In the world of Software Development today, anyone that doesn’t protect their intellectual property is setting themselves up for disaster. Luckily, Visual Studio 2012 (as do previous editions of Visual Studio) comes with a community edition of PreEmptive Dotfuscator and Analytics. To compare the editions and other features available in Dotfuscator and Analytics visit their website.
Therefore, an independent developer can easily provide a basic layer of obfuscation to their code without having to fork out any money. For companies or individuals that really need extra protection, the professional edition of Dotfuscator will provide much more code protection. Just remember, any obfuscation is better than no obfuscation. So where do you start? Well start by going to Tools –> PreEmptive Dotfuscator and Analytics.
This will launch the PreEmptive Dotfuscator and Analytics application.
To add your DLL to Dotfuscator, right click on the Dotfuscator node and select ‘Add Inputs’. You can then browse to and select your DLL (or exe).
Once you have done that, your DLL will appear under the Inputs section.
With this post, I will only cover the basics of Obfuscation. So without doing anything else, click on the ‘Build Project’ icon.
When the build has completed, the build output on the bottom on the screen will notify you of the output location (if you scroll up a bit, you will see that it is usually at the following path C:Users[username]DocumentsDotfuscated), Renamed Types, Methods and Fields.
Now in order to see the results of the obfuscation we need to use a decompiler tool. My weapon of choice is Telerik’s free JustDecompile. It is a very good tool for decompiling .NET code and having a squiz at what is going on. Believe me, it is really useful when you need to fix a bug in a DLL that has been compiled and the source code has been lost or disappeared with the developer.
Before we do that, here is the code of the class as it appears in Visual Studio 2012 (Note that this code is just to illustrate the work of obfuscation).
[sourcecode language=”csharp”]
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace SecretClass
{
class MySecretClass
{
public void PerformSecretCalculation()
{
if (DoesSecretKeyExist(17))
{
// Perform some function
}
else
{
// Do something else
}
}
private bool DoesSecretKeyExist(int Factor)
{
bool blnSecretKey = false;
try
{
if (Factor >= 10) { blnSecretKey = true; } else { blnSecretKey = false; }
}
catch
{
blnSecretKey = false;
}
finally
{
// Some Final work
}
return blnSecretKey;
}
}
}
[/sourcecode]
Looking at the output from JustDecompile on the unobfuscated DLL, we can notice some very definite similarities to the code above. In fact, with a little guesswork, you can go ahead and recreate that code yourself in Visual Studio.
Here is the source code output from JustDecompile.
[sourcecode language=”csharp”]
namespace SecretClass
{
internal class MySecretClass
{
public MySecretClass()
{
}
private bool DoesSecretKeyExist(int Factor)
{
bool flag = false;
try
{
try
{
bool factor = Factor < 10;
flag = (factor ? false : true);
}
catch
{
flag = false;
}
}
finally
{
}
bool flag1 = flag;
return flag1;
}
public void PerformSecretCalculation()
{
bool flag = !this.DoesSecretKeyExist(17);
if (flag)
{
}
}
}
}
[/sourcecode]
If we had a look at the obfuscated code in JustDecompile, we will notice a very different situation. Remember, this is only the basic obfuscation which is simple renaming.
Having a look at the obfuscated code, the logic behind the class is much harder to determine and reproduce.
[sourcecode language=”csharp”]
using System;
internal class a
{
public a()
{
}
public void a()
{
bool flag = !this.a(17);
if (flag)
{
}
}
private bool a(int A_0)
{
bool flag = false;
try
{
try
{
bool a0 = A_0 < 10;
flag = (a0 ? false : true);
}
catch
{
flag = false;
}
}
finally
{
}
bool flag1 = flag;
return flag1;
}
}
[/sourcecode]
Obfuscation is a very helpful tool, and the free version included in Visual Studio can secure and protect your code to such an extent that reverse engineering it, becomes a laborious and fruitless task. The class above was rather simple, but obfuscating bigger and more complex DLL’s will make it very difficult to recreate the code from decompilation.