How .NET Runtime interprets obfuscated C# code?
-
Have got a chance to work with some obfuscating tools. I understand .NET Runtime works the same way as JVM does. My question is the following: After I obfuscated (i.e. messed up) compiled byte-code (Java or .NET), how could the Virtual Machine (.NET Runtime or JVM) still understand the byte-code and compile it into the machine code?
Best, Jun
-
Have got a chance to work with some obfuscating tools. I understand .NET Runtime works the same way as JVM does. My question is the following: After I obfuscated (i.e. messed up) compiled byte-code (Java or .NET), how could the Virtual Machine (.NET Runtime or JVM) still understand the byte-code and compile it into the machine code?
Best, Jun
It doesn't make a difference to the computer what a variable or function or class is called, or where they live. Those abstractions are entirely there to help us code and the obfuscation tool just changes the way things look to us. So, obfuscation doesn't make the code any more difficult for the computer to understand.
-
It doesn't make a difference to the computer what a variable or function or class is called, or where they live. Those abstractions are entirely there to help us code and the obfuscation tool just changes the way things look to us. So, obfuscation doesn't make the code any more difficult for the computer to understand.
-
Nope, but outsourcing is cheaper.
Light moves faster than sound. That is why some people appear bright, until you hear them speak. List of common misconceptions
-
Have got a chance to work with some obfuscating tools. I understand .NET Runtime works the same way as JVM does. My question is the following: After I obfuscated (i.e. messed up) compiled byte-code (Java or .NET), how could the Virtual Machine (.NET Runtime or JVM) still understand the byte-code and compile it into the machine code?
Best, Jun
-
Nope, but outsourcing is cheaper.
Light moves faster than sound. That is why some people appear bright, until you hear them speak. List of common misconceptions
-
Have got a chance to work with some obfuscating tools. I understand .NET Runtime works the same way as JVM does. My question is the following: After I obfuscated (i.e. messed up) compiled byte-code (Java or .NET), how could the Virtual Machine (.NET Runtime or JVM) still understand the byte-code and compile it into the machine code?
Best, Jun
It's only "messed up" to humans... for example, the following obfuscated code isn't any harder for the runtime to understand than the code you write:
using O111; using O111.l1000; using System; using System.Collections; using
System.l1001; using System.l1010; using System.Text; public class l1011 {
public string l1100; public int l1101; public l1011(string l1011) { l1100 =
O1110(l1011); } public int O1111 { get { if (l1101 == 0) return 1; if (l1101
== 1 && l1100 == "v\u006F\u0069\u0064") return 012; return 3; } } public bool
O10000 { get { return l1101 == 0 && l1100 == "\u0076oid"; } } public string
O10001(int O10010, bool O10011, bool l10100) { if (l1101 == 0) return l1100;
if (O10010 == 0) return l1100+l10101(l10100 ? '\u0050' : '\u002A'); if (l11011 || O10011 || O10010 == 1) return "\u0049n\u0074\u0050\u0074\u0072"; if (
l1100 == "\u0076o\u0069d") switch (O10010) { case 2 : return "b\u0079\u0074\
u0065[\u005D"; case 3 : return "sbyte\u005B]"; case 4 : return "\u0073\u0068\
u006Fr\u0074[]"; case 5 : return "\u0075\u0073h\u006Fr\u0074\u005B]"; case
6 : return "\u0069\u006E\u0074[\u005D"; case 7 : return "\u0075int[]"; case
8 : return "\u0066\u006C\u006Fa\u0074[]"; case 011 : return "d\u006Fu\u0062\
u006C\u0065\u005B]"; } return l1100+"\u005B]"; } string l10101(char O10110) {
l10111 O11000 = new l10111(); for (int O11001 = 0; O11001 < l1101;
O11001++ )O11000.l11010(O10110); return O11000.O10001(); } public bool O11011 {
get { return l1101 > 0; } } public int O11100 { get { switch (l1100) { case "
v\u006Fid" : return 0; case "b\u0079\u0074\u0065" : case "\u0073b\u0079te" :
return 1; case "s\u0068o\u0072\u0074" : case "\u0075\u0073h\u006Fr\u0074" :
return 2; case "i\u006Et" : case "u\u0069nt" : return 4; case "\u0066loat" :
return 4; case "\u0064\u006F\u0075b\u006Ce" : return 8; default : throw new
l11101("unkno\u0077\u006E \u0062\u0061se\u0020\u0074ype"); } } } static
O11110 l11111; public static string O1110(string l1011) { if (l11111 == null)
l11111 = O100000(); string l100001 = (string)l11111[l1011]; if (l100001 ==
null) { l100010.l100011.l100100("\u0077a\u0072\u006Ei\u006Eg:\u0020u\u006Ekno\
u0077\u006E\u0020\u0074\u0079\u0070\u0065\u0020\u0022"+l1011+"\u0022\
u0020use \u0061\u0073 \u0069\u0073."); l11111[l1011] = l1011; l100001 =
l1011; } return l100001; } static O11110 O100000() { O11110 l100001 = new
O11110(); l100001["v\u006Fid"] = "\u0076o\u0069\u0064"; l100001["\u0047L\
u0076oid"] = "v\u006F\u0069\u0064"; l100001["G\u004Cenum"] = "u\u0069n\
u0074"; l100001["G\u004C -
That depends on how much you paid for your obfuscater. :-D
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
-
Have got a chance to work with some obfuscating tools. I understand .NET Runtime works the same way as JVM does. My question is the following: After I obfuscated (i.e. messed up) compiled byte-code (Java or .NET), how could the Virtual Machine (.NET Runtime or JVM) still understand the byte-code and compile it into the machine code?
