Obfuscation of Your .NET Application Code

Developers find themselves in a situation in which they have to secure code through Obfuscation -- a term that is defined as "technique to complicate code so that they are hard to be reverse-engineered". Although .Net assemblies are the easiest to be hacked, on a lighter note, someone also said: "The only things that hackers don't get are the comments!"

Wikipedia defines Obfuscated code in a precise manner: "Obfuscated code is source or machine code that has been made difficult to understand for humans. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. "

Microsoft .Net architecture's fundamental principle is to convert all of its language code to MSIL (Microsoft Intermediate Language) that contains a good level of metadata that describes members, types and other code blocks that help many to recover the original code. Hence tools like Reflector can easily decompile compiled .net assemblies and provide us source code. And this source code is re-compliable!

The argument whether one should obfuscate code so as to protect the intellectual property is often debatable. Software companies choose to do this for tools they create so as not to lose business. Others simply choose to reside their secret code on the servers and ask Clients to get their requests processed on the servers. You might also be interested to know that the company which now owns Reflector (a popular tool for exploring and decompile assemblies) also provides us the SmartAssembly - a .Net obfuscator.

An obfuscator tool does the work for you. And following are the key features that an obfuscator tool should possess:

  1. Restructuring of code
  2. Encryption of textual - string information in the code
  3. Encryption of resource files such as images, icons, and any other propriety information

You don't have to look out for new ones, as one of the Obfuscators is packaged with Visual studio. The latest version of Visual studio now has the Dotfuscator Software services with it for free.

The Dotfuscator Software Services can be launched from the Tools menu. All you have to do is, start the obfuscator service and add assemblies that you need to obfuscate. Then choose the Build option from the tool. It will ask you save this obfuscated project. Once built, it would save it in the project location. The following figure provides a clear cut - explanation.

Start the obfuscator service and add assemblies that you need to obfuscate
Figure 1: Start the obfuscator service and add assemblies that you need to obfuscate

Do not forget to read the interesting article titled "Thwart Reverse Engineering of Your Visual Basic .NET or C# Code " by Gabriel Torok and Bill Leach which explains the 2003 version of dotfuscator tool and its essential techniques.

Visual basic developer center also hosts a series of videos in this regard.

Thanks for reading!

References:

Obfuscated code

Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

Dotfuscator Software Services in Visual Studio 2010



About the Author

Srinath M S

I would love to leave a footprint in this flat world

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: December 11, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT Market pressures to move more quickly and develop innovative applications are forcing organizations to rethink how they develop and release applications. The combination of public clouds and physical back-end infrastructures are a means to get applications out faster. However, these hybrid solutions complicate DevOps adoption, with application delivery pipelines that span across complex hybrid cloud and non-cloud environments. Check out this …

  • On-demand Event Event Date: October 29, 2014 It's well understood how critical version control is for code. However, its importance to DevOps isn't always recognized. The 2014 DevOps Survey of Practice shows that one of the key predictors of DevOps success is putting all production environment artifacts into version control. In this webcast, Gene Kim discusses these survey findings and shares woeful tales of artifact management gone wrong! Gene also shares examples of how high-performing DevOps …

Most Popular Programming Stories

More for Developers

RSS Feeds