systems, call GHI direct to talk about plans ! They’re more likely to be able to talk about options to commercial customers…

@ Aron Kolozs - what Brett said :slight_smile:

1 Like

Why in the original post do you state that you are looking to protect your application without using application protection? If that’s a feature that’s provided on the G400 (a feature that I know nothing about) then why not start there?