Results 1 to 23 of 23

Thread: Obfuscator free for VS 2013

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Obfuscator free for VS 2013

    Hi
    I'm using VS 2008 and Eazfuscator latest free version and I want to upgrade to VS 2013. Eazfuscator latest free version doesn't work with VS 2013 and I took also a free obfuscator:Confuserex,is that a good one? I found there is a Deobfuscator for that,so it is not safe? https://github.com/U...serDeobfuscator

    If not,a good free choice?


    It is a way to integrate it with VS and automatic obfucation on build,Eazfuscator works that way.
    thanks !

  2. #2
    Member
    Join Date
    Jun 2011
    Posts
    36

    Re: Obfuscator free for VS 2013

    Quote Originally Posted by mrjohn View Post
    Eazfuscator latest free version doesn't work with VS 2013
    Not according to their site:

    Code:
    http://www.gapotchenko.com/eazfuscator.net/features
    Integration with Microsoft Visual Studio 2005 – 2013 including Express editions
    Good Luck.

    Heishiro

  3. #3

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    Eazfuscator gone commercial from couple years, I was talking about free version (Eazfuscator 2012)
    I'm looking for a free obfuscator.
    thanks!

  4. #4
    Fanatic Member Toph's Avatar
    Join Date
    Oct 2014
    Posts
    655

    Re: Obfuscator free for VS 2013

    You ConfuserEx, it's really good and free too.

  5. #5

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    Thanks for the answer,it is a way to integrate it with VS and automatic obfuscation?
    it is more secure than Eazfuscator?

  6. #6
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    35,238

    Re: Obfuscator free for VS 2013

    What are you trying to secure, anyways? No obfuscator, real or imagined, provides particularly good security, nor does compilation to machine language, or any other step. It can all be hacked, some pieces more easily than others. If you have something that you really need to secure, then what is it? If it's strings, then nothing will protect you. If it's an algorithm, then obfuscation won't protect you from anybody who is determined.

    The reason I ask is that one of the things about obfuscation and code security is that it is often used to secure the wrong thing. People often think that their code is valuable, but it isn't. Just look at the web. I'm writing in Javascript. Every modern browser will allow anybody to see the source code at any time. With that language, everybody understood that code security is a myth, so there is no attempt to secure or obfuscate anything. The same is true for Windows applications, it's just that lots of people don't realize that, possibly because it isn't quite as easy to see the code as it is with JS. Just remember that for an application to run, it must be deofuscated machine language, which can be displayed as ASM, which can be back converted into somewhat higher languages. It's all there, though, and strings are even simpler than that. So, be sure what you are securing. In the JS environment, since everything is out there on display, the only security you can have is to keep sensitive information server side. The same can be done with some Windows applications. Other parts can be encrypted (strings). Some things can't be protected much at all.
    My usual boring signature: Nothing

  7. #7
    Fanatic Member Toph's Avatar
    Join Date
    Oct 2014
    Posts
    655

    Re: Obfuscator free for VS 2013

    Quote Originally Posted by Shaggy Hiker View Post
    What are you trying to secure, anyways? No obfuscator, real or imagined, provides particularly good security, nor does compilation to machine language, or any other step. It can all be hacked, some pieces more easily than others. If you have something that you really need to secure, then what is it? If it's strings, then nothing will protect you. If it's an algorithm, then obfuscation won't protect you from anybody who is determined.

    The reason I ask is that one of the things about obfuscation and code security is that it is often used to secure the wrong thing. People often think that their code is valuable, but it isn't. Just look at the web. I'm writing in Javascript. Every modern browser will allow anybody to see the source code at any time. With that language, everybody understood that code security is a myth, so there is no attempt to secure or obfuscate anything. The same is true for Windows applications, it's just that lots of people don't realize that, possibly because it isn't quite as easy to see the code as it is with JS. Just remember that for an application to run, it must be deofuscated machine language, which can be displayed as ASM, which can be back converted into somewhat higher languages. It's all there, though, and strings are even simpler than that. So, be sure what you are securing. In the JS environment, since everything is out there on display, the only security you can have is to keep sensitive information server side. The same can be done with some Windows applications. Other parts can be encrypted (strings). Some things can't be protected much at all.
    This.

