Obfuscate Applications Created Using Dotfuscator (Visaul Studio 2022 Version)

summary

Applications based on the .NET series of frameworks are created in what is called a common intermediate language, so they can be read in a form close to the original source code by using disassembly tools and the like. This section describes how to obfuscate classes and method names into easily unreadable formats using the free version of Dotfuscator, the obfuscator tool that comes with Visual Studio.

It is described using Visual Studio 2022, but it can also be used in other versions of Dotfuscator.

Operating Environment

Visual Studio

• Visual Studio 2022

About Dotfuscator

Dotfuscator is an obfuscation tool that makes source code difficult to read when disassembled for applications written with the .NET family of frameworks (hereafter referred to as .NET). Dotfuscator comes with Visual Studio for free and for a fee.

The free version is not available unless many of its features are limited or Visual Studio is started, but anyone can use it as long as they have Visual Studio installed. The paid version has many powerful obfuscation features that are not found in the free version, but it is offered at a price that is difficult for the general public to afford.

Dotfuscator has different features, prices, and editions depending on the version, so please refer to the following homepage for details.

• Dotfuscator

About Disassembly

I mentioned earlier that applications written in .NET can easily disassemble and read the original source code, but what is actually happening is that if you disassemble a .exe file (or .dll file) as shown in the following figure, you can almost reproduce the original source code, such as namespace, class name, method name, etc.

Types of programs that should be obfuscated

It mainly applies to programs that are distributed and run to unspecified users. For example, desktop applications. Conversely, Web applications that have difficulty accessing program files directly are less important to obfuscation.

This time, we're looking at a project in WPF, a desktop application.

Installing Dotfuscator

This application comes with Visual Studio 2022 but is not included in the standard installation (in some past Visual Studios it may be installed from scratch).

To add a Dotfuscator: Start Visaul Studio and select Get Tools and Features from Tools.

Select "Individual Components" from the tab above, check "PreEmptive Protection - Dotfuscator" in the "Code Tools" group, and click the Install button in the lower right corner. When doing so, close the Visual Studio console.

Obfuscation procedure

Describes the steps to make these names confusing and obfuscated.

Create an application in Visual Studio, build .exe file, and then click the . Create a dll file. So far, this is the same as creating a regular application. The app you create should be intended for those created in the Release build. (Because you don't usually publish in Debug.)

After you create .exe or .dll, select Tools from the Visual Studio menu, and then choose PreEmptive Protection - Dotfuscator Community.

The registration screen is displayed, but it is not required, so if it is unnecessary, click the cancel button as it is.

Remain and click the OK button.

Dotfuscator starts. The application works on its own, so you can obfuscate files that are not relevant to the currently open project. (In the case of the free version of the application itself, it is assumed that Visual Studio is started.) )

In this article, I'll obfuscate a .NET 6.0 WPF application project built with defaults as a sample.

Select "Input" from the list on the left and click the "+" button.

Select the program file you want to obfuscate. Applications written in the .NET Framework have often obfuscated .exe, but in .NET and .NET Core, programs are often .dll entities. NET WPF applications will also have .dll entities, so choose .dll.

It will be added to the list. If it consists of multiple DLLs, add more than one.

After adding the target file, click the "Build" button from the toolbar.

You will be asked where to save the obfuscated project file, so specify it. The location can be arbitrary, but it can also be the output location of an obfuscated program. It saves your input and will open this obfuscation project file if you want to obfuscate it again. The extension is ". xml".

If the build has started and "Build completed" is displayed in the message below, it indicates successful completion. The screen displays the build log and a list of obfuscated classes and variables.

Select "Result" from the list on the left to see details of how the class and method names have changed.

Class names and method names in the tree on the right, such as "->", are the names after obfuscation. By changing the class name or method name to a meaningless name like this, you can make the contents of the source code difficult to read even if it is disassembled.

Obfuscated programs are saved in a folder called "Dotfuscated" in the place where you saved the project file.

Map.xml is an obfuscation result file, so you can safely delete it.

Since .NET 6.0 WPF cannot be started by a DLL alone, copy "XXXX.exe" and "XXXX.runtimeconfig.json" generated at the time of build output to the same folder and start it. If you can start normally, there is no problem for the time being. If you can't start it, you may be missing files or you may be creating a program that becomes inconsistent due to obfuscation.

If you analyze the program that has actually been obfuscated, you will see some traces of obfuscation. The first sheet of the figure below is before obfuscation, and the second is after obfuscation.

Note that class names defined in .NET libraries are not subject to renaming because they exist as a framework.

This time, I obfuscated the default project created as it is, so I think that there is an image that is almost not obfuscated, but I think that the effect of obfuscation becomes clear because the larger the project, the more unique classes will increase.

Also, although we have included the procedure in the free version this time, the paid version allows for more complex obfuscation and also prevents disassembly itself. However, obfuscation has various adverse effects and potential to occur, so when obfuscating is performed, it is necessary to make it while considering whether it will work properly from the beginning of the design.

Exclude obfuscation

If you have class or property names that you don't want to obfuscate, you can exclude them.

While the assembly is loaded, select Rename > Exclude from the left side of the screen. Since the contents of the assembly are displayed, I will check the ones that I do not want to obfuscate.

It is possible to exclude obfuscation at a granular level, but I think it is easier to adjust it on a namespace basis.

Library Mode

When you select the input assembly, you can see that "Library Mode" is checked.

"Library mode" is to attach to DLLs that may be called by other programs. If checked, public classes and properties called by other programs are excluded from obfuscation.

However, in general, it is rare to expose a library that is called generatively from other programs, and I think that it is often obfuscated to applications that work alone, so it is okay to basically remove this check.

Obfuscation of single-file .exe (unconfirmed)

Investigations into this item in Visual Studio 2022 are currently unconfirmed.

It will probably be obfuscation with MSBuild, but I'm putting it on hold because of the lack of information at the moment.