Buying Obfuscator Tools are a waste of money?
-
Paul Conrad wrote:
I use them sparingly from time to time.
Which one do you like to use? I've seen one from 9 Rays a while ago, have you worked with that one? Jeff
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Jeff, I mentioned in another post that I use the dotfuscator that comes with VS2008. I tried the one from 9Rays a few years ago, and found the price to be a bit out of my league. If I had a real need for it and could justify the cost, then possibly so. I just checked out their site and they have a decompiler. Thanks to your post, I am curious as to what happens to running their decompiler against obfuscated code from dotfuscator :laugh:
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
-
Hey Paul, thanks for the info. I know what you mean about the prices sometimes. Do you know if the express editions of vb.net or c# have that dotfuscator you mentioned?
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
peterchen wrote:
Isn't it the same as locking your front door?
No. My house is not performing anything so locking the front door wont' slow down anything. And also, I already locked with my key. I dont think I need to have finger-print scanner to do double-locking.
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
How does obfuscation slow anything down? As far as I understand, it's glorified renaming. Or do you mean during build time?
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
blog: TDD - the Aha! | Linkify!| FoldWithUs! | sighist -
I just checked on an old developer box of mine that has Visual C# 2008 Express on it, and no dotfuscator. IIFC, it is only on VS2008 Standard Edition and above. As a friendly tip, keep an eye out for Microsoft product launches, they tend to have perks (door prizes) if you go to them and listen to the guest speaker speak his/her bit for a couple hours. They had one a few months back, not sure when there is another. Worth the time to go to one :-D
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul, thanks for all the info. I like your signatures, they are pretty funny.
-
Paul, thanks for all the info. I like your signatures, they are pretty funny.
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
csciwiz wrote:
I like your signatures, they are pretty funny.
:-\ There are guys around here that quip out some pretty good ones. It's hard to keep up sometimes :-O Over on my CP profile page, I have several others.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
:-\ Awww, thanks. I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites ;P
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
:-\ Awww, thanks. I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites ;P
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites
True. We're just one big happy family with the dysfunctional retard locked up in the basement.
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
I think we all have some good ones. I have to say, CP is not just a valuable source of programming information, but a valuable source of entertainment, too. Me thinks that is what makes it stand out from all other programming sites
True. We're just one big happy family with the dysfunctional retard locked up in the basement.
Deja View - the feeling that you've seen this post before.
Pete O'Hanlon wrote:
one big happy family with the dysfunctional retard locked up in the basement
:laugh: Very true.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Paul Conrad wrote:
are guys around here that quip out some pretty good ones.
You have your moments yourself sir. ;)
Deja View - the feeling that you've seen this post before.
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
-
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
csciwizard wrote:
I like your signature, too. I get the feeling sometimes, too.
Thanks (it's an original Peteism). It just seemed appropriate after answering the same question the 20th time.
Deja View - the feeling that you've seen this post before.
-
Paul Conrad wrote:
Add an eye scanner for triple locking
haha. yes.. using obfuscator tool is not like locking the door. but it is like locking the kitchen doors in your restaurant while there are full of customers... it will take a lot of times just for locking and unlocking the kitchen
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
Michael Sync wrote:
using obfuscator tool is not like locking the door
Sure it is. I looked at the 9Rays (referred by csciwiz, earlier) decompiler and it can't do anything with the code obfuscated with dotfuscator. So it does work to an extent.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
Hi Pete, I like your signature, too. I get the feeling sometimes, too.
Pete's a cool guy and he always has something that is funny.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
I think buying Obfuscator tools are unless.. I'm not so sure why there are some people who are willing to spend their money on those tools.. maybe, the boss doesn't understand the technical thing and he hired bad technical guys..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
I think it depends on your application etc. I stick with encryption for all important data - so the obvious thing like encrypting all passwords and not making them public etc although that can still be hacked. In the end it is the data that tends to be the most valuable asset - in the UK we know this because government departments keep giving away free CD's with citizens private data on them. Most of the time it is going to be faster for someone to write the code from scratch than piece together decompiled code IMUHO(U = uninformed).
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
-
I think it depends on your application etc. I stick with encryption for all important data - so the obvious thing like encrypting all passwords and not making them public etc although that can still be hacked. In the end it is the data that tends to be the most valuable asset - in the UK we know this because government departments keep giving away free CD's with citizens private data on them. Most of the time it is going to be faster for someone to write the code from scratch than piece together decompiled code IMUHO(U = uninformed).
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
GuyThiebaut wrote:
faster for someone to write the code from scratch than piece together decompiled code
I agree. I put up a test virtual machine with some of the decompilers I found today, tried decompiling a class library I obfuscated with dotfuscator that comes with VS2008, and they all result in decompiled garbage that is hard to work with.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
-
What does "obfuscator" do then? Obfuscator doesn't give you anything extra layer over your assembly? AFAIK, there are some Obfuscator tools like that..
Thanks and Regards, Michael Sync ( Blog: http://michaelsync.net)
An obfuscator like this one: http://www.9rays.net/Products/Spices.Obfuscator/[^] makes it difficult to generate the original source code from the assemblies. In fact it makes it impossible with the most common tools out there, a tool like .net Reflector barfs on a fully protected obfuscated assembly using that product. Mainly it just renames everything identifiable in the code into strange symbols and characters and wherever possible repeats the same names for variables and methods etc. So what you end up with is a mess that is very difficult to turn into source code, change and recompile. Also very difficult to sort through visually by looking at it since nearly everything has the same name. A *lot* of manual work would be required to turn a well obfuscated assembly into usable source code, more work than is worth it nearly every time.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson
-
GuyThiebaut wrote:
faster for someone to write the code from scratch than piece together decompiled code
I agree. I put up a test virtual machine with some of the decompilers I found today, tried decompiling a class library I obfuscated with dotfuscator that comes with VS2008, and they all result in decompiled garbage that is hard to work with.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
Paul Conrad wrote:
they all result in decompiled garbage that is hard to work with.
But who says a developer wants to modify the actual code and not just lift the algorithms encapsulated in classes as a whole? So what if it's gibberish. (A few years back, I decompiled .NET code obfuscated with dotfuscator and was amazed at how clean the code was. Sure it had weird names, but it was more readable than assembly language. And, as I said, I realized it didn't really matter. With the code in question, I was able to lift out the core algorithm.)
Anyone who thinks he has a better idea of what's good for people than people do is a swine. - P.J. O'Rourke
-
Paul Conrad wrote:
they all result in decompiled garbage that is hard to work with.
But who says a developer wants to modify the actual code and not just lift the algorithms encapsulated in classes as a whole? So what if it's gibberish. (A few years back, I decompiled .NET code obfuscated with dotfuscator and was amazed at how clean the code was. Sure it had weird names, but it was more readable than assembly language. And, as I said, I realized it didn't really matter. With the code in question, I was able to lift out the core algorithm.)
Anyone who thinks he has a better idea of what's good for people than people do is a swine. - P.J. O'Rourke
Joe Woodbury wrote:
amazed at how clean the code
I was looking through the help file for dotfuscator yesterday, and it states that it will optimize the code further. It also said that it tries to obfuscate to the point that any decompiling results in a non-deterministic codebase. They do say it is not 100% bullet proof.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon