This blog is moved to
http://amalhashim.wordpress.com

Wednesday, May 12, 2010

Obfuscation with Dotfuscator

From wiki

Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering or as a puzzle or recreational challenge for readers. It is a form of security through obscurity. Programs known as obfuscators transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanism.

Managed code compilers (C#, VB.NET, etc) generate IL, not native assembly code. This IL tends to be consistently structured and fairly easy to reverse engineer. Most optimization happens when the IL is JIT-compiled into native code, not during compilation. This means it's pretty easy to take a compiled assembly and de-compile it into source code, using a tool such as Reflector. While this is a non-issue for web scenarios where all the code resides on the server, it's a big issue for some client scenarios, especially ISV applications. These client applications may contain trade secrets or sensitive information in their algorithms, data structures, or data. This is where obfuscation tools come in. Visual Studio ships with the community edition of Dotfuscator, a popular obfuscation package.

How To

From Visual Studio 2010 Tools menu, click Dotfuscator Software Services as shown in the figure below.

image

This will start the obfuscation service. Once you start building the application/library the following form will come up.

image

Right click Dotfuscator1 tree node and select “Add Assemblies”

image

Browse the assembly you want to obfuscate.

image

Once you have selected the assemblies, build it using the Build Menu. If there is no error, then the new output will be obfuscated.

No comments: