Obfuscation of Your .NET Application Code

Developers find themselves in a situation in which they have to secure code through Obfuscation -- a term that is defined as "technique to complicate code so that they are hard to be reverse-engineered". Although .Net assemblies are the easiest to be hacked, on a lighter note, someone also said: "The only things that hackers don't get are the comments!"

Wikipedia defines Obfuscated code in a precise manner: "Obfuscated code is source or machine code that has been made difficult to understand for humans. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. "

Microsoft .Net architecture's fundamental principle is to convert all of its language code to MSIL (Microsoft Intermediate Language) that contains a good level of metadata that describes members, types and other code blocks that help many to recover the original code. Hence tools like Reflector can easily decompile compiled .net assemblies and provide us source code. And this source code is re-compliable!

The argument whether one should obfuscate code so as to protect the intellectual property is often debatable. Software companies choose to do this for tools they create so as not to lose business. Others simply choose to reside their secret code on the servers and ask Clients to get their requests processed on the servers. You might also be interested to know that the company which now owns Reflector (a popular tool for exploring and decompile assemblies) also provides us the SmartAssembly - a .Net obfuscator.

An obfuscator tool does the work for you. And following are the key features that an obfuscator tool should possess:

  1. Restructuring of code
  2. Encryption of textual - string information in the code
  3. Encryption of resource files such as images, icons, and any other propriety information

You don't have to look out for new ones, as one of the Obfuscators is packaged with Visual studio. The latest version of Visual studio now has the Dotfuscator Software services with it for free.

The Dotfuscator Software Services can be launched from the Tools menu. All you have to do is, start the obfuscator service and add assemblies that you need to obfuscate. Then choose the Build option from the tool. It will ask you save this obfuscated project. Once built, it would save it in the project location. The following figure provides a clear cut - explanation.

Start the obfuscator service and add assemblies that you need to obfuscate
Figure 1: Start the obfuscator service and add assemblies that you need to obfuscate

Do not forget to read the interesting article titled "Thwart Reverse Engineering of Your Visual Basic .NET or C# Code " by Gabriel Torok and Bill Leach which explains the 2003 version of dotfuscator tool and its essential techniques.

Visual basic developer center also hosts a series of videos in this regard.

Thanks for reading!

References:

Obfuscated code

Thwart Reverse Engineering of Your Visual Basic .NET or C# Code

Dotfuscator Software Services in Visual Studio 2010



About the Author

Srinath M S

I would love to leave a footprint in this flat world

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: September 10, 2014 Modern mobile applications connect systems-of-engagement (mobile apps) with systems-of-record (traditional IT) to deliver new and innovative business value. But the lifecycle for development of mobile apps is also new and different. Emerging trends in mobile development call for faster delivery of incremental features, coupled with feedback from the users of the app "in the wild." This loop of continuous delivery and continuous feedback is how the best mobile …

  • Information is data with context. The era of Big Data has begun demonstrating to information security that there is more that can, and must, be done to identify threats, reduce risk, address fraud, and improve compliance monitoring activities by bringing better context to data and thereby creating information for actionable intelligence. This analyst report sets the stage and provides insights into IT and information security practitioners' perceptions of the impediments to, and the solutions necessary for, …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds