Invalid Code

Invalid code inserts sequences that decompilers cannot process, breaking their output while your application keeps running normally.

.NET

Start free

See it in ByteHide Shield

TL;DR

Invalid code injects instruction sequences that are valid enough for the runtime to execute but malformed from a decompiler's point of view. The application runs correctly. The decompiler produces broken, incomplete, or non-compilable output.

Definition

What is invalid code?

Invalid code is an obfuscation technique that exploits the gap between what a runtime accepts and what a decompiler expects. It inserts sequences the .NET runtime executes without issue but that decompilers cannot interpret.

Decompilers rebuild readable source from compiled code by assuming the code follows the patterns a normal compiler produces. Invalid code breaks that assumption.

The application behaves exactly as intended, because the runtime handles the sequences correctly. The decompiler, expecting compiler-shaped code, fails: it crashes, skips methods, or produces output that does not compile.

Mechanism

How invalid code works

Invalid code targets the weaknesses of decompilers:

Malformed sequences. Instruction patterns valid for the runtime but unexpected by decompilers are inserted.
Decompiler-specific traps. Constructs known to break common .NET decompilers are placed in sensitive methods.
Runtime-safe insertion. Every sequence is verified so the runtime executes it without error.

The result is code that runs but resists being rebuilt into readable source.

Example

Invalid code example

The same .NET method, opened in a decompiler. Invalid code changes what the decompiler can recover from it.

Without invalid code

A decompiler opens your assembly and produces clean, readable, recompilable source.

With invalid code

The same decompiler hits the invalid sequences and produces broken output, incomplete methods, or fails on them entirely.

Without invalid codePaymentProcessor.cs

public class PaymentProcessor
{
    public void Charge(decimal amount)
    {
        gateway.Submit(amount);
    }
}

With invalid codePaymentProcessor.cs

public class PaymentProcessor
{
    public void Charge(decimal amount)
    {
        gateway.Submit(amount);
    }
}

Use cases

When to use invalid code

Invalid code is most useful when your .NET application:

Must resist the common decompilers attackers reach for first.
Has already been renamed and obfuscated, invalid code adds another barrier.
Contains methods sensitive enough to justify breaking decompilation outright.

It pairs with invalid metadata and control flow obfuscation: together they make decompilation unreliable and the recovered code unreadable.

Platform availability

Invalid code and the .NET platform

.NET
Exclusive. Invalid code targets the behavior of .NET decompilers specifically. Other platforms resist decompilation through different Shield protections.

Frequently asked questions

What is invalid code?

Invalid code is a .NET obfuscation technique that inserts instruction sequences the runtime executes correctly but decompilers cannot interpret, breaking the output an attacker would rely on.

Does invalid code affect how my application runs?

No. Every sequence is verified to be runtime-safe, so the application behaves exactly as intended.

Does invalid code stop every decompiler?

It breaks the common decompilers attackers reach for, but tools evolve. Invalid code is one layer, strongest combined with obfuscation and invalid metadata.

Does invalid code affect performance?

The impact is negligible. The inserted sequences are small and add no meaningful runtime cost.

Which platforms support invalid code?

Invalid code applies only to .NET, because it targets .NET decompilers specifically.