Has anyone used RedGate Smart Assembly (or other RedGate tools in general)
-
For obfuscators I recommend DeepSea[^]. The price is good, the quality of obfuscation is quite excellent and their support is top notch, to boot. Don't get me started on RedGate. I lost a lot of respect when they took Reflector and turned it into a failure. Turning it into something rotten was one thing; charging for it was another. You mentioned ILSpy. Have you looked at JetBrains DotPeek? It's free and complete. I found ILSpy a bit lacking in some respects. It's still an excellent tool but being open source (?) I don't think it's moved on very much. JetBrains[^] decompiler is a polished product.
If there is one thing more dangerous than getting between a bear and her cubs it's getting between my wife and her chocolate.
SeptimusHedgehog 151576 wrote:
the quality of obfuscation is quite excellent
How did you verify that? When I'm looking at a third-party project without sources, I tend to use the assemblies the way they are. One doesn't need to deobfuscate them merely to use them. Curious, what is the ROI from that obfuscation-effort?
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
-
I'm looking at a replacement for our current .net obfuscator due to it being hard to use and the developer's support email having turned into a black hole. Of the few tools I've tried so far, RedGate Smart Assembly[^] was the only one I could get to create a working copy of my app out of the box. Probing the results with ILSpy it appears to've hidden everything except the classes that need to be left intact for serialization (this was a major problem with my current tool). :cool::cool::cool: However first impressions can be deceiving and I'm curious if anyone can comment on how it behaved in the long haul.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
Obfuscators are easy to work around. De4dot, for example, is free, opensource, and will deobfuscate all the obfuscators mentioned here (along with many others). If someone has enough skill to do something with the original code, they probably have enough skill to use a deobfuscator.
-
whos developer's support email having turned into a black hole? I'm about to drop a bunch on a certain companies product but am nervous about their support. Could you provide initials or pm me so as to keep me from making a mistake? Thanks. :Ron
company RS, product S. Since there're multiple RS -S tools, for addtional disambiguation the website has flyout menu's that only work in IE, and contact info includes a university alumni email address in addition to RS email addresses.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
Obfuscators are easy to work around. De4dot, for example, is free, opensource, and will deobfuscate all the obfuscators mentioned here (along with many others). If someone has enough skill to do something with the original code, they probably have enough skill to use a deobfuscator.
I, my boss, and the customer the app is for are all aware that obfuscation is breakable. What they want is to make reverse engineering non-trivial, and want the difficulty to be closer to disassembling a native binary (what we'd've used if the paranoia requirement had came at the start instead of several years into the project) than pressing an easy button. The output of SmartAgent and de4dot as viewed in ILSpy or dotPeak is still vile enough to not be human intelligible without a lot of work. Reverse engineering the algorithms by feeding hundreds of test datasets to see what comes out would probably be less painful; and that's as much as we can hope for since the software is going on ordinary PCs not heavily tamper hardened boxes (and even there only a small number of wipe at first sign of trouble boxes would be likely to stop a sufficiently skilled adversary).
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
SeptimusHedgehog 151576 wrote:
the quality of obfuscation is quite excellent
How did you verify that? When I'm looking at a third-party project without sources, I tend to use the assemblies the way they are. One doesn't need to deobfuscate them merely to use them. Curious, what is the ROI from that obfuscation-effort?
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
Eddy Vluggen wrote:
When I'm looking at a third-party project without sources, I tend to use the assemblies the way they are. One doesn't need to deobfuscate them merely to use them.
Would those be libraries with a public API that just don't want you to see how they're implemented? In my case it's a full application being delivered that we want to make reverse engineering as painful as possible. When there's no API, and non-serialized (or etc) classes just look like
class1.method1(), figuring out how to use parts of the whole isn't going to be easy.Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
Funny enough, DeepSea seems to have just recently gone dead. There's a note up on the homepage that says there will be no future releases, and the current version is now unsupported freeware.
That is really surprising and unexpected. I last dealt with them about 18 months ago when it cost roughly £250 for a licence. I recall they had a couple of blokes running it and they couldn't do enough to help me. It's a pity; they really had a passion for the product but like all of us with bills to pay and food to buy, perhaps there wasn't enough money coming in to make it viable. Still, the price now is even better. :)
If there is one thing more dangerous than getting between a bear and her cubs it's getting between my wife and her chocolate.
-
Aside from the Reflector fiasco I don't recall any other bad press about redgate; and I'm generally not the sort to write a company off for a single act of bad judgment. I haven't tried jetbrain's reflector; I stuck with ILSpy since it wouldn't require my learning a new tool because the owner suffered a case of misplaced greed.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
They make good database products. I use their freeware SQL Search add-in in SSMS quite a bit. They were condemned by a lot of people for charging for Reflector. The original Lutz Roeder version was changed at some point to go online where RedGate deactivated the original free version. They hoped it would coerce us into paying for it. I did. Within an hour or two I had endless crashes with it. To be fair, they did refund me the next day but I'd rather have paid for a stable product than plead for my money back for a duff one. Reflector was RedGate's "Vista" moment. I hope they've learned their lesson. They say you have one attempt to make a first impression and to me, RedGate didn't. They did, but for the wrong reason.
If there is one thing more dangerous than getting between a bear and her cubs it's getting between my wife and her chocolate.
-
I'm looking at a replacement for our current .net obfuscator due to it being hard to use and the developer's support email having turned into a black hole. Of the few tools I've tried so far, RedGate Smart Assembly[^] was the only one I could get to create a working copy of my app out of the box. Probing the results with ILSpy it appears to've hidden everything except the classes that need to be left intact for serialization (this was a major problem with my current tool). :cool::cool::cool: However first impressions can be deceiving and I'm curious if anyone can comment on how it behaved in the long haul.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
I've been using Reg-Gates database tools for years and recommend them highly, I have no experience with their other tools but I do believe their core skills are database.
Never underestimate the power of human stupidity RAH
-
That is really surprising and unexpected. I last dealt with them about 18 months ago when it cost roughly £250 for a licence. I recall they had a couple of blokes running it and they couldn't do enough to help me. It's a pity; they really had a passion for the product but like all of us with bills to pay and food to buy, perhaps there wasn't enough money coming in to make it viable. Still, the price now is even better. :)
If there is one thing more dangerous than getting between a bear and her cubs it's getting between my wife and her chocolate.
-
I'm looking at a replacement for our current .net obfuscator due to it being hard to use and the developer's support email having turned into a black hole. Of the few tools I've tried so far, RedGate Smart Assembly[^] was the only one I could get to create a working copy of my app out of the box. Probing the results with ILSpy it appears to've hidden everything except the classes that need to be left intact for serialization (this was a major problem with my current tool). :cool::cool::cool: However first impressions can be deceiving and I'm curious if anyone can comment on how it behaved in the long haul.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
I've used SmartAssembly and Eazfuscator[^], and I've found both to do the job nicely. One of the bonuses of using SmartAssembly is that it also does some extra non-obfuscation related things, like pruning unused classes, error reporting, and lots of other extras. Eazfuscator does't provide that facility, and does provide features I could not get to work property in SmartAssembly, like fine grained control on name mangling. I went with Eazfuscator in the end because it did everything I needed at a reduced price.