Obfuscation of Your .NET Application Code

Developers find themselves in a situation in which they have to secure code through Obfuscation -- a term that is defined as "technique to complicate code so that they are hard to be reverse-engineered". Although .Net assemblies are the easiest to be hacked, on a lighter note, someone also said: "The only things that hackers don't get are the comments!"

Wikipedia defines Obfuscated code in a precise manner: "Obfuscated code is source or machine code that has been made difficult to understand for humans. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. "

Microsoft .Net architecture's fundamental principle is to convert all of its language code to MSIL (Microsoft Intermediate Language) that contains a good level of metadata that describes members, types and other code blocks that help many to recover the original code. Hence tools like Reflector can easily decompile compiled .net assemblies and provide us source code. And this source code is re-compliable!

The argument whether one should obfuscate code so as to protect the intellectual property is often debatable. Software companies choose to do this for tools they create so as not to lose business. Others simply choose to reside their secret code on the servers and ask Clients to get their requests processed on the servers. You might also be interested to know that the company which now owns Reflector (a popular tool for exploring and decompile assemblies) also provides us the SmartAssembly - a .Net obfuscator.

An obfuscator tool does the work for you. And following are the key features that an obfuscator tool should possess:

  1. Restructuring of code
  2. Encryption of textual - string information in the code
  3. Encryption of resource files such as images, icons, and any other propriety information

You don't have to look out for new ones, as one of the Obfuscators is packaged with Visual studio. The latest version of Visual studio now has the Dotfuscator Software services with it for free.

The Dotfuscator Software Services can be launched from the Tools menu. All you have to do is, start the obfuscator service and add assemblies that you need to obfuscate. Then choose the Build option from the tool. It will ask you save this obfuscated project. Once built, it would save it in the project location. The following figure provides a clear cut - explanation.

Start the obfuscator service and add assemblies that you need to obfuscate
Figure 1: Start the obfuscator service and add assemblies that you need to obfuscate

Do not forget to read the interesting article titled "Thwart Reverse Engineering of Your Visual Basic .NET or C# Code " by Gabriel Torok and Bill Leach which explains the 2003 version of dotfuscator tool and its essential techniques.

Visual basic developer center also hosts a series of videos in this regard.

Thanks for reading!

References:

Obfuscated code

Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

Dotfuscator Software Services in Visual Studio 2010



About the Author

Srinath M S

I would love to leave a footprint in this flat world

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Snapshot-based data protection solutions were supposed to solve our backup challenges, weren't they? Then why are your backups still broken? Many issues with snapshots point to a need for better snapshot creation and management capabilities, to make backup and recovery more intelligent and more likely to succeed. If your snapshots are manually managed or of the "build-it-yourself" variety, there may be several reasons that they aren't working very well. Read this white paper to learn the five reasons why your …

  • Gain buy-in, choose the right tools, and encourage employees to participate. Whether you need help introducing social media or making your efforts more successful, this is the guide for you. It contains 140 tips in tweet form (140 characters or less) with ideas for promoting social media, deciding which venues to use, and encouraging participation. Plus, the guide contains links to social media statistics, informative websites, and other resources.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date