There are a number of .NET obfuscator offerings available, often at widely diverging
prices. Crypto Obfuscator for .NET offers an excellent balance of good pricing,
performance, and features.
All .Net compilers such as C#, VB.Net, Managed C++, IronPython, etc. emit compiled
programs in MSIL (Microsoft Intermediate Language) format. This format preserves
a lot of high-level information about your software such as class, field, method,
property and parameter names and even the actual code in a well-defined structure.
This has facilitated the development of many decompilers and dissassemblers which
can extract this information from a .Net assembly. Some tools can even reconstruct
the actual structure of your code including loops, if statements, method calls,
etc.
This means that an unprotected .Net assembly is an easy target for hackers, crackers
or competitors who can easily reverse-engineer your .Net code from the compiled
assembly. They can easily glean valuable trade secrets, algorithms, sensitive
information such as passwords, SQL queries, etc stored in strings, or even try
to find security vulnerabilities and change product functionality.
Crypto Obfuscator's code-protection features will protect your .Net assembly
from all the above vulnerabilities and attack points using a variety of sophisticated
techniques such as:
Symbol Renaming: Crypto Obfuscator renames all your class, field, method, properties, methods, parameter
and generic parameter names to totally different strings. It is impossible to
determine the original names from the new names. This makes it impossible for
someone to try to determine the purpose or functionality of the renamed entity
from its name.
Advanced Overload Renaming: Crypto Obfuscator can also rename fields or methods with different signatures to
the same name. For example two fields having types int and boolean will be given
the same name. Similarly two methods will different parameters will be given
the same name. In the case of methods, the method return type is also used in
the signature even though high-level languages such as C# and VB.Net do not support
overloading by return type. The .Net runtime is able to differentiate between
the fields/methods without any problem since the signatures are different. Needless
to say, this scheme makes it even harder to reverse-engineer your code.
Advanced Tamper Detection: Crypto Obfuscator can perform strong name verification of the assembly itself even
if strong-name verification has been turned OFF on the machine on which the assembly
is running or if the assembly has been registered in the verification 'skip-list'
- this is typically done by hackers or crackers. Furthermore, the strong name
verification is done using the original key used to sign the assembly when it
was obfuscated by Crypto Obfuscator. Thus, strong name verification fails even
if the key is removed or replaced - again something typically done by hackers
or crackers.
Anti-Debug + Anti-Tracer Protection: Crypto Obfuscator's performs more than 10 advanced heuristic tests to detect
if your software is running under a debugger or tracer. If detected, an exception
is throw and your software will terminate. Both managed as well as native/unmanaged
debuggers (including advanced debuggers such as OllyDbg) are detected. This provides
a strong defense against crackers and hackers trying to debug or trace your software
for various malicious purposes.
String Encryption: Literal strings often contain sensitive information such as login information, passwords,
SQL queries, algorithm parameters. They also facilitate reverse-engineering of
your .Net code. Crypto Obfuscator solves all these issues by encrypting all literal
strings in your .Net code.
Control Flow Obfuscation: Many advanced decompilers can reconstruct the code in your methods including the
exact structure of your loops, if-else statements, method calls, try-catch blocks,
etc. This makes it very easy to revere-engineer your code. Crypto Obfuscator
changes the structure of your code into spaghetti code while maintaining 100%
the logic and output of the code. The result is that decompilers are unable to
reconstruct the code structure and most of the times they crash while trying
to do so.
ILDASM Suppression: ILDASM (Microsoft IL Dissassembler) is a free tool to disassembly any .Net assembly
into MSIL (Microsoft Intermediate Language). Crypto Obfuscator can modify the
assembly in such a way that ILDASM refuses to disassemble the assembly.
Anti-Reflection Protection: Many decompilers, dissassemblers and memory dumpers use Reflection to extract information
about a .Net assembly. Crypto Obfuscator can modify the assembly in such a way
that such tools will fail when trying to work on your assembly.
Anti-Decompiler Protection: Advanced decompilers such as the freely available .Net Reflector are your enemy
in the battle against the hackers, crackers and competitors. Crypto Obfuscator
can modify your assembly in such a way that such tools fail to work on your assembly
- many times they are not even able to open your assembly, let alone examine
it.
Resource Encryption: Many tools exist which can extract resources from your assembly. Such resources
can often contain valuable, sensitive or copyrighted information such as images,
UI (WPF baml files), textual content, etc. Crypto Obfuscator can encrypt all
such resources so that it is impossible to extract them from the assembly.
Assembly Encryption: Crypto Obfuscator can encrypt all dependant assemblies and any additional assemblies
you want into a single assembly. This makes it impossible for someone to get
their hands on individual assemblies. You can use this feature to package all
important and sensitive code/data into another assembly.
Watermarking: Crypto Obfuscator can embed watermark strings into your deployed assemblies. This
can be used to track each assembly instance - this is commonly used for licensing
by embedding user name and license codes as watermarks to deter license violations.
The watermarks embedded in the assembly can be used in literal strings and constants
to be used in your UI, message boxes, etc.
That's a lot of features for $199 for a single developer standard license. In
addition, the GUI interface is easy - to - understand and use, and the product
integrates well into Visual Studio (including Visual Studio 2010) using build
events. For more sophisticated build operations such as when using ClickOnce
, obfuscating Silverlight projects, or
when chaining the output of your projects to other projects (such as setup projects)
you can use MSBUILD integration.
Crypto Obfuscator is highly configurable. I've used it, and there were no unpleasant
side effects or anything to complain about. It's just a solid, well-engineered
good product at a good price.