Need good obfuscator that won't break remoting...
-
wout de zeeuw wrote:
They should have designed protection and licensing into the .NET framework...
Just out of curiosity... what are you afraid of losing?
every night, i kneel at the foot of my bed and thank the Great Overseeing Politicians for protecting my freedoms by reducing their number, as if they were deer in a state park. -- Chris Losinger, Online Poker Players?
Go to any ISV conference and ask that question, and you'll get a very definite reply. At the last one I attended we had no more than two or free vendors there who were writing any form of desktop products in .NET (the web is a different matter, of course). The number one reason cited was security and licence key protection. FWIW, the dominant languages in that sector seem to be C++ and Delphi. We're using the former for security and deployment reasons.
Anna :rose: Linting the day away :cool: Anna's Place | Tears and Laughter "If mushy peas are the food of the devil, the stotty cake is the frisbee of God"
-
Chris Losinger wrote:
strange... i never felt like i had to obfuscate any of my C++ code.
I also have never found good obfuscation tool. I have several products that I have kept off the market until I find such a tool. Windows Light Speed Reducer Windows Gravity Eliminator Windows Sun Rotation Stopper .... and my favorite Windows Reanimator
I love you :laugh::laugh::laugh: (if somebody's curious, I convinced my boss (I am his IT dept for 3 months :P) to get the application I was making for him with a gpl v3 license ;). Just in case he wants to sell it to others at some point, I think it would be good to have them helping in fixing my occasional bugs and adding functionality. After all, I won't be in the same country by then :cool:).)
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Take a look at XenoCode http://www.xenocode.com/
-
strange... i never felt like i had to obfuscate any of my C++ code. (though it is fun) i guess that's because C# is better.
image processing toolkits | batch image processing | blogging
What are you talking about? C++ can be disassembled very easily, did you ever use winice/softice? Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies! Regards, Adam
Make it simple, as simple as possible, but not simpler.
-
What are you talking about? C++ can be disassembled very easily, did you ever use winice/softice? Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies! Regards, Adam
Make it simple, as simple as possible, but not simpler.
Adam Tibi wrote:
What are you talking about?
no, what are you taking about?
Adam Tibi wrote:
C++ can be disassembled very easily
IL is pretty easy to read, by comparison. everything can be disassembled. everything is assembly/ML, eventually. but assembly is hardly a readable language.
Adam Tibi wrote:
Crackers are able to crack C++ compiled code easier than .NET obfuscated assemblies!
crackers have had 30 years to get good at cracking C++, and there are a whole host of tools out there to help them. and, yes, thanks for stating it again, C# EXEs are easy to crack.
image processing toolkits | batch image processing | blogging
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Send it to Hollywood.
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Dotfuscator works well IF you are willing to identify the classes & properties that should not be obfuscated... This is a pain if you have a large number of classes to deal with.... Rick
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
I have been using .NET obfuscator for about couple of years and it has worked great for me. I have used it for .net cf stuff, asp.net, win forms and web service. Cheers, Fahad
Nothing is impossible.....even impossible has the word possible
-
Yeah - isn't a sharp higher than a flat? In music? Nevermind that actually = isn't sharp just sharp and don't two positives make a negative?
I want my briefcase back damn it...
Emanuelle Goldsteen wrote:
Yeah - isn't a sharp higher than a flat? In music?
for what its worth - One notes sharp is another notes flat
-
Emanuelle Goldsteen wrote:
Yeah - isn't a sharp higher than a flat? In music?
for what its worth - One notes sharp is another notes flat
Narrow_Margin wrote:
Emanuelle Goldsteen wrote: Yeah - isn't a sharp higher than a flat? In music? for what its worth - One notes sharp is another notes flat
...except for when one notes sharp is another normal note.
-- You have to explain to them [VB coders] what you mean by "typed". their first response is likely to be something like, "Of course my code is typed. Do you think i magically project it onto the screen with the power of my mind?" --- John Simmons / outlaw programmer
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
-
Narrow_Margin wrote:
Emanuelle Goldsteen wrote: Yeah - isn't a sharp higher than a flat? In music? for what its worth - One notes sharp is another notes flat
...except for when one notes sharp is another normal note.
