how do you check the quality of your obfuscation of a .net assembly?
-
That wouldn't really work, unless you have Reflexil and deobfuscate first. Also try some stand-alone deobfuscators. If the decompiled code still sucks after that, then ok. If not, then any script kiddie can undo the obfuscation that you hopefully didn't pay too much for.
great info. thanks a million. could you name a few stand-alone deobfuscators?
diligent hands rule....
-
great info. thanks a million. could you name a few stand-alone deobfuscators?
diligent hands rule....
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
Most code I've seen doesn't need to be obfuscated by programs. The original authors obviously did a lot of work to make it as hard to read as possible... :sigh:
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
-
Most code I've seen doesn't need to be obfuscated by programs. The original authors obviously did a lot of work to make it as hard to read as possible... :sigh:
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
:laugh: :laugh: :laugh: :laugh: :thumbsup:
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
Another example of self-obfuscation I'd seen in a program: There's a variable named
distance, signifying distance. A few lines later, this is converted to a 'rate-per-unit-time' entity, and the samedistancenow represents velocity/speed. Few more lines later, this gets further converted similarly, and it represents acceleration; variable name is stilldistance. In essence, I need to understand the significance ofdistancebased on the line of code I am currently seeing. -
Most code I've seen doesn't need to be obfuscated by programs. The original authors obviously did a lot of work to make it as hard to read as possible... :sigh:
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
:laugh: I was thinking the same thing! BTW, a few hours ago I checked in here and found the lounge completely empty! No messages, nothing...no soapbox, no hall of shame weird and wonderful...QA, though was still working though. I had started to wonder if we were just starting over or something. Oh well, good to see all is back to normal. :omg: ...or maybe it was just me? :confused:
"Go forth into the source" - Neal Morse
-
:laugh: I was thinking the same thing! BTW, a few hours ago I checked in here and found the lounge completely empty! No messages, nothing...no soapbox, no hall of shame weird and wonderful...QA, though was still working though. I had started to wonder if we were just starting over or something. Oh well, good to see all is back to normal. :omg: ...or maybe it was just me? :confused:
"Go forth into the source" - Neal Morse
The site had a critical system error, causing all sorts of grief for people (I couldn't log in, and the forgot password Captcha didn't work at all. I contacted Chris, and he mentioned the issue).
What do you get when you cross a joke with a rhetorical question? --- The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. --- Do questions with multiple question marks annoy you???
-
:laugh: I was thinking the same thing! BTW, a few hours ago I checked in here and found the lounge completely empty! No messages, nothing...no soapbox, no hall of shame weird and wonderful...QA, though was still working though. I had started to wonder if we were just starting over or something. Oh well, good to see all is back to normal. :omg: ...or maybe it was just me? :confused:
"Go forth into the source" - Neal Morse
kmoorevs wrote:
BTW, a few hours ago I checked in here and found the lounge completely empty!
Saturday? A lot of us here don't post during the day on the weekends, I'm guessing.
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
Just use Java. Its objectfuscation makes it impenetrable to even the most valiant code-breakers.
I wanna be a eunuchs developer! Pass me a bread knife!
-
:laugh: I was thinking the same thing! BTW, a few hours ago I checked in here and found the lounge completely empty! No messages, nothing...no soapbox, no hall of shame weird and wonderful...QA, though was still working though. I had started to wonder if we were just starting over or something. Oh well, good to see all is back to normal. :omg: ...or maybe it was just me? :confused:
"Go forth into the source" - Neal Morse
kmoorevs wrote:
the lounge completely empty
I figure, there is no lounge :laugh:
kmoorevs wrote:
no soapbox, no hall of shame weird and wonderful...QA
What do you mean? They're not real...
kmoorevs wrote:
good to see all is back to normal
Alright, this has gone on long enough. There is no lounge, no QA, no CodeProject... They're all figments of your imagination. What you experienced was one of your brighter moments where you almost realized you live in a fantasy world and was about to snap out of it :sigh: We're increasing your therapy.
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
I once used an obfuscator that prevented both ILDasm and Reflector from even opening the assemblies. It removed the headers. I'm not sure how it got to bind the assemblies without the headers, but I think it would go further on making it harder to unobfuscate the assemblies.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
-
great info. thanks a million. could you name a few stand-alone deobfuscators?
diligent hands rule....
Try also this... http://ilspy.net/[^]
NKS
-
Try also this... http://ilspy.net/[^]
NKS
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
It feels funny to me to obfuscate a user control. What is there to keep secret? Usually people obfuscate important algorithms. Admitted, to break an obfuscation, an attacker will try to start fooling around with user controls and see what modifications that does to the execution of the application. People with need for strong obfuscations normally do not obfuscate byte code languages. These have a tendency to be easy to de-obfuscate. Strong obfuscations are done on machine code programs. I'm doing obfuscations for business. Like the original poster I would love to know the quality of obfuscations. I bet my obfuscations are unbreakable by amateurs. But how can you find out security against sophisticated attackers? The solution is to pay a readteam. However,for my startup, I would not have the slightest idea where to take the money from. Maybe somebody might try it as a challenge or a crackme, just for bragging rights. But then. if somebody posts an opinion, how much would you believe it? Chris Chris Jacobi Founder White Hawk Software www.whitehawksoftware.com
-
my assembly is .NET user control in C#. after I obfuscate it, I want to check how good is the obfuscation. So I used Red-gate Reflector to check class, method etc. What is your way to check the quality of obfuscation of a .net assembly?
diligent hands rule....
I open the binaries in ILSpy and if ILSpy doesn't throw an exception then the obfuscation is not good enough
-
I once used an obfuscator that prevented both ILDasm and Reflector from even opening the assemblies. It removed the headers. I'm not sure how it got to bind the assemblies without the headers, but I think it would go further on making it harder to unobfuscate the assemblies.
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
-
ILSpy is the open-source .NET assembly browser and decompiler. If you have a c# DLL File or EXE, you can save decompiled assembly as .csproj and Assembly as C# Project.
NKS
-
thanks. it is great tool.
diligent hands rule....
-
ILSpy is the open-source .NET assembly browser and decompiler. If you have a c# DLL File or EXE, you can save decompiled assembly as .csproj and Assembly as C# Project.
NKS
I am using it right now besides some others..
diligent hands rule....
-
It feels funny to me to obfuscate a user control. What is there to keep secret? Usually people obfuscate important algorithms. Admitted, to break an obfuscation, an attacker will try to start fooling around with user controls and see what modifications that does to the execution of the application. People with need for strong obfuscations normally do not obfuscate byte code languages. These have a tendency to be easy to de-obfuscate. Strong obfuscations are done on machine code programs. I'm doing obfuscations for business. Like the original poster I would love to know the quality of obfuscations. I bet my obfuscations are unbreakable by amateurs. But how can you find out security against sophisticated attackers? The solution is to pay a readteam. However,for my startup, I would not have the slightest idea where to take the money from. Maybe somebody might try it as a challenge or a crackme, just for bragging rights. But then. if somebody posts an opinion, how much would you believe it? Chris Chris Jacobi Founder White Hawk Software www.whitehawksoftware.com
inside my user control I do have some algorithms to protect. I checked your website, but not see product yet...
diligent hands rule....