  8. #8

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    @Shaggy: You're right, but many can use ILSpy or other tools to get the source code but not as many can do it if it was obfuscated,you add a protection,that way obfuscators exists

    @Toph: there it is a way to integrate confuserex with VS for automatic obfuscation on build?

    thanks

  9. #9
    Fanatic Member Toph's Avatar
    Join Date
    Oct 2014
    Posts
    655

    Re: Obfuscator free for VS 2013

    I'm not sure if there is a way to integrate for automatic obfuscation. I don't see why you can manually obfuscate the final version.

  10. #10
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    35,238

    Re: Obfuscator free for VS 2013

    The question that this kind of thing brings to mind is this: What is in the source code that is worth stealing?

    People seem to think that their source code is the treasure of the realm, but I only know of one case where that was true, and in that case, nobody except a few were even allowed to touch the computer that ran the application. The algorithm itself was a trade secret for the business. That's a very rare case. More typically, the idea is the key to a program. For example, I recently replicated a program written in VB6. We didn't have the source code any longer, and I wasn't about to bother trying to get the source code from some other means (you can decompile VB6, too, it is just a little messier). Instead, I wrote a program that used the same backend database and had the same look and feel of the existing program. The souce code isn't the same, but so what? The user experience is identical (except that I added some features that the original didn't have), and the data being stored is identical.

    What I am saying is that for most programs, there is nothing special about the code. What is special is the mind that came up with the concept that the code embodies. Once the program is written, the concept is on display for anybody who sees the program, and the source code is barely even useful to anybody who wants to steal the idea. It is likely to be easier to re-create than to steal, and makes the legal situation considerably more complicated.

    There are things that have to be protected, such as passwords and the like, and some proprietary algorithms. Those are valid things to protect, but passwords and the like can't be protected by obfuscation and have to be protected by either encryption, isolation, or both. That leaves only proprietary algorithms that are really valid candidates for obfuscation. I have only known the one program where that was the case.

    Just be sure that you are making the effort for something that is worth the effort, and make sure that obfuscation will actually do what you expect it to do. I don't particularly trust obfuscation, because code has to be just plain machine language for it to execute, so there has to be a time when it is all plain. That's not to say that it isn't harder to intercept in such a case, just be sure that the rock you are trying to lock up has value to people other than just you before you spend much effort locking it up. Sometimes a rock is a diamond, but most of the time it's just a rock.
    My usual boring signature: Nothing

  11. #11
    Fanatic Member Toph's Avatar
    Join Date
    Oct 2014
    Posts
    655

    Re: Obfuscator free for VS 2013

    Quote Originally Posted by Shaggy Hiker View Post
    The question that this kind of thing brings to mind is this: What is in the source code that is worth stealing?

    People seem to think that their source code is the treasure of the realm, but I only know of one case where that was true, and in that case, nobody except a few were even allowed to touch the computer that ran the application. The algorithm itself was a trade secret for the business. That's a very rare case. More typically, the idea is the key to a program. For example, I recently replicated a program written in VB6. We didn't have the source code any longer, and I wasn't about to bother trying to get the source code from some other means (you can decompile VB6, too, it is just a little messier). Instead, I wrote a program that used the same backend database and had the same look and feel of the existing program. The souce code isn't the same, but so what? The user experience is identical (except that I added some features that the original didn't have), and the data being stored is identical.

    What I am saying is that for most programs, there is nothing special about the code. What is special is the mind that came up with the concept that the code embodies. Once the program is written, the concept is on display for anybody who sees the program, and the source code is barely even useful to anybody who wants to steal the idea. It is likely to be easier to re-create than to steal, and makes the legal situation considerably more complicated.

    There are things that have to be protected, such as passwords and the like, and some proprietary algorithms. Those are valid things to protect, but passwords and the like can't be protected by obfuscation and have to be protected by either encryption, isolation, or both. That leaves only proprietary algorithms that are really valid candidates for obfuscation. I have only known the one program where that was the case.

