Obfuscating for .net


Introduction

When you want to release your .net application to the public as closed source you should note that Microsoft .net applications are easy to decompile and reconstruct once distributed. In this article, I intend to explore various options and explain why we settled on one particular Obfuscator that is open source.

Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation may involve encrypting some or all of the code, stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels or adding unused or meaningless code to an application binary. A tool called an obfuscator can be used to automatically convert straight-forward source code into a program that works the same way, but is much harder to read and understand.
The purpose of this article is not a how to use the various obfuscation tools but is a pointer to the tools that could be included in a developers toolbox. But remember that Obfuscation is generally just a technique to make decompiling harder.

We explored a range of commercial and open source obfuscators such as ConfuserEX, ConfuserEX2, DotFuscatorCE, Obfuscar with varying levels of success.

One glaring issue is that none of the obfuscators have great documentation for new comers or experienced developers when things don’t work as expected. Many hours are required to hunt down solutions from places other than the authors repositories.

Visual Studio – Microsoft have bundled the DotFuscator Community Edition with Visual Studio however we are not impressed with the free version as a serious entry point to protect your works. Also we don’t like being pestered to register.

Obfuscar – Probably works but we could not get any exe’s or DLL’s to work after obfuscation and it was just too difficult to find solutions and the authors site appears to have wiped the wiki.

ConfuserEX has a number of forks available and we settled on ConfuserEX-Reborn

And to compliment ConfuserEX we installed ConfuserEX for Visual Studio from Market Place however this crashed Visual Studio 2017 frequently and when you attempt to remove obfuscation from a project it leaves an entry “exec” in the project file that prevents a successful compile. So ConfuserEX for Visual Studio caused more issues than it was worth and we uninstalled it from Visual Studio.

Our final decision was to download the source for ConfuserEX Reborn and dnlib and compile ourselves. The ConfuserEX comes with a very functional GUI that we found was great for building the Ofuscated project and finally protecting your solutions.

  • Supports .NET Framework 2.0/3.0/3.5/4.0/4.5
  • Supports Mono (Some feature restrictions apply)
  • Symbol renaming (Support WPF/XAML/BAML)
  • Protection against debuggers/profilers
  • Protection against memory dumping
  • Protection against tampering (method encryption)
  • Control flow obfuscation
  • Constant/resources encryption
  • Reference hiding proxies
  • Disable decompilers
  • Embedding dependency
  • Compressing output
  • Extensible plugin API
  • Many more are coming!

Protections

<h2 class="gh-header-title instapaper_title">Anti Debug Protection</h2> <div id="wiki-body" class="wiki-body gollum-markdown-content instapaper_body"> <div class="markdown-body"> <p>ID: <em>anti debug</em><br /> Preset: Minimum</p> <p>This protection prevents the assembly from being debugged or profiled.</p> <h2><a id="user-content-parameters" class="anchor" href="https://github.com/yck1509/ConfuserEx/wiki/Anti-Debug-Protection#parameters" aria-hidden="true"></a>Parameters</h2> <p><strong>mode</strong>: This parameter define the used anti debug engine. Supported values are:</p> <ul> <li><em>safe</em>: ConfuserEx would detect debugger/profiler using managed API</li> <li><em>win32</em>: ConfuserEx would detect debugger/profiler using unmanaged WinAPI (<strong>Incompatible with OS other than Windows</strong>)</li> <li><em>antinet</em>: ConfuserEx would detect debugger/profiler using antinet by 0xd4d (<strong>Produces unverifiable modules, incompatibile with Mono</strong>)</li> </ul> <p>Default is <em>safe</em>.</p> </div> </div>
Before you obfuscate you may have a project with depends on one or more library DLL’s, in some situations this can cause an obfuscated solution to fail. One potential solution can be to use ILMerge to merge the dependant dll’s into the main exe or dll. ILMerge is a free Microsoft command line tool.If you prefer nice GUI to perform your merges then check out ILMergeGUI ; there are several GUI’s available and this just happens to be the first that we found which worked as described.

So let’s say you have the following output from your project with a couple of dependant libraries:

  • TheWorldsGreatest.exe
    • MyCommonLibrary.dll
    • MyHTMLViewer.dll

We use ILMerge to merge the two dll’s into TheWorldsGreatest.exe.

As a result we just need to obfuscate and deploy a single exe.

ILMergeGui, ILMerge, ILSpy, dotPeek
Article Rating:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...