Community

How to protect my ArcMap addin from decompiler?

2391
6
08-14-2013 06:11 PM
SongWendong
by
New Contributor
‎08-14-2013 06:11 PM
We have to provide an organization a ArcMap addin which is written in C#. It contains some algorithms that we would like to keep it to ourselves.
You know esri addin is actually a zip file you can unzip it and find the dll which means you can extract and decompile it.
It turns out you can not change the stuff in the package and rezip it.It would not be properly installed after. So it means I cannot obfuscate the code and replace the dll in the addin file.
Any ideas?
0 Kudos
6 Replies
LeoDonahue
by
Occasional Contributor III
‎08-14-2013 08:06 PM
Good question.

I know in Java, you can obfuscate your class files into a jar using something like ProGuard, and unzip the Java add-in, change jars, re-zip etc.  I assume you can obfuscate your code before you package the add-in.

Does your client have access to the internet?  What about moving your algorithms to a web service and have your add-in call the web service?  Anyone who decompiles your add-in will only see how to make the call to your web service, and they can probably abuse it, but they won't know the implementation of the algorithm.

You could also give your client a username/password that authenticates to your web service via your add-in, then you can control who can make requests to your web service.

I guess it depends on what your add-in is doing with respect to whether or not you can pass ArcObjects references around via web services.  If you look at ArcGIS Online, all geoprocessing is now based on web services. 

These are just ideas.
0 Kudos
GaryPoole
by
New Contributor II
‎08-15-2013 02:51 PM
We do the obfuscating in the pre-build event of the project which has the Config.esriaddinx file. The only other thing in that project is a dockable window and a couple of buttons.
0 Kudos
LeoDonahue
by
Occasional Contributor III
‎08-15-2013 02:56 PM
The obfuscated code just makes it harder to understand what it's doing to slow you down from re-writing it yourself. 

Obfuscated code still runs, so what do we accomplish?

How will you know when someone tries to decompile your add-in?  If you want to protect your ideas, patent them.
0 Kudos
SongWendong
by
New Contributor
‎08-16-2013 12:13 AM
We do the obfuscating in the pre-build event of the project which has the Config.esriaddinx file. The only other thing in that project is a dockable window and a couple of buttons.

What tool are you using for obfuscating in the pre-build event?
0 Kudos
GaryPoole
by
New Contributor II
‎08-16-2013 08:04 AM
What tool are you using for obfuscating in the pre-build event?


We are using Intellilock for obfuscation and licensing. It is inexpensive, works well, and is updated on a regular basis but don't expect any customer support.
0 Kudos
YukunXing
by
New Contributor III
‎02-20-2014 08:42 AM
We are using Intellilock for obfuscation and licensing. It is inexpensive, works well, and is updated on a regular basis but don't expect any customer support.


Hi Gary, I'm trying to figure out how to license an ArcGIS Add-in and bumped into your post here. How do I use intellilock on an existing add-in project? Any help is appreciated!
0 Kudos