OverLoad It » C Sharp/C#

.NET code protection and obfuscators

hitech — Mon, 02 Mar 2009 02:28:12 +0000

What Obfuscator ? As you can see i am checking my options and i have to make a choice as soon as my application is ready for prime time.

So, i want to protect my IP (Intelectual Property), I spend days thinking of methods that do this and that and there is nothing i can do to hide that IL…

In short, the CLR has to execute this thing, and so can the deassembler and the free reflector decompiler, if not then there is always salamander.

Holy crap, Boomerang was useless when i wrote native, it was an excellent decompiler of X86 code, but X86 was much more complicated than IL (that i can comprehend without even decompiling) !

So, what options do i have ?

First, Revert back to C++ (Yes, this is where i will go as soon as i know i am master of C#) so that i dont feel left behind when they say i tell the GC to do this right after that and then bam, i reallocate the object blah on the microsoft heap…
A childish reason to hold off going back to C++ for some time, but then again, it is not just the bragging, i really want to know what is on the other side, especially with MONO around.

Second, See what automated tools exist for converting IL to C++ (Holy crap, you can do that), up to now i found a single tool that can do that and it is free…. Codeplex CorssNet, So my dreams of a factory precompiler could come true finally (But i have not tested it yet).

Third, Learn as much as possible about this new Phoenix from Micro$oft. it should have some answers !

See what options i have concerning obfuscators and put them here…

First, the free guys.

Aspose.Obfuscator	Aspose	free with no support, But not clear from website what is free and what you need to pay for, The things you must pay for don’t have a price tag, you need to contact author
Babel	Alberto Ferrazzoli	Based on Microsoft Phoenix framework, will have to look into this a bit more before final remarks
Google Obfuscar	google	Obfuscar is a basic obfuscator for .NET assemblies. It uses massive overloading to rename metadata in .NET assemblies (including the names of methods, properties, events, fields, types and namespaces) to a minimal set, distinguishable in most cases only by signature. the truth is, they got it right when they said basic, What they are offering doesn’t protect what i need, Skipping…
Phoenix Protector	NTCore	Not bad for freeware.. But not the best of the free category, Also based on Phoenix, Skipping
SharpObfuscator	CodePlex	Maybe there CrossNet but not this one
Goliath .NET Obfuscator	Cantelmo Software
LSW IL-Obfuscator	Lesser-Software
Eazfuscator.NET	Oleksiy Gapotchenko	Claims to be the best… nice website design, but this is not very high on my chec it out list
Assemblur	Metapropeller	Free, Not maintained since 2008-04-24, the BUY link is there but not active so i wouldn’t know how things work

Or maybe i want to use the one that comes with my Visual Studio 2008

Dotfuscator Community

PreEmptive Solutions

And taking a look at those non free obfuscators ! that i will resort as i look into them, putting the most note worthy first

Salamander .NET Protector	Remotesoft	$1,899 1-5 developers	They claim to generate X86 or platform specific instructions from your IL, Further more, it offers code, string and resource encryption, and therefore, it provides even better protection than native C/C++ code. Sounds like a plan to me, but i need to investigate further, if they plan to embed native in managed, i want to know if i can expect memory leaks etc… Also, what advantages does it have over CodePlex CrossNet ? that free lovely C++ maker seems to do the same thing as an end result and it is free ! For savings of $1900 i would gladly spend the day fixing the generated C++.
ThinApp	vmware	$4,995+	From VMWARE: ThinApp also protects against hacking and disassembly. Rather than using obfuscation, ThinApp instead encrypts the .NET Program inside of secure loader which prevents disassembly. The resulting EXE no longer appears to be a .NET Program so codedisassemblers are unable to decrypt the program stored inside. I would say, it is a matter of time till this thing is broken easy, it is based on the limited IL set and therefore, all it takes to have this broken is to get one fancy software that deploys it on the market, and then the reverse engineers have a reason to crack it. no Go for me i would say.
Dotfuscator Professional	PreEmptive Solutions		Overload-InductionTM renaming system seems to be identical in concept to what salamender has to offer, Designed to stop even the best of decompilers from producing useful output (Now that was more of self praise than a fact) String encryption Several predefined renaming schemes including unprintable characters (Is that safe for all platforms) ? Software Wattermarking – Nothing about this other than to hide customer identification or copyright information within software applications, nothing about how it functions Makes application size smaller (How about speed), What’s the catch ?
Salamander .NET Obfuscator	Remotesoft	$799	They protect you from themselves that’s for sure, If it is going to crash the ILDASM i wouldn’t take that as a guarentee, getting to the IL is not rocket science without LDASM
C# Source Code Obfuscator	Semantic Designs	$200
AssemblyLockbox	Gibwo	$49.95/month service
CliSecure	SecureTeam	call vendor
CodeArmor .NET	v.i. labs	call vendor
CodeVeil	Xheo	$899
Decompiler.NET	Jungle Creatures	$550
DeepSea Obfuscator	TallApplications BV	$299
Demeanor for .NET	Wise Owl	$799
Deploy.NET	Jungle Creatures	$750
DNGuard HVM	ZiYuXuan Studio	$899
dotNet Protector	pvlog	€300+
.NET Reactor	Eziriz	$179
Obfuscator.NET	Macrobject	$199
PC Guard for .NET	SofPro	€399
Postbuild .NET Obfuscator	Xenocode	$1599 for 5
QND-Obfuscator	Desaware	$39.95
Skater .NET Obfuscator	Rustemsoft	$99+
smartassembly	Cachupa	$399+
Spices.Net Obfuscator	9rays.net	$699

