Everybody wants to protect their code from unauthorized reverse engineers. Isn’t it? For this, a company or a developer needs a Obfuscation tool to add huge noise bits in the generated executable and encrypt it to make sure the disassembler can not read it.
What is Obfuscation?
Before starting with the actual topic, let us throw some lights on obfuscator first for those who don’t know about it. I am hard code Microsoft .Net guy, 99% of my blog readers visit this site for Microsoft related stuffs and as the review is for a .Net product, I will only talk about the .Net code all over the post to keep it with sync and easy understanding.
What happens when we compile our C# and/or VB.Net code? All of you already know that the code compiles to Microsoft Intermediate Language named MSIL format, which can be loaded by the Common Language Runtime (CLR) for execution in different environment. If you go deep into the MSIL code, you will come to know that it preserves a lot of information about the classes, fields, methods, properties etc. and can be decompiled using a powerful decompiler tool. Some decompilers can also extract the whole code and provide that to you in easy readable format.
From this you can easily understand that the code you are writing to build a product is not at all protected from the hackers or crackers. They can extract all your code within a few minutes, do some modifications, compile and then sell them by their name. The product that you are building for a year or more with full effort is no longer protected from those reverse engineers.
Here comes the code obfuscation. It makes the decompiled code unreadable by using cryptography and other mechanism. Obfuscator tools take .dll, .exe files as input and obfuscate the code present inside it. For example, have a look into the below screenshot (various blocks generated using “Crypto Obfuscator”, the product that I am reviewing here):
To demonstrate, I used the Visual Studio object browser to my custom library (.dll). The library consists of interface, class and methods which you can easily read in the object browser (left panel). After obfuscation using cryptography, it generated all the referenced interface, class, methods etc. to some complex string (middle panel). When you do a obfuscation brutally, this will generate some unreadable names for all of them (right panel). Here you can see how this obfuscation mechanism actually protects your code from unauthorized access, cracking and hacking.
For last couple of days I was doing some self assessment for various obfuscation tools. I also tried the one that comes with Visual Studio. But among them, I liked the product of LogicNP Software named “Crypto Obfuscator for .Net”. The product is stable and provides a no. of options to strength the protection of your code.
Crypto Obfuscator for .Net supports all versions of .Net framework, Visual Studio IDEs. You can obfuscate .exe, .dll and .xap files built against .Net framework. It supports Silverlight, WPF, Windows Phone 7, Windows Phone 8, Windows 8 (RT), Mono Android, Mono Touch, .Net Compact Framework, .Net Micro Framework, Portable Class libraries and many more. It not only supports C#, VB.Net, C++ codes but also supports XAML/BAML files. The Visual Studio Project Integration Wizard makes it easy to start with the obfuscation process.
Here is the default UI of the Crypto Obfuscator when you add a reference assembly for obfuscation:
Crypto Obfuscator supports various types of symbol renaming schemes like: Test mode, Cryptographic, Normal, Fake and Unprintable scheme. You can chose any one of them to obfuscate your code. Unprintable scheme uses brutal algorithm to encrypt and protect each code file. When any disassembler or decompiler gets the code generated using this schema, will not be able to differentiate as they look similar to the other. Thus, you code will be protected completely under the shield. This is the best algorithm logic that I noticed in Crypto Obfuscator.
Under “Symbol Renaming Scheme”, you will be able to set various algorithms to encrypt and/or obfuscate your code. It will rename all your class, field, method, property and parameter names to different strings and make it impossible to determine the original names from the new names. It can also rename fields or methods with different signatures to the same name, e.g. two fields having types string and bool can have same name. Similarly two methods with different parameters can have the same name. Thus it will make the reverse engineering impossible and make your code hacker proof.
In the "Assembly Specific Settings" you can set lot many options like Encrypt Strings, Constant Values, Methods etc. You can also protect your code from ILDASM, Anti debugging, Anti tracing, code tampering. Also there are lot many options in the screen to protect your code.
You can set various “Exclusion/Inclusion Rules”, “Exception Reporting”, “Licensing”, “Watermarks” and many more in the screen. Automatic Exception Reporting makes it extremely easy to catch any unhandled exceptions and for your users to easily report these exceptions to you with a single click of a button.
I really liked this product and recommend to everyone who wants a Obfuscator tool to protect their .Net applications. Whether it is a Windows Form, WPF, Silverlight and Windows Phone app this tool will work in both the cases.