Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

.Net Obfuscators

Hi,

I am looking to purchase a .Net obfuscator, considering the choices available online I am confused as what features are really important versus which features are good to have.

Can someone please share their experiences of using a .Net obfuscator in Professional development?

I would really appreciate some help

Faraz
Monday, February 28, 2005

http://www.wisdom.weizmann.ac.il/~oded/p_obfuscate.html

Basically, time taken obfusicating is time taken away from developing and selling.

i like i
Tuesday, March 01, 2005

.Net Obfuscator are good and you can use anyone, because some obfuscator can be a disassembler, then you can take a much time with this

Leonardo Nunes
Tuesday, March 01, 2005

Thanks for the replies

I have come across a suite that not only obfuscates but also 'protects' .net assemblies from being reverse engineered with tools. Check out Salamander (http://www.remotesoft.com/), I am not sure how true their claims are but I read a review written by a C# MVP praising this product and he seems to be satisfied by it.

I was wondering if there are more similar products so that I can do a comparitive analysis and make a better decision.

Faraz
Tuesday, March 01, 2005

Here is a list of most of the .NET obfuscators that I know of.

http://sharptoolbox.com/Category68fc8748-8956-4ed8-98aa-170a85c36813.aspx

Steve
Tuesday, March 01, 2005

From the Salamander webpage...

"The protector shuts down disassembly and decompilation rather than simply obfuscating code. Because the protector encrypts and replaces MSIL code with native code, Microsoft .NET Framework-based assemblies cannot be decompiled back to high-level source code."

this sounds like the total opposite concept of .NET and virtual machines to me

Matt B
Wednesday, March 02, 2005

Interesting. From what they're saying, Protector statically compiles & links .NET executables as machine code, complete with all required .NET libraries -- but with a reflection-capable metadata "facade" still intact. That's the only way I can interpret their claims, anyway.

Chris Nahr
Friday, March 04, 2005

That's perfectly possible.  It does rather negate the point of using bytecode in the first place, though.  Only consider it if you are absolutely 100% certain that your customers will NEVER have any reason to want to run your program on a non-Wintel platform.  (If they haven't heard of Mono, you're probably okay.)

Iago
Saturday, March 05, 2005

Professional developers, including MS, choose PreEmptive's .NET obuscator: http://www.preemptive.com/products/dotfuscator/

This .NET obfuscator integrates fully with VS and has full professional support.

Fred Binstock
Wednesday, March 09, 2005

The question that needs answering first is why you want to obfuscate in the first place.  What is so precious about your algorithms?  What's the attack that you're attempting to mitigate here?

Obfuscators are bad for security because they provide a FALSE sense of security. It's like the famous saying about encryption -- anyon can create an encryption scheme that he's too dumb to break.  Anyon can create an obfuscator that he's too dumb to reverse-engineer, but that doesn't mean that the details of your algorithms are safe or your magic passwords or whatever else it is that you're trying to hide.

 

Eric Lippert
Friday, March 18, 2005

I'm using XenoCode and I'm quite happy with it. It has all the features required for a .NET obfuscator.
Plus you get a 10% coupon if you visit http://SharpToolbox.com

Fabrice
Monday, March 21, 2005

Eric is correct, obfuscation is not ironclad. Neither is locking my front door, but I lock it anyway.
I don't post my corporate source code, so I choose to mask it.

Ed

Ed Cromwell
Thursday, March 24, 2005

*  Recent Topics

*  Fog Creek Home