Need good obfuscator that won't break remoting...
-
Hi John, Thanks, that was really helpful. I'm familiar with the Spices.net obfuscator, having used it 2 years ago for my own products. They were always quick to fix bugs that I found, so I was very pleased with that. Early this year I switched to {smartassembly} because it seemed to break disassembly by .NET reflector, which was my major gripe with Spices.net obfuscator at the time, because Spices.net didn't break disassembly. But then 2 weeks later .NET reflector was updated, and it could disassemble the assemblies obfuscated with {smartassembly}, ghaaaaaa! It drove me nuts (and still does). So did Spices.net improve and actually break disassembly? I might go back to their stuff. The encryption thing by CodeVeil has some appeal to me, I just don't like their restrictive licensing.
Wout
I know that I can open my assemblies in reflector but it's damned hard to actually find out what's going on. The bottom line for us was to have something that's difficult to simply reverse into source code. Spices does that well. We don't have any trade secrets or anything that is technically ground breaking and cutting edge, basically business applications. Our only requirement was to protect our licensing code and not allow someone to simply turn it into source code, slap their copyright on it and sell it. We accomplish all that with strong named assemblies and obfuscation. Nothing will ever be perfect and it's a straight up loss of profit to obsess over it and take it too far, you have to at some point accept that it will never be perfect and just like a padlock will only keep the honest people out. In the end it's better to spend time on the features and price it properly so that you reallay don't end up having a lot of piracy and cracking. I don't remember any particularly restrictive licensing on codeveil, maybe they've changed it, in any case give it a whirl and see how you like it. We determined there was just too much trouble with encryption to make it worthwhile without solid support which we didn't get in the end but your mileage may vary.
"I don't want more choice. I just want better things!" - Edina Monsoon
-
Maybe a .NET team member took offence. Overall I like .NET, especially the productivity. But I'm not impressed with the business aspect of it: protection, licensing, deployment (ClickOnce, ugh).
Wout
wout de zeeuw wrote:
(ClickOnce, ugh).
Ugh is right. I have found it an absolutely atrociously unworkable solution for the vast majority of my applications. What were they thinking? What, including a script-based installer in .NET would have been too hard? Freakin.. at least provide decent MSI support.
-
They should have designed protection and licensing into the .NET framework... I guess MS doesn't worry about it since they don't write .NET apps themselves that they ask money for.
Wout
wout de zeeuw wrote:
They should have designed protection and licensing into the .NET framework...
Just out of curiosity... what are you afraid of losing?
every night, i kneel at the foot of my bed and thank the Great Overseeing Politicians for protecting my freedoms by reducing their number, as if they were deer in a state park. -- Chris Losinger, Online Poker Players?
-
I've tried a lot of different ones. XenoCode and SmartAssembly seem to be up there, but I still run into problems with those, just not as many as some other obfuscators. Perhaps you will have better results. After a few years of this stuff, I'm convinced obfuscation generally is a big hack designed at the wrong level.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Minnesota Bridge Collapses The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
Judah Himango wrote:
After a few years of this stuff, I'm convinced obfuscation generally is a big hack designed at the wrong level.
That's exactly it. It needs to be built into the CLR, not even the assemblies - the CLR itself needs to understand name/resource mangling. Ehhh...
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
try this one... http://www.eziriz.com/[^]
{}*
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
are you sure you need it? (well, assuming it's not a PHB requirement) http://forum.java.sun.com/thread.jspa?threadID=712642 (it's about java, but the points still apply IMO).
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
What about the professional version of DotFuscator, obfuscator supplied with VS? Personally, i havent faced any problems with the pro version of DotFuscator.
-
wout de zeeuw wrote:
They should have designed protection and licensing into the .NET framework...
Just out of curiosity... what are you afraid of losing?
every night, i kneel at the foot of my bed and thank the Great Overseeing Politicians for protecting my freedoms by reducing their number, as if they were deer in a state park. -- Chris Losinger, Online Poker Players?
Go to any ISV conference and ask that question, and you'll get a very definite reply. At the last one I attended we had no more than two or free vendors there who were writing any form of desktop products in .NET (the web is a different matter, of course). The number one reason cited was security and licence key protection. FWIW, the dominant languages in that sector seem to be C++ and Delphi. We're using the former for security and deployment reasons.