    Just be sure that you are making the effort for something that is worth the effort, and make sure that obfuscation will actually do what you expect it to do. I don't particularly trust obfuscation, because code has to be just plain machine language for it to execute, so there has to be a time when it is all plain. That's not to say that it isn't harder to intercept in such a case, just be sure that the rock you are trying to lock up has value to people other than just you before you spend much effort locking it up. Sometimes a rock is a diamond, but most of the time it's just a rock.
    Well said once again.

  12. #12
    Bad man! ident's Avatar
    Join Date
    Mar 2009
    Location
    Cambridge
    Posts
    5,390

    Re: Obfuscator free for VS 2013

    The One thing i always say to such people when asking this type of question is that i you need to ask "How" then you can't write any thing worth stealing.

  13. #13
    PowerPoster SJWhiteley's Avatar
    Join Date
    Feb 2009
    Location
    South of the Mason-Dixon Line
    Posts
    2,256

    Re: Obfuscator free for VS 2013

    There's an irony here: the requirement for a free obsfucator.

    I'm sure we have all gone through the panic that 'everyone can see my code!!!' when moving over to .NET from other languages. But as already stated the 'art form' is not in the code, but the person that made it.

    Here's the times I've used Reflector:

    On my own code, to see how it translates to and from C# and VB;
    On others code to translate to and from C#/VB;
    To examine certain techniques for specific applications (nothing really new, there, but it isn't as valuable as you think it is);
    To see how security has been implemented - or lack of security - in both others and my own code;
    To examine the .NET framework libraries;
    To determine if an assembly is a .NET library or not.

    The only thing that may be 'protectable' is a programming technique - but really there isn't anything that cannot easily be garnered from a google search. Further, the 'technique' examined is often an artifact of the compiler: the code produced isn't exactly the code entered by the programmer: so that top secret super fast bubble sort algorithm that one invented, is actually the compiler making things more efficient.
    "Ok, my response to that is pending a Google search" - Bucky Katt.
    "There are two types of people in the world: Those who can extrapolate from incomplete data sets." - Unk.
    "Before you can 'think outside the box' you need to understand where the box is."

  14. #14

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    It works with VS integrations
    there I found how to do it

    if $(ConfigurationName)==Release (
    cd “$(TargetDir)”
    “c:\path_to_\confuser Release\confuser.console.exe” “$(SolutionDir)confuserSettings.crproj”
    copy /y Confused\*.*
    rmdir /s /q Confused
    ) else (
    echo “not in release mode, not obfuscating”
    )


    I added this to .vbproj file

    HTML Code:
    <PropertyGroup>
        <PostBuildEvent>
    	If $(ConfigurationName)==Release (
    	    cd $(TargetDir)
         	c:\Confuser\Confuser.CLI.exe $(ProjectDir)confuserSettings.crproj
    	 )
       </PostBuildEvent>
      </PropertyGroup>
    confuserSettings.crproj is confuser project

    the only thing I could not resolved is to use in build mode obfuscated file

    i think these commands is doing that:

    copy /y Confused\*.*
    rmdir /s /q Confused

    I don't used them becase I got this error:

    Name:  Untitled.png
Views: 1044
Size:  16.2 KB

    thanks!


    Quote Originally Posted by Toph View Post
    I'm not sure if there is a way to integrate for automatic obfuscation. I don't see why you can manually obfuscate the final version.

  15. #15

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    any help to my last post?

  16. #16

    Thread Starter
    Addicted Member
    Join Date
    Jan 2009
    Posts
    214

    Re: Obfuscator free for VS 2013

    It is working with these settings:
    Preset: aggressive
    Protection: remove antidebug

  17. #17
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,612

    Re: Obfuscator free for VS 2013

    I'm not sure I'd be quite as negative about obfuscation as is coming across here. Some things are worth protecting. The company I currently work for has an AI algorithm that they're protecting. Ultimately it's just a bunch of mathematical techniques but they chose not to publish them in trade papers etc. and they obfuscate the code for the same reason - the value is in the algorithm and they don't want anyone else getting to read that algorithm by any means. Since they have to "publish" the software in order for it to be used, obfuscating the underlying code seems a sensible measure.

    It's certainly true that no system is truly secure but obfuscation adds an extra layer of inconvenience to a determined hacker. Ultimately that's all you can ask of any security measure.

