Obfuscat silverlight applications with Dotfuscator

Page updated :

More about Dotfuscator

Dotfuscator is an obfuscation tool that makes the source code difficult to read when an application created in the .NET Framework is disassembled. Dotfuscator has a free and paid retail version that comes with Visual Studio.

The free version can only be used unless you assume that many of the features are limited or Visual Studio is started, but anyone can use it if you have visual studio installed. There are many powerful obnogenization functions that are not in the free version in the paid version, but it may be troublesome to be offered at a price that is hard to get your hands on for the general public.

Dotfuscator features different features, prices and editions depending on the version, so please refer to the following home page for more information.

Dotfuscator

Parsed code

Applications created in the .NET Framework can easily be read by disassembling the original source code, but in fact, disassembling the assembly file as shown in the diagram can almost reproduce the original source code, such as namespaces, class names, and method names.

解析されたコード

Obstose Procedure

The first step is to create a Silverlight application and build it as usual. We're just creating an application with two buttons.

Release ビルド

The .xap file in the Bin\Release folder of the folder in which the project is located is a package file that summarizes the programs and files used by silverlight applications.

XAP ファイル

In fact, this file is compressed as a ZIP file, and because it is summarized, you can change the extension to ".zip".

拡張子を .zip に変更

Zip file changed.

ZIP ファイル

When you open the file, it contains the manifest file and the DLL. This DLL is a compilation of programs that runs as an application.

By the way, dll files are also placed in the Release folder when you build them, so this time i'll obnollize this file.

ZIP ファイルの中身

Select Tools from the Visual Studio menu and select PreEmptive Dotfuscator And Analytics.

At the first time, you will see the "License Agreement" dialog, so read the contents carefully and say ,"Yes, I accept the license agreement. check and click the "OK" button.

PreEmptive Dotfuscator And Analytics を選択

PreEmptive Dotfuscator And Analytics CE starts.

PreEmptive Dotfuscator And Analytics CE

Select Input from the tree on the left and click the Add Input button.

入力の追加

Select the DLL file that you generated in the build.

ビルドで生成した DLL ファイルを選択

Select the DLL file that you added and uncheck Library Mode and XAML Conversion.

If library mode is checked, classes and methods defined in public are not obnosated.

If xaml conversion is checked, the classes defined in XAML will be obnoxized, but depending on how you make it, you will get a startup error, so uncheck it if it occurs.

「ライブラリ モード」「XAML の変換」のチェックを外す

Basically, all classes, methods, properties, and variable names are obnomenabled, but if you don't want to obnoscate a particular namespace, class, for example, serializing, select Rename from the left tree, and select the Exclude tab to check the target namespace or class.

難読化の除外

Make sure that the Silverlight and WPF UserControls fields are checked in Built-in Rules. Checking this will make the UserControls field obnosciptal and run successfully. You can uncheck it if it is obnosated and if it runs successfully.

Silverlight および WPF UserControls のフィールド

When you're done, click the Build Project button from the toolbar.

プロジェクトのビルド

If there are any changes to the project, the project save confirmation dialog will be displayed, so click Yes to save.

プロジェクト保存確認ダイアログ

The project is saved as a .xml file. Obstoobasised files are stored in the same location.

プロジェクト保存

Wait for the build to finish as it starts. Note that the bigger the program, the longer it takes to build. Now you're done with the build.

The message column shows simple results, such as the progress of the build and how obnosated.

ビルド完了

You can select Results from the tree on the left to learn more about how the class and method names have changed.

Under the class and method names are dotfuscator icons and names such as "a" and "b", which is the post-obfuscation name. In this way, you can disassemble by changing the class or method name to a meaningless name to make the contents of the source code difficult to read.

難読化結果

The obfuscated file is created in a folder of .xml files saved by saving the project, and a folder called Dotfuscated is created in it. In addition to obnosated files, a "Map.xml" file has been created, but this is the result of obnomation, so it is not used.

難読化したファイル

If you try to disassemble the obnosperated file, you can see that some class names and method names have been changed to "a" or "b".

This time, the default project was almost obnosated, so i think there is an image that is not obnomated very much, but the larger the project, the more classes the more classes the more the effect of obnomation will become clear.

As an aside, note that class names defined in the .NET Framework library are not subject to renaming because they are assemblies that are already installed in Windows, etc.

難読化したコードの解析

Silverlight does not accept the DLL as it is, so it is packaged as an XAP file. As mentioned at the beginning, the XAP file is just a change in the zip file extension, so you can create a ZIP file by collecting the files contained in the XAP file and the obnoxized DLLs.

You can use the standard os features to create zip files.

ファイルを ZIP 化

A ZIP file is created.

ZIP ファイル

The extension is ".xap" and if the file name is different, change it to the original package file name.

Place the XAP file in the distribution location.

XAP ファイルに変更

Check to see if it works.

If it doesn't start, check until it works, for example, to reduce the amount of obnosated code. Keep in mind that Silverlight is often caught in XAML.

動作確認

If you are not following the steps at this time, but you want to sign the program, build with a delayed signature state, obread the assembly, and then re-sign. Even if you sign and obnosate, the signature code you gave at build time will not match the obnoscated signature code, so you will not be able to start it.

This time, we've put the steps in the free version, but you can use the paid version to make it more complex obfuscated, or to prevent the disassembly itself. However, obnosceisation has the potential to cause various evils, so it is necessary to make it obliterate, considering whether it works properly from the beginning of the design.