Obfuscat silverlight applications with Dotfuscator
More about Dotfuscator
Dotfuscator is an obfuscation tool that makes the source code difficult to read when an application created in the .NET Framework is disassembled. Dotfuscator has a free and paid retail version that comes with Visual Studio.
The free version can only be used unless you assume that many of the features are limited or Visual Studio is started, but anyone can use it if you have visual studio installed. There are many powerful obnogenization functions that are not in the free version in the paid version, but it may be troublesome to be offered at a price that is hard to get your hands on for the general public.
Dotfuscator features different features, prices and editions depending on the version, so please refer to the following home page for more information.
Applications created in the .NET Framework can easily be read by disassembling the original source code, but in fact, disassembling the assembly file as shown in the diagram can almost reproduce the original source code, such as namespaces, class names, and method names.
The first step is to create a Silverlight application and build it as usual. We're just creating an application with two buttons.
The .xap file in the Bin\Release folder of the folder in which the project is located is a package file that summarizes the programs and files used by silverlight applications.
In fact, this file is compressed as a ZIP file, and because it is summarized, you can change the extension to ".zip".
Zip file changed.
When you open the file, it contains the manifest file and the DLL. This DLL is a compilation of programs that runs as an application.
By the way, dll files are also placed in the Release folder when you build them, so this time i'll obnollize this file.
Select Tools from the Visual Studio menu and select PreEmptive Dotfuscator And Analytics.
At the first time, you will see the "License Agreement" dialog, so read the contents carefully and say ,"Yes, I accept the license agreement. check and click the "OK" button.
PreEmptive Dotfuscator And Analytics CE starts.
Select Input from the tree on the left and click the Add Input button.
Select the DLL file that you generated in the build.
Select the DLL file that you added and uncheck Library Mode and XAML Conversion.
If library mode is checked, classes and methods defined in public are not obnosated.
If xaml conversion is checked, the classes defined in XAML will be obnoxized, but depending on how you make it, you will get a startup error, so uncheck it if it occurs.
Basically, all classes, methods, properties, and variable names are obnomenabled, but if you don't want to obnoscate a particular namespace, class, for example, serializing, select Rename from the left tree, and select the Exclude tab to check the target namespace or class.
Make sure that the Silverlight and WPF UserControls fields are checked in Built-in Rules. Checking this will make the UserControls field obnosciptal and run successfully. You can uncheck it if it is obnosated and if it runs successfully.
When you're done, click the Build Project button from the toolbar.
If there are any changes to the project, the project save confirmation dialog will be displayed, so click Yes to save.
The project is saved as a .xml file. Obstoobasised files are stored in the same location.
Wait for the build to finish as it starts. Note that the bigger the program, the longer it takes to build. Now you're done with the build.
The message column shows simple results, such as the progress of the build and how obnosated.
You can select Results from the tree on the left to learn more about how the class and method names have changed.
Under the class and method names are dotfuscator icons and names such as "a" and "b", which is the post-obfuscation name. In this way, you can disassemble by changing the class or method name to a meaningless name to make the contents of the source code difficult to read.
The obfuscated file is created in a folder of .xml files saved by saving the project, and a folder called Dotfuscated is created in it. In addition to obnosated files, a "Map.xml" file has been created, but this is the result of obnomation, so it is not used.
If you try to disassemble the obnosperated file, you can see that some class names and method names have been changed to "a" or "b".
This time, the default project was almost obnosated, so i think there is an image that is not obnomated very much, but the larger the project, the more classes the more classes the more the effect of obnomation will become clear.
As an aside, note that class names defined in the .NET Framework library are not subject to renaming because they are assemblies that are already installed in Windows, etc.
Silverlight does not accept the DLL as it is, so it is packaged as an XAP file. As mentioned at the beginning, the XAP file is just a change in the zip file extension, so you can create a ZIP file by collecting the files contained in the XAP file and the obnoxized DLLs.
You can use the standard os features to create zip files.
A ZIP file is created.
The extension is ".xap" and if the file name is different, change it to the original package file name.
Place the XAP file in the distribution location.
Check to see if it works.
If it doesn't start, check until it works, for example, to reduce the amount of obnosated code. Keep in mind that Silverlight is often caught in XAML.
If you are not following the steps at this time, but you want to sign the program, build with a delayed signature state, obread the assembly, and then re-sign. Even if you sign and obnosate, the signature code you gave at build time will not match the obnoscated signature code, so you will not be able to start it.
This time, we've put the steps in the free version, but you can use the paid version to make it more complex obfuscated, or to prevent the disassembly itself. However, obnosceisation has the potential to cause various evils, so it is necessary to make it obliterate, considering whether it works properly from the beginning of the design.