    We use DotFuscator and I believe it's very good but I don't believe there's a free version and it doesn't integrate into VS (it's a post compile process).
    You can depend upon the Americans to do the right thing. But only after they have exhausted every other possibility - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  18. #18
    Superbly Moderated NeedSomeAnswers's Avatar
    Join Date
    Jun 2002
    Location
    Manchester uk
    Posts
    2,623

    Re: Obfuscator free for VS 2013

    I'm not sure I'd be quite as negative about obfuscation as is coming across here. Some things are worth protecting. The company I currently work for has an AI algorithm that they're protecting.
    Ah yes but your company obvisouly has something worth protecting, some intellectual property that not every tom dick and harry can just do themselves.

    Most code is not worth obfuscating as it just the standard stuff which you can find examples of on the internet anyway, however if you have an algorithm or some complexity then you right you may have something worth the effort of at least attempting to protect.

    Saying that your company must know that obfuscation is only protection from the casual hacker, and if anyone was serious about stealing that algorithm they probably could.

    If you have an algorithm that is truly worth protecting then you should be putting it in your server side code
    Please Mark your Thread "Resolved", if the query is solved & Rate those who have helped you



  19. #19
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,612

    Re: Obfuscator free for VS 2013

    Most code is not worth obfuscating
    Oh, I'd definitely agree with that statement. I just wanted to get across that some is.

    you should be putting it in your server side code
    That's an interesting conundrum for us. The core code is in dlls so it could be deployed behind web services or wrapped up in a desktop gui. Historically it's been shipped as a gui or just by shipping the dlls themselves and allowing people to knock up their own clients (usually matlab scripts but it varies) but we have started moving toward a service based architecture (my main project in the last year has been producing a simplified API for it and exposing it as a Thrift service to make it language independent). The driver for this was not security but that is a potential bonus. The downside is that it's used in analysis across massive datasets and it's architected to deal with a single row at a time - so that's lots of individual very small calls across a network - that extra performance bottleneck could prove to be a killer.

    I think what's actually going to happen eventually is that the whole thing's going to get rewritten as Hadoop Map Reduce tasks as the company's moved to Hadoop as a data lake already.
    You can depend upon the Americans to do the right thing. But only after they have exhausted every other possibility - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

  20. #20
    PowerPoster SJWhiteley's Avatar
    Join Date
    Feb 2009
    Location
    South of the Mason-Dixon Line
    Posts
    2,256

    Re: Obfuscator free for VS 2013

    Quote Originally Posted by FunkyDexter View Post
    ...

    I think what's actually going to happen eventually is that the whole thing's going to get rewritten as Hadoop Map Reduce tasks as the company's moved to Hadoop as a data lake already.
    That's obsfucation, right there
    "Ok, my response to that is pending a Google search" - Bucky Katt.
    "There are two types of people in the world: Those who can extrapolate from incomplete data sets." - Unk.
    "Before you can 'think outside the box' you need to understand where the box is."

  21. #21
    PowerPoster SJWhiteley's Avatar
    Join Date
    Feb 2009
    Location
    South of the Mason-Dixon Line
    Posts
    2,256

    Re: Obfuscator free for VS 2013

    Seriously, though, it's not so much that obsfucation in 'pointless', it's that as already noted:

    * Most code isn't worth obsfucating;
    * if the code is valuable enough to require obsfucating, then it's worth paying for the tools to do so.
    "Ok, my response to that is pending a Google search" - Bucky Katt.
    "There are two types of people in the world: Those who can extrapolate from incomplete data sets." - Unk.
    "Before you can 'think outside the box' you need to understand where the box is."

  22. #22
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    35,238

    Re: Obfuscator free for VS 2013

    Quote Originally Posted by FunkyDexter View Post
    allowing people to knock up their own clients
    That's an interesting business strategy, to be sure. I don't see why the created intelligence would be considered aritificial, though.
    My usual boring signature: Nothing

  23. #23
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,612

    Re: Obfuscator free for VS 2013

    It's the oldest profession...
    You can depend upon the Americans to do the right thing. But only after they have exhausted every other possibility - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width