Best, Jun
Obfuscation just changes the identifiers in your code to make the code hard to read. It does not change how it compiles. The Reflection database is also obfuscated, so code reflection at runtime is also harder.
If your actions inspire others to dream more, learn more, do more and become more, you are a leader." - John Quincy Adams
You must accept one of two basic premises: Either we are alone in the universe, or we are not alone in the universe. And either way, the implications are staggering” - Wernher von Braun -
Nope, but outsourcing is cheaper.
Light moves faster than sound. That is why some people appear bright, until you hear them speak. List of common misconceptions
Well played, sir!
-
Nope, but outsourcing is cheaper.
Light moves faster than sound. That is why some people appear bright, until you hear them speak. List of common misconceptions
Jörgen Andersson wrote:
Nope, but outsourcing is cheaper
I am kind of "dense" here just after 7am (GMT + 7), and my brain is not yet fully caffeinated ... but ... Are you implying that outsourcing is cheaper because: the code you get back will be already obfuscated by the spaghetti-code style of the outsourcerer (outsorcerer ?) you hired on the cheap ? :) best, Bill
"The greatest mystery is not that we have been flung at random between the profusion of matter and of the stars, but that within this prison we can draw from ourselves images powerful enough to deny our nothingness." Andre Malraux
-
Obfuscation just changes the identifiers in your code to make the code hard to read. It does not change how it compiles. The Reflection database is also obfuscated, so code reflection at runtime is also harder.
If your actions inspire others to dream more, learn more, do more and become more, you are a leader." - John Quincy Adams
You must accept one of two basic premises: Either we are alone in the universe, or we are not alone in the universe. And either way, the implications are staggering” - Wernher von Braunahmed zahmed wrote:
The Reflection database is also obfuscated, so code reflection at runtime is also harder.
Hi Ahmed, could you say a bit more about this ? To me your statement implies there will a cost (one-time ?) as the reflection database is "un-obfuscated:" am I interpreting your remark correctly ? thanks, Bill
"The greatest mystery is not that we have been flung at random between the profusion of matter and of the stars, but that within this prison we can draw from ourselves images powerful enough to deny our nothingness." Andre Malraux
-
ahmed zahmed wrote:
The Reflection database is also obfuscated, so code reflection at runtime is also harder.
Hi Ahmed, could you say a bit more about this ? To me your statement implies there will a cost (one-time ?) as the reflection database is "un-obfuscated:" am I interpreting your remark correctly ? thanks, Bill
"The greatest mystery is not that we have been flung at random between the profusion of matter and of the stars, but that within this prison we can draw from ourselves images powerful enough to deny our nothingness." Andre Malraux
For staticly implemented (not sure if this is the right term; I'm thinking of code where the reflection names are set at compile time) reflection within the lump of obfuscated code there shouldn't be a problem with a well written obfuscator since it should be smart enough to detect where reflection is taking place and replace the strings containing method/etc names with their obfuscated equivalents. In order do reflection based on runtime input you need to leave the names un-obfuscated. OTOH most code protection tools I've looked at go beyond just obfuscating names and do things to make reflection tools fail to show any code at all. And on the gripping hand, most of those companies also sell anti-obfuscating reflection tools that claim to be able to break everyone elses protection. I've not verified the latter claim however. Make of this what you will, and remember that if nothing else, a determined attacker can always capture the x86 machine code the jitter creates and work on it with a native debugger. At best you can only make your app as difficult to reverse engineer as if it was written as native C++ code.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
Jörgen Andersson wrote:
Nope, but outsourcing is cheaper
I am kind of "dense" here just after 7am (GMT + 7), and my brain is not yet fully caffeinated ... but ... Are you implying that outsourcing is cheaper because: the code you get back will be already obfuscated by the spaghetti-code style of the outsourcerer (outsorcerer ?) you hired on the cheap ? :) best, Bill
"The greatest mystery is not that we have been flung at random between the profusion of matter and of the stars, but that within this prison we can draw from ourselves images powerful enough to deny our nothingness." Andre Malraux
I think your coffee works just fine. :)
Light moves faster than sound. That is why some people appear bright, until you hear them speak. List of common misconceptions
-
ahmed zahmed wrote:
The Reflection database is also obfuscated, so code reflection at runtime is also harder.
Hi Ahmed, could you say a bit more about this ? To me your statement implies there will a cost (one-time ?) as the reflection database is "un-obfuscated:" am I interpreting your remark correctly ? thanks, Bill
"The greatest mystery is not that we have been flung at random between the profusion of matter and of the stars, but that within this prison we can draw from ourselves images powerful enough to deny our nothingness." Andre Malraux
What Dan said.
If your actions inspire others to dream more, learn more, do more and become more, you are a leader." - John Quincy Adams
You must accept one of two basic premises: Either we are alone in the universe, or we are not alone in the universe. And either way, the implications are staggering” - Wernher von Braun
