You are here
Home > Visual Studio 2012 > Visual Studio 2012 Tips Part 5 – Protect Your Code, Obfuscate

Visual Studio 2012 Tips Part 5 – Protect Your Code, Obfuscate

Fallback Image

Dotfuscator Search Results in Windows 8

In the world of Software Development today, anyone that doesn’t protect their intellectual property is setting themselves up for disaster. Luckily, Visual Studio 2012 (as do previous editions of Visual Studio) comes with a community edition of PreEmptive Dotfuscator and Analytics. To compare the editions and other features available in Dotfuscator and Analytics visit their website.

Therefore, an independent developer can easily provide a basic layer of obfuscation to their code without having to fork out any money. For companies or individuals that really need extra protection, the professional edition of Dotfuscator will provide much more code protection. Just remember, any obfuscation is better than no obfuscation. So where do you start? Well start by going to Tools –> PreEmptive Dotfuscator and Analytics.

Dotfuscator Visual Studio 2012 Menu Option

This will launch the PreEmptive Dotfuscator and Analytics application.

Dotfuscator Visual Studio 2012 Screen

To add your DLL to Dotfuscator, right click on the Dotfuscator node and select ‘Add Inputs’. You can then browse to and select your DLL (or exe).

Visual Studio 2012 Dotfuscator Add Inputs

Once you have done that, your DLL will appear under the Inputs section.

Dotfuscator Input added Visual Studio 2012

With this post, I will only cover the basics of Obfuscation. So without doing anything else, click on the ‘Build Project’ icon.

Dotfuscator visual studio 2012 Build Project

When the build has completed, the build output on the bottom on the screen will notify you of the output location (if you scroll up a bit, you will see that it is usually at the following path C:Users[username]DocumentsDotfuscated), Renamed Types, Methods and Fields.

Dotfuscator visual studio 2012 Build output

Now in order to see the results of the obfuscation we need to use a decompiler tool. My weapon of choice is Telerik’s free JustDecompile. It is a very good tool for decompiling .NET code and having a squiz at what is going on. Believe me, it is really useful when you need to fix a bug in a DLL that has been compiled and the source code has been lost or disappeared with the developer.

JustDecompile Desktop Icon

Before we do that, here is the code of the class as it appears in Visual Studio 2012 (Note that this code is just to illustrate the work of obfuscation).

[sourcecode language=”csharp”]

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace SecretClass
{
class MySecretClass
{
public void PerformSecretCalculation()
{
if (DoesSecretKeyExist(17))
{
// Perform some function
}
else
{
// Do something else
}
}

private bool DoesSecretKeyExist(int Factor)
{
bool blnSecretKey = false;

try
{
if (Factor >= 10) { blnSecretKey = true; } else { blnSecretKey = false; }
}
catch
{
blnSecretKey = false;
}
finally
{
// Some Final work
}

return blnSecretKey;
}
}
}

[/sourcecode]

Looking at the output from JustDecompile on the unobfuscated DLL, we can notice some very definite similarities to the code above. In fact, with a little guesswork, you can go ahead and recreate that code yourself in Visual Studio.

JustDecompile Telerik Decompiled unobfuscated

Here is the source code output from JustDecompile.

[sourcecode language=”csharp”]
namespace SecretClass
{
internal class MySecretClass
{
public MySecretClass()
{
}

private bool DoesSecretKeyExist(int Factor)
{
bool flag = false;
try
{
try
{
bool factor = Factor < 10;
flag = (factor ? false : true);
}
catch
{
flag = false;
}
}
finally
{
}
bool flag1 = flag;
return flag1;
}

public void PerformSecretCalculation()
{
bool flag = !this.DoesSecretKeyExist(17);
if (flag)
{
}
}
}
}
[/sourcecode]

If we had a look at the obfuscated code in JustDecompile, we will notice a very different situation. Remember, this is only the basic obfuscation which is simple renaming.

JustDecompile Telerik Decompiled obfuscated

Having a look at the obfuscated code, the logic behind the class is much harder to determine and reproduce.

[sourcecode language=”csharp”]
using System;

internal class a
{
public a()
{
}

public void a()
{
bool flag = !this.a(17);
if (flag)
{
}
}

private bool a(int A_0)
{
bool flag = false;
try
{
try
{
bool a0 = A_0 < 10;
flag = (a0 ? false : true);
}
catch
{
flag = false;
}
}
finally
{
}
bool flag1 = flag;
return flag1;
}
}
[/sourcecode]

Obfuscation is a very helpful tool, and the free version included in Visual Studio can secure and protect your code to such an extent that reverse engineering it, becomes a laborious and fruitless task. The class above was rather simple, but obfuscating bigger and more complex DLL’s will make it very difficult to recreate the code from decompilation.

Dirk Strauss
Dirk is a Software Developer and Microsoft MVP from South Africa. He loves all things Technology and is slightly addicted to Twitter and Jimi Hendrix. Apart from writing code, he also enjoys writing human readable articles. "I love sharing knowledge and connecting with people from around the world. It's the diversity that makes life so beautiful." Dirk feels very strongly that pizza is simply not complete without Tabasco, that you can never have too much garlic, and that cooking the perfect steak is an art he has yet to master.

Similar Articles

Top