Pro C# 2008 and the .NET platform

hitech — Thu, 12 Feb 2009 09:54:37 +0000

So, i went and got this book, everyone has such positive reviews about it.

To begin with, this is by no means a bad book, It can also take you there if you know any sort of Object oriented programming, or even if you code in a procedural language (C or PHP 4) for example, but surely if you are an OO programmer you can go faster.

I have always done C, C++, PHP, and i feel like i know a big bunch more, but really, the only ones i am really good at are the ones i mentioned here, Unless you like to call SQL a programming language you can consider them 4, And now i am at intermediate level C#.

C# is more like Java++ (I have a good idea about Java),but everything changes on the .NET when you code for efficiency and the like.

Our friend Andrew Troelsen does a lovely Job explaining things that you would otherwise google out, the questions that come to a long time developer’s mind are answered on the spot.

Some are criticizing the book for 2 reasons, the first is that it explains SQLDataSource rather than the new objectdatasource, Others criticize it for missing the cryptographic features in .NET (security and crytography namespaces), I agree with the 2 above fully, No doubt Andrew Troelsen should have explained those in Length.

As to all the other reviews i found online, I totally disagree, here are the points

–Takes 2 long to read

You are learning something new, C# is not small, what do you expect

–Expects you to already know Object Oriented

Not true, in chapter 4 one single page says, if you don’t know OO come back here after you finish chapter 5, and really, i think this is the best way to do it.

–I already do C# and i wanted to be updated, i only need 25% of this book

Really, he wasen’t targetting you alone as an audience, it did the job for you, you can go faster on what you already know, and he did the job fine for all other programmers of all sorts

–Useful but no advanced material. Bloated writing style

You can’t be serious, “the depth is limited and for those areas with which I was familiar, there was little new.” So it seems you are already master of C# why read this book ?

The book explains pleanty about new things in .NET 3.5, or is it that the sound of your own voice soothes you when you say “As a professional programmer”….

– Real hard topics (Understanding Object lifetime, Behind the scenes of Linq etc.) are more like touch and go type

It says PRO in the title, what do you expect… and i think the hard parts are explained in a very nice fashion

–Maybe a little disappointing the examples

The examples are simple and quick. the best kind i know

C Sharp

hitech — Tue, 10 Feb 2009 09:34:06 +0000

So, i am not really happy about this C# thing, although i have to learn it i don’t get the idea behind this .NET framework, i discovered all about salamander and all the decompilers out there.

I don’t even understand how Microsoft can claim Virtual Machine running your code can be faster than native code, for one thing i know, if this is true then they have not put enough effort on the native compiler.

Easy, straight forward, if you want me to stay here, you need to give me means of pre-jitting my software at the factory before i ship, Not as the user installs !

IP, Speed, Compatibility, Support for those extra processor flags i learned to love, What’s wrong with you Microsoft !