Obfuscate applications created using Dotfuscator
summary
Because applications based on the .NET Framework are created in what is called a common intermediate language, they can be read in a form close to the original source code by using disassembly tools and the like. This section describes how to obfuscator Dotfuscator, the obfuscator that comes with Visual Studio, to obfuscate class and method names into a format that is not easily readable.
We're talking about it here using Visual Studio 2010, but you can use Dotfuscator in 2005 and 2008 as well.
Operating Environment
Supported Visual Studio Versions
- 2005
- 2008
- 2010
Check Visual Studio Version
- 2005
- 2008
- 2010
substance
About Dotfuscator
Dotfuscator is an obfuscation tool that makes source code difficult to read when disassembled in applications written with the .NET Framework. Dotfuscator comes with Visual Studio for free and for a fee.
The free version is not available unless many of its features are limited or Visual Studio is started, but anyone can use it as long as they have Visual Studio installed. The paid version has many powerful obfuscation features that are not found in the free version, but it is offered at a price that is difficult for the general public to afford.
Dotfuscator has different features, prices, and editions depending on the version, so please refer to the following homepage for details.
Obfuscation procedure
I mentioned earlier that applications created with the .NET Framework can disassemble and easily read the original source code, but the actual situation is that if you disassemble the exe file as shown in the figure on the right, you can almost reproduce the original source code such as namespace, class name, method name, etc.
Describes the steps to make these names confusing and obfuscated.
Creating an application in Visual Studio and creating an exe file is exactly the same as the normal way to create it.
After you build and create the exe file, select Tools from the Visual Studio menu, and then select Dotfuscator Software Services.
When you start for the first time, the "License Agreement" dialog is displayed as shown in the figure on the right, so read the contents carefully, check "Yes, I agree to the license agreement." and click the "OK" button.
Dotfuscator Software Services starts.
The exe (or dll file) to be obfuscated does not have to be from the currently open project.
Select Input Assemblies from the tree on the left, and click the Input Assemblies on the right to click the ... button.
Select the exe file you want to obfuscate.
The selected exe file is added to the list. If you want to obfuscate multiple files, click the "..." button after the second line to add them.
Once you have selected the exe you want to obfuscate, click the Build Project button from the toolbar.
If there are any changes to the project, the project saving confirmation dialog is displayed, so click "Yes" to save.
The project is called ". xml" file. The obfuscated exe file will also be saved in the same location, so save the .xml file to any folder.
The build will start and wait until it is complete. Note that the larger the program, the longer it takes to build. If it looks like the figure on the right, the build is completed.
The message field displays simple results, such as the progress of the build and how obfuscated it was.
If you select "Result" from the tree on the left, you can see details of how the class and method names have changed.
Below the class and method names, there is a Dotfuscator icon and a name such as "a" or "b", which is the obfuscated name. By changing the class name or method name to a meaningless name like this, you can make the contents of the source code difficult to read even if it is disassembled.
Obfuscated exe files are created in the folder of .xml files saved in Save Project, called "Dotfuscated", and are created in it. In addition to the exe file, a "Map .xml" file has been created, but this is the result of obfuscation and should not be used.
Obfuscated exes can be run and used as-is. However, there are cases where it can not be started due to an unknown error as shown in the figure on the right.
This time, I wrote an application in WPF, but because the XAML file of the first window to display is specified as a string, the rename due to obfuscation will cause the reference to be lost, resulting in an error.
Windows Form applications reference the From class directly, so they can run without errors even if they are obfuscated. However, if you specify a class name, an enum type, etc. by name, you need to be careful because there is a possibility that the same error will occur.
If you don't want to obfuscate a class or something, select Rename from the tree on the left side of Dotfuscator and select Exclude from the middle tab.
Each namespace, class name, etc. will be displayed in the list on the right, so check the items you don't want to obfuscate.
Here, I do not want to change the class name of the window to be displayed first, so I check "MainWindow".
When you do the build, you can see that there is no changed name under the class name in MainWindows. (App class has been converted to "a")
When you run the obfuscated exe file, you can see that the window is displayed correctly.
If you disassemble the obfuscated exe file, you can see that the class name and method name have been changed to "a" or "b" properly.
But as an aside. NET Framework libraries such as class names are not subject to renaming because they are assemblies that are already installed on Windows and elsewhere.
This time, I obfuscated the default project created as it is, so I think that there is an image that it is not so obfuscated, but I think that the effect of obfuscation becomes clear because the number of classes etc. increases as the project grows.
Also, although we have included the procedure in the free version this time, the paid version allows for more complex obfuscation and also prevents disassembly itself. However, obfuscation has various adverse effects and potential to occur, so when obfuscating is performed, it is necessary to make it while considering whether it will work properly from the beginning of the design.