-- You have to explain to them [VB coders] what you mean by "typed". their first response is likely to be something like, "Of course my code is typed. Do you think i magically project it onto the screen with the power of my mind?" --- John Simmons / outlaw programmer
dan neely wrote:
for what its worth - One notes sharp is another notes flat ...except for when one notes sharp is another normal note.
Any note can have a flat, even if the flat is a "normal" note (white key on the piano). And don't even get started on double sharps and double flats... (OK, sorry for the topic hijack.)
-
Anyone have good experience with a particular obfuscator that still allows remoting (binary serialization)? A large part of the fields/properties can't be mangled because of this, and also because of the .NET data binding, which needs the property names to remain intact. Right now I'm considering CodeVeil (gonna try that one tomorrow), because it at leasts encrypts the assembly, so I don't have to worry as much about the field/property names not being mangled.
Wout
Try Orean Software's TheMida. It's the all-in-one anti-debug, anti-dumper, obfuscator (through virtual machines), etc. Works on all x86 apps in basically any language. C++, Delphi, .NET, etc. I've been using it on compiled C++ executables and DLLs and I pretty much have no issues with it. I haven't come across anything really bad about it, just that it makes the exe or DLL larger. http://www.oreans.com/ Basically hacker-proof as well. If you're big on protecting your secrets, then this is it.
-
We've tried and seemingly bought all of them at one time or another also the encrypting kinds and we've settled on use Spices.Net[^]and it works fine with remoting I can absolutely attest to since our app uses remoting heavily, it's a very large app with multiple assemblies, also an asp.net interface and a winform interface that supports local database access or remoting access via the internet from the winform app. Technically they all support remoting because you simply can't obfuscate some stuff. When you first use an obfuscator you need to play with it a *lot* and configure it carefully. Start with the least obfuscated settings, incrementally turn on more until your app dies, then find out what you can get away with after that. Spices allows you to set configuration method by method etc. There is no product that will work automatically and figure things out for you, none at all, I gurantee you that. You absolutely 100% need to be very patient and test your app thoroughly until you find the right balance of settings and which methods can be obfuscated and which can't. It's a hassle and time consuming but once you get it you're set and from then on it's simply running it after your build. Um..I can tell you all about CodeVeil because we used it for over a year and had to give it up because they didn't have Vista support at the time last fall and we were having other problems and their support literally gave up on us! They were really good at first then their support started to get worse and worse to the point that they simply told us at one point that they would get to us "when they can in the next month or so" because they were busy with some other product they put out. We had a wierd problem that didn't happen in a non encrypted assembly but did in an encrypted one, clearly there was something up and they took a couple of stabs at recommending things then gave us the 'when we get to it' reply. I say "they" but I'm pretty sure it's one guy who runs that project. That was the deal breaking point for us we simply can't afford any down time with our commercial products. My impression is that they were very helpful when they first released CodeVeil and as time went by they either didn't sell enough to put much resources behind it, or they simply give good service when you're new but as time goes by and anything tricky comes up they just start
Hey John, I settled for {smartassembly}... I've downloaded their latest version (I already had a license for their obfuscator), and I got it working pretty good. When classes are marked serializable, it doesn't obfuscate them, so it still works with remoting. It then also doesn't seem to obfuscate method names, which is a pity, I'll nag them about it. But on the bright side: .NET reflector doesn't show any method/property implementations, and I'm pretty happy with that! Also I didn't need too much experimentation to get it all working properly (about 3 days, but a lot of it I was screwing up my build scripts, hehe). Thanks for the advice, appreciate it!
Wout
-
Hey John, I settled for {smartassembly}... I've downloaded their latest version (I already had a license for their obfuscator), and I got it working pretty good. When classes are marked serializable, it doesn't obfuscate them, so it still works with remoting. It then also doesn't seem to obfuscate method names, which is a pity, I'll nag them about it. But on the bright side: .NET reflector doesn't show any method/property implementations, and I'm pretty happy with that! Also I didn't need too much experimentation to get it all working properly (about 3 days, but a lot of it I was screwing up my build scripts, hehe). Thanks for the advice, appreciate it!
Wout
wout de zeeuw wrote:
I'm pretty happy with that! Also I didn't need too much experimentation to get it all working properly (about 3 days,
Hmm..that's pretty fast, it took us a couple of weeks to find everything that could or couldn't be obfuscated in our app and thoroughly test all code paths etc. Just be sure about that before you release anything.
"I don't want more choice. I just want better things!" - Edina Monsoon