Obfuscation of Your .NET Application Code

Developers find themselves in a situation in which they have to secure code through Obfuscation -- a term that is defined as "technique to complicate code so that they are hard to be reverse-engineered". Although .Net assemblies are the easiest to be hacked, on a lighter note, someone also said: "The only things that hackers don't get are the comments!"

Wikipedia defines Obfuscated code in a precise manner: "Obfuscated code is source or machine code that has been made difficult to understand for humans. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. "

Microsoft .Net architecture's fundamental principle is to convert all of its language code to MSIL (Microsoft Intermediate Language) that contains a good level of metadata that describes members, types and other code blocks that help many to recover the original code. Hence tools like Reflector can easily decompile compiled .net assemblies and provide us source code. And this source code is re-compliable!

The argument whether one should obfuscate code so as to protect the intellectual property is often debatable. Software companies choose to do this for tools they create so as not to lose business. Others simply choose to reside their secret code on the servers and ask Clients to get their requests processed on the servers. You might also be interested to know that the company which now owns Reflector (a popular tool for exploring and decompile assemblies) also provides us the SmartAssembly - a .Net obfuscator.

An obfuscator tool does the work for you. And following are the key features that an obfuscator tool should possess:

  1. Restructuring of code
  2. Encryption of textual - string information in the code
  3. Encryption of resource files such as images, icons, and any other propriety information

You don't have to look out for new ones, as one of the Obfuscators is packaged with Visual studio. The latest version of Visual studio now has the Dotfuscator Software services with it for free.

The Dotfuscator Software Services can be launched from the Tools menu. All you have to do is, start the obfuscator service and add assemblies that you need to obfuscate. Then choose the Build option from the tool. It will ask you save this obfuscated project. Once built, it would save it in the project location. The following figure provides a clear cut - explanation.

Start the obfuscator service and add assemblies that you need to obfuscate
Figure 1: Start the obfuscator service and add assemblies that you need to obfuscate

Do not forget to read the interesting article titled "Thwart Reverse Engineering of Your Visual Basic .NET or C# Code " by Gabriel Torok and Bill Leach which explains the 2003 version of dotfuscator tool and its essential techniques.

Visual basic developer center also hosts a series of videos in this regard.

Thanks for reading!

References:

Obfuscated code

Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

Dotfuscator Software Services in Visual Studio 2010



About the Author

Srinath M S

I would love to leave a footprint in this flat world

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: October 29, 2014 @ 11:00 a.m. ET / 8:00 a.m. PT Are you interested in building a cognitive application using the power of IBM Watson? Need a platform that provides speed and ease for rapidly deploying this application? Join Chris Madison, Watson Solution Architect, as he walks through the process of building a Watson powered application on IBM Bluemix. Chris will talk about the new Watson Services just released on IBM bluemix, but more importantly he will do a step by step cognitive …

  • Live Event Date: November 20, 2014 @ 2:00 p.m. ET / 11:00 a.m. PT Are you wanting to target two or more platforms such as iOS, Android, and/or Windows? You are not alone. 90% of enterprises today are targeting two or more platforms. Attend this eSeminar to discover how mobile app developers can rely on one IDE to create applications across platforms and approaches (web, native, and/or hybrid), saving time, money, and effort and introducing apps to market faster. You'll learn the trade-offs for gaining long …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds