Best Product to Obfuscate a Mixed .NET DLL [closed]
Asked Answered
G

2

8

I have a .NET DLL and application. The DLL is written in C++/CLI and it's "mixed", i.e., partially managed code and partially native.

I have two goals:
1. Obfuscate all the managed code so it can't be disassembled
2. Obfuscate the public methods/classes of the mixed DLL so no one can use the DLL in their own applications, i.e., scramble the public names.

Yes, I understand obfuscation isn't perfect and people can still figure it out and blah blah. The two goals are a management requirement. The only app I've found that can handle this appears to be the Dotfuscator Professional Edition. Unfortunately it is one of those incredibly annoying apps where you have to beg a salesman to tell you the price. Does anyone know of a another solution, or know of a good place to buy a cheap, legal copy?

Don't tell me to rewrite the DLL in managed code, that would take a month of work and I'd never get approval. :-)

Note that I'm not particularly paranoid about how good the obfuscation is. Anything that scrambles the names of all the methods and classes in the app is probably good enough.

Here are the other obfuscators I have tried:

  • Dotfuscator Community Edition comes with Visual Studio 2008 but doesn't support mixed assemblies.

  • Eazfuscator .NET is simple and free but doesn't support mixed assemblies.

  • {smartassembly} is $500 for a single license. It has some interesting features, but it doesn't support mixed assemblies.

  • Salamander is $800. Claims to fully support mixed assemblies, but whenever I tried to use the obfuscated dll, the application crashed

  • .NET Reactor is $180 for a single developer license. It supports "partial" obfuscation of mixed DLLs. Unfortunately if you obfuscate the public types on the DLL it doesn't work, the .exe can't find the classes. It has the ability to merge/pack DLLs into an .exe but when you do it with a mixed DLL it doesn't work (the exe can't find the DLL's assembly, even though it's part of the .exe)

  • Skater is $300 for a single license. I don't see anything on their website claiming it supports mixed assemblies and I'm tired of trying apps only to be disappointed so I'm going to assume it doesn't.

I have also tried Microsoft's ILMerge to see if I could merge the DLL with the .exe and then obfuscate, but it appears that also chokes on mixed DLLs.

Any suggestions for an alternative to Dotfuscator or a good place to buy a legitimate copy? I found a couple of no-name sites claiming to sell it cheap but I assume those are Russian pirated versions.

Grishilde answered 16/12, 2008 at 2:33 Comment(4)
Have you tried Demeanor for .NET (by Wize Owl: wiseowl.com/products/products.aspx)? It's a bit pricey but we have been using it since 2002 and so far it was good. We dod not use Demeanor for obfuscating assemblies in mixed mode, though.Pundit
Did you ever get anywhere with this? I myself am currently looking for a mixed c++/cli dll obfuscator.Southeasterly
I believe we ended up going with .NET Reactor by Eziriz (eziriz.com/dotnet_reactor.htm).Grishilde
If it's of any help, we were quoted €1750 for a single developer licence of Dotfuscator last year.Minimus
E
0

I have tried several solutions for the same problem. There isn't a great solution out there for you for this problem. LibZ is a decent alternative to ILMerge. You can probably get cute with just packing the assemblies into the resources of your program then load from memory in regards to the consumed assemblies. If you obfuscate the executable at least this would add yet another level of indirection.

Euclid answered 5/1, 2014 at 1:47 Comment(0)
C
-1

I've use {smartassembly} to merge SlimDX and DirectShow.Net together with my .net program. Both of that is wrtten using C++/CLI. They merged fine on my side. Where did you get the indication that it doesn't support mixed assemblies?

EDIT: I'm not 100% sure, as I myself never use C++\CLI before, but I've written pure C++ apps before. This is what I gather, in the AssemblyInfo.cpp file of SlimDX, there's a line which configure the assembly like:

[assembly:SecurityPermission(SecurityAction::RequestMinimum, UnmanagedCode = true)];

So, I assume it contain unmanaged code. Or maybe you could tell me what indication should I be looking for to show that it contain unmanaged code.

Btw, I'm using Version 3.0.3063 of {smartassembly}

Counterinsurgency answered 16/12, 2008 at 4:3 Comment(2)
If I try to obfuscate my C++/CLI DLL with {smartassembly} it gives me the error "The assembly "blah" contains non-managed code, which is not supported by {smartassembly}" This is using the latest version of {smartassembly}. Are you sure your C++/CLI app contains unmanaged code?Grishilde
I'm not 100% sure, as I myself never use C++\CLI before, but I've written pure C++ apps before. This is what I gather, in the AssemblyInfo.cpp file of SlimDX, there's a line which configure the assembly with unmanaged codeCounterinsurgency

© 2022 - 2024 — McMap. All rights reserved.