.NET Obfuscator
-
Can someone suggest a good Obfuscator? It needs to non-expensive and simple to use. I need to prevent someone from reverse engineering my code from the dlls that I provide using tools like Reflector. Thanks.
Well, there's always Dotfuscator[^]. The community edition of Dotfuscator merely scrambles string constants and function names; I think the professional version does much more (scrambles program flow, metadata, things like that). The community edition comes standard with Visual Studio 2005. A google search will turn up many more results..
------------ Cheers, Patrick
-
Can someone suggest a good Obfuscator? It needs to non-expensive and simple to use. I need to prevent someone from reverse engineering my code from the dlls that I provide using tools like Reflector. Thanks.
So far, the best obfuscator I used is C\C++. Anyway, I do have some tips to share regarding obfuscating .NET code. 1.) Don't bother if your code size is too small, say less than 1MB excluding embedded resources. It is because you simply don't have enough signatures for the obfuscator to mess with. 2.) Expect the obfuscated IL/code to be still, very readable. This is because of the various uses of the Base Class Library(BCL) in your code, and you can't(or shouldn't) obfuscate any BCL calls made from your code. Say you have a custom control class, obfuscated code might look like this: class a : Control{ public a(){ base.Text = "My Wonderful Control"; } } ~ or if you have code that deal with IO: static void b(string c){ FileStream d = File.OpenRead(c); ... d.Close(); } It won't took long before someone figure out that the param 'c' represents a file path. The bottom line is, if your code aren't doing anything complex, obfuscator can't do much. 3.) You cannot prevent someone from reverse engineering your code. 4.) You cannot prevent someone from reverse engineering your code. 5.) You cannot prevent someone from reverse engineering your code. 6.) Finally, use obfuscator as part of the build process, I do agree that if you will not release source code, you should obfuscate your code, but just don't take it too seriously.
-
So far, the best obfuscator I used is C\C++. Anyway, I do have some tips to share regarding obfuscating .NET code. 1.) Don't bother if your code size is too small, say less than 1MB excluding embedded resources. It is because you simply don't have enough signatures for the obfuscator to mess with. 2.) Expect the obfuscated IL/code to be still, very readable. This is because of the various uses of the Base Class Library(BCL) in your code, and you can't(or shouldn't) obfuscate any BCL calls made from your code. Say you have a custom control class, obfuscated code might look like this: class a : Control{ public a(){ base.Text = "My Wonderful Control"; } } ~ or if you have code that deal with IO: static void b(string c){ FileStream d = File.OpenRead(c); ... d.Close(); } It won't took long before someone figure out that the param 'c' represents a file path. The bottom line is, if your code aren't doing anything complex, obfuscator can't do much. 3.) You cannot prevent someone from reverse engineering your code. 4.) You cannot prevent someone from reverse engineering your code. 5.) You cannot prevent someone from reverse engineering your code. 6.) Finally, use obfuscator as part of the build process, I do agree that if you will not release source code, you should obfuscate your code, but just don't take it too seriously.
-
regarding -- You cannot prevent someone from reverse engineering your code. Does it mean I am effectively screwed when it comes to developing with .net and protecting my IP/efforts? What do the big component vendors do?
no, you use legal actions to protect against IP theft just like you do with a c++ app. IIRC there are obfuscators that produce sufficiently mangled output that reflection tools will choke. Anyone who really wants will just look at the raw IL and work the same way they would with the output of a disassembled native code application.
-- CleaKO The sad part about this instance is that none of the users ever said anything [about the problem]. Pete O`Hanlon Doesn't that just tell you everything you need to know about users?