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
Chris Losinger wrote:
strange... i never felt like i had to obfuscate any of my C++ code.
I also have never found good obfuscation tool. I have several products that I have kept off the market until I find such a tool. Windows Light Speed Reducer Windows Gravity Eliminator Windows Sun Rotation Stopper .... and my favorite Windows Reanimator
I love you :laugh::laugh::laugh: (if somebody's curious, I convinced my boss (I am his IT dept for 3 months :P) to get the application I was making for him with a gpl v3 license ;). Just in case he wants to sell it to others at some point, I think it would be good to have them helping in fixing my occasional bugs and adding functionality. After all, I won't be in the same country by then :cool:).)
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Take a look at XenoCode http://www.xenocode.com/
-
strange... i never felt like i had to obfuscate any of my C++ code. (though it is fun) i guess that's because C# is better.
image processing toolkits | batch image processing | blogging
What are you talking about? C++ can be disassembled very easily, did you ever use winice/softice? Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies! Regards, Adam
Make it simple, as simple as possible, but not simpler.
-
What are you talking about? C++ can be disassembled very easily, did you ever use winice/softice? Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies! Regards, Adam
Make it simple, as simple as possible, but not simpler.
Adam Tibi wrote:
What are you talking about?
no, what are you taking about?
Adam Tibi wrote:
C++ can be disassembled very easily
IL is pretty easy to read, by comparison. everything can be disassembled. everything is assembly/ML, eventually. but assembly is hardly a readable language.
Adam Tibi wrote:
Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies!
crackers have had 30 years to get good at cracking C++, and there are a whole host of tools out there to help them. and, yes, thanks for stating it again, C# EXEs are easy to crack.
image processing toolkits | batch image processing | blogging
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Send it to Hollywood.
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Dotfuscator works well IF you are willing to identify the classes & properties that should not be obfuscated... This is a pain if you have a large number of classes to deal with.... Rick
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
I have been using .NET obfuscator for about couple of years and it has worked great for me. I have used it for .net cf stuff, asp.net, win forms and web service. Cheers, Fahad
Nothing is impossible.....even impossible has the word possible
-
Yeah - isn't a sharp higher than a flat? In music? Nevermind that actually = isn't sharp just sharp and don't two positives make a negative?
I want my briefcase back damn it...
Emanuelle Goldsteen wrote:
Yeah - isn't a sharp higher than a flat? In music?
for what its worth - One notes sharp is another notes flat
-
Emanuelle Goldsteen wrote:
Yeah - isn't a sharp higher than a flat? In music?
for what its worth - One notes sharp is another notes flat
Narrow_Margin wrote:
Emanuelle Goldsteen wrote: Yeah - isn't a sharp higher than a flat? In music? for what its worth - One notes sharp is another notes flat
...except for when one notes sharp is another normal note.
-- You have to explain to them [VB coders] what you mean by "typed". their first response is likely to be something like, "Of course my code is typed. Do you think i magically project it onto the screen with the power of my mind?" --- John Simmons / outlaw programmer
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
-
Narrow_Margin wrote:
Emanuelle Goldsteen wrote: Yeah - isn't a sharp higher than a flat? In music? for what its worth - One notes sharp is another notes flat
...except for when one notes sharp is another normal note.
-- You have to explain to them [VB coders] what you mean by "typed". their first response is likely to be something like, "Of course my code is typed. Do you think i magically project it onto the screen with the power of my mind?" --- John Simmons / outlaw programmer
dan neely wrote:
for what its worth - One notes sharp is another notes flat ...except for when one notes sharp is another normal note.
Any note can have a flat, even if the flat is a "normal" note (white key on the piano). And don't even get started on double sharps and double flats... (OK, sorry for the topic hijack.)
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Try Orean Software's TheMida. It's the all-in-one anti-debug, anti-dumper, obfuscator (through virtual machines), etc. Works on all x86 apps in basically any language. C++, Delphi, .NET, etc. I've been using it on compiled C++ executables and DLLs and I pretty much have no issues with it. I haven't come across anything really bad about it, just that it makes the exe or DLL larger. http://www.oreans.com/ Basically hacker-proof as well. If you're big on protecting your secrets, then this is it.