C ++
And entrust the development to a bad architect, he will confuse the code better than any obfuscator.
You can think at the same time about your own packer, someone will stop.

Nothing will protect against manual decompilation, the specialist will figure it out anyway. For automatic C++, however, it is much better in this regard - the binary almost does not store meta-information about the code, and, accordingly, it is more difficult for the program to parse it.

It's best to move sensitive code as a SaaS if possible.

Are you writing software for managing nuclear warheads?

Of the 3 languages, C#, Java and C++ are the most difficult to decompile C++ as C++ compiles to assembly code while Java and C# compiles to intermediate (IL) code. Although there are obfuscators that help make it very difficult to decompile C# and Java. Not to the same extent as C++, but parsing programs after obfuscation can also take a long time.

Well, more precisely, not so much decompilation, but understanding the code after decompilation.
Although a good obfuscator will break some decompilers. But not all.
Again, a good decompiler will help make the code relatively readable even after obfuscation.
In general, C++ is the best in this regard, as far as I know, but even there they are not perfect.

Not worth the candle game. It will be required - they will sort out anything. And hemorrhoids after obfuscation of Java code, especially actively using reflection, out of the blue will collapse fairly.

For Java and C#, obfuscators are used, because of them decompilation is no longer a pleasure, plus, they usually add protection to the code, some code that leads to the failure of the decompiler.

Better than C++, of course. Programs on it are more difficult to hack. At least to me.
But still, I wouldn't put C++, C# and Java in the same group. This is not correct.

In a compiled C++ program, you can find text strings, function and class names. In order to hide the meaning of text strings, the program can store them in encrypted form and decrypt them before use. This will make it very difficult to understand exactly what message the program was going to display, and therefore what this or that part of the code does. However, we still have function names. In theory, they can be cut using strip, but it’s much funnier to change them so that functions that are important to you (for example, isAppRegistered() ) do not work quite as expected, for example, this function can be called on a timer once every 10 seconds, hash the values ​​​​of different variables and return some then the result. The actual registration check function will be called debugPrintString() and... it won't pop up any windows to let you know something went wrong. These windows will be called again from another thread, by timer, in case our debugPrintString() has changed a couple of values. )

After you have given away a compiled (but not processed by any means of protection) .NET assembly (written in C #, for example), then consider that you have given away the source codes. ILSpy perfectly parses the assembly into sources and generates a solution that opens perfectly in Visual Studio.

Of these, C++ is the best, since it compiles directly to assembler code and there is no meta-information. For fidelity, you can process special software on top to implement anti-debugging mechanisms and mix code sections. Of these utilities, we worked with Sentinel Envelope and were satisfied.