Login/Register
How does Dotfuscator work?
Asked Answered
Solved c#.netobfuscationdotfuscator
M

7

9

How does Dotfuscator work? I tried obfuscate some of my classes and it renamed the methods/class to a, b, c etc. But I can still see the code inside those methods? Is it that, I am doing something wrong?

Is there anything that would prevent a totally block deassembling my assembly?

Mitziemitzl answered 17/8, 2009 at 13:49 Comment(0)
H
7

That is the way it is supposed to work. Your code is still accessible, just more difficult to understand. If you want something "stronger", take a look at Xenocode PostBuild.

Hemisphere answered 17/8, 2009 at 13:51 Comment(6)
Make sure you understand the differences between plain obfuscation and some of the options that PostBuild has (like the native binary support). You lose a lot of the flexibility of the .NET framework with native binaries.Hemisphere
Would Xenocode affect the speed/size of the program? Does it compile the application to 100 % native binary, aka almost impossible to decompile?Giff
It will affect the speed/size of the program. From the PostBuild site: "Native executable generation: PostBuild allows for the creation of a native x86 executable allowing your application to run, with or without a .NET Framework installed." You would end up with something that would be indistinguishable from an application written with unmanaged C++. However, you lose all the portability advantages of using the .NET Framework.Hemisphere
lose portability.. who really cares about that? You just recompile for the new platform, just like we used to do.Sectorial
Does Xenocode in fact compile application to native code? I thought it encrypts program with all dependencies and packs it into .exe file. During program execution, it extracts and executes the same .NET assemblies. Am I wrong here?Jordan
(It doesn't need framework installed, because all relevant framework binaries are also packed into .exe)Jordan
P
13

Code obfuscation goes well beyond simple renaming of classes, members and variables, though that's an important part of it.

For example, Dotfuscator uses a patented technique called overload induction, where many methods are renamed to the same name (this is possible as long as they have different signatures). PreEmptive solutions cite cases where a third of all methods in the code are renamed to a(). Other techniques involve rewriting simple iterations as recursion, as well as code morphing.

Actually, modern obfuscation techniques are perfectly adequate for making code virtually impossible to reverse-engineer, at least by hand. While it is true that .NET assemblies can never be RE-safe in principle, obfuscation can provide a pretty formidable barrier.

For most of us, that's enough.

Pepillo answered 17/8, 2009 at 14:24 Comment(0)
H
7

That is the way it is supposed to work. Your code is still accessible, just more difficult to understand. If you want something "stronger", take a look at Xenocode PostBuild.

Hemisphere answered 17/8, 2009 at 13:51 Comment(6)
Make sure you understand the differences between plain obfuscation and some of the options that PostBuild has (like the native binary support). You lose a lot of the flexibility of the .NET framework with native binaries.Hemisphere
Would Xenocode affect the speed/size of the program? Does it compile the application to 100 % native binary, aka almost impossible to decompile?Giff
It will affect the speed/size of the program. From the PostBuild site: "Native executable generation: PostBuild allows for the creation of a native x86 executable allowing your application to run, with or without a .NET Framework installed." You would end up with something that would be indistinguishable from an application written with unmanaged C++. However, you lose all the portability advantages of using the .NET Framework.Hemisphere
lose portability.. who really cares about that? You just recompile for the new platform, just like we used to do.Sectorial
Does Xenocode in fact compile application to native code? I thought it encrypts program with all dependencies and packs it into .exe file. During program execution, it extracts and executes the same .NET assemblies. Am I wrong here?Jordan
(It doesn't need framework installed, because all relevant framework binaries are also packed into .exe)Jordan
M
4

you can't block a de-assembling in .net

Machzor answered 17/8, 2009 at 13:51 Comment(3)
-1: You can block de-assembling, take a look at my answer. Using Xenocode PostBuild you can compile your .NET application into a native binary.Hemisphere
@Jon, then it's not .net anymore, the point is with 100% .net exe, you cannot block itMachzor
The OP says "Is there anything that would prevent a totally block deassembling my assembly?" and the answer is yes, there is.Hemisphere
K
2

Unfortunately, there is no way to prevent somebody reflecting your assembly and dissasembling it down to your source code. Obfuscation tools like Dotfuscator will make it significantly harder for somebody to actually read the disassembled code, where virtually all human-readable names can be replaced by meaningless symbols.

If you are releasing your code anywhere, if somebody is determined enough they will be able to reverse-engineer it. The best you can do is make it not worth their time to do so.

Kidron answered 17/8, 2009 at 13:59 Comment(0)
E
2

The version that comes with Visual Studio is limited and I wouldn't rely on it for full-scale obfuscation if you need to deploy something to customer sites. A free one that you might want to look at is Eazfuscator.net.

Edition answered 17/8, 2009 at 14:18 Comment(0)
B
1

Dotfuscator simply makes the decompiled source harder to read - it doesn't prevent decompilation itself.

Basket answered 17/8, 2009 at 13:51 Comment(0)
S
1

if you have Professional or Gold Dotfuscator you can block Reflector program from opening your assebmlies.

Sirloin answered 17/8, 2009 at 13:58 Comment(2)
If that is done you can use ILDASM to disassemble the code, then remove the "don't show my code" attribute, then ILASM it back. Reflector will let you see it now. :)Kowatch
Professional or Gold also supports code obfuscation which makes code very hard to readYep

© 2022 - 2024 — McMap. All rights reserved.