If my post was helpful to you, then express your gratitude using Rate this Post.
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video) My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet Social Group:VBForums - Developers from India
It seems to me that most people who are looking for an obfuscator tend to be expecting it to do far more than it really can do. At best, they add a modest level of security to code.
There are no, good, free obfuscators. Obfuscation is a tricky process and free applications just won't do if you expect it to actually do anything useful.
You can easily find free de-obfuscation software that will rip the code apart in seconds.
If you want a a good obfuscator, then you're going to have to pay for it. But they're expensive.
But really, there's very little reason that most people need to actually obfuscate their software. Most users won't know how to disassemble it and most of the others won't care.
There was another guy on here a little while ago that was afraid of "hackers" that he was releasing his software to, would steal his code. Actually, I think he just wanted to prevent them from looking at some string, but whatever. We told him about the built in tool for VS and he thought it was the greatest thing since slice bread.
Then I told him that I did a quick test and obfuscated an application and then spent 5 minutes finding a free de-obfuscation tool, downloading and ripping apart the obfuscation. It was so simple and made the obfuscation entirely irrelevant.
Last edited by weirddemon; Apr 15th, 2011 at 04:08 PM.
The free obfuscator from preemptive (the one that gets bundled with paid versions of visual studio) works pretty well. It doesn't do things that the full paid version does (like string encryption, and incremental obfuscation, reverse obfuscate stack traces, etc...) but for the plain vanilla "I want to scramble all my methods to make things hard to reverse engineer" it works decently well. It renames as many methods and objects as it can to the same name without creating ambiguity, so you can literally end up with hundreds of methods called 'a' in your app. The more complex the app is, the harder it becomes to easily deobfuscate. Never will be hack proof, but makes people way less inclined to bother.
The free obfuscator from preemptive (the one that gets bundled with paid versions of visual studio) works pretty well. It doesn't do things that the full paid version does (like string encryption, and incremental obfuscation, reverse obfuscate stack traces, etc...) but for the plain vanilla "I want to scramble all my methods to make things hard to reverse engineer" it works decently well. It renames as many methods and objects as it can to the same name without creating ambiguity, so you can literally end up with hundreds of methods called 'a' in your app. The more complex the app is, the harder it becomes to easily deobfuscate. Never will be hack proof, but makes people way less inclined to bother.
It's actually quite awful. At least in terms of making it hard to reverse engineer.
I spent just a few minutes de-obfuscating code obfuscated by the VS tool. I can't remember if the methods and classes were still renamed, but I was very easily able to obtain all important code that I needed.
If you want a a good obfuscator, then you're going to have to pay for it. But they're expensive.
Could you please name one best paid obfuscator ?
If my post was helpful to you, then express your gratitude using Rate this Post.
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video) My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet Social Group:VBForums - Developers from India
If I have a complicated app that's doing a lot of things at the same time will strong obfuscation impact the performance greatly? Anybody know off the top of their head?
It's actually quite awful. At least in terms of making it hard to reverse engineer.
I spent just a few minutes de-obfuscating code obfuscated by the VS tool. I can't remember if the methods and classes were still renamed, but I was very easily able to obtain all important code that I needed.
was it a simple program? The bigger the program is, the better the obfuscation process works since it uses name overloading every place possible. So if your app only has a handful of methods and such in it, there is only so much it can do to rename things and it will still be easy to find what you are looking for. However once you have lots of classes/methods/etc.. the more and more that get renamed to the same name. Once you have 60 classes all renamed to A.A and in A.A there are 10 methods all called A.A.B() it becomes more difficult to sift through the code and see what is calling what and where. Also if you were de-obfuscating code you wrote yourself, then you already knew what you were looking for, which would also make that process a bit easier. Not saying its perfect, but wouldn't call it aweful. After all it is just an obfuscator, which is only 1 method of securing source code IP.
was it a simple program? The bigger the program is, the better the obfuscation process works since it uses name overloading every place possible. So if your app only has a handful of methods and such in it, there is only so much it can do to rename things and it will still be easy to find what you are looking for. However once you have lots of classes/methods/etc.. the more and more that get renamed to the same name. Once you have 60 classes all renamed to A.A and in A.A there are 10 methods all called A.A.B() it becomes more difficult to sift through the code and see what is calling what and where. Also if you were de-obfuscating code you wrote yourself, then you already knew what you were looking for, which would also make that process a bit easier. Not saying its perfect, but wouldn't call it aweful. After all it is just an obfuscator, which is only 1 method of securing source code IP.
Yeah, I guess my test wasn't very objective. I used it to obfuscate an app of mine and then deobfuscated it. It being my app, I of course knew where everything would be.
There aren't 60 classes in that app, but there are like 20 or 21 modules+classes. But, again, knowing the code, I could easily go through each one.
But, I have deobfuscated other applications though. I was able to get the majority of the code, but I can't remember how large the apps were.
Xenocode had a good one...well a decent one in my books. It worked pretty well.
Thanks
If my post was helpful to you, then express your gratitude using Rate this Post.
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video) My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet Social Group:VBForums - Developers from India
I use CryptoObfuscator with the licensing package. I researched this same thing several months back and this is what I ended up with. Probably has more features then I'll ever use or understand but they have alot of videos online showing how to do things if you have the time to spend on it. Works well, haven't implemented too many features but being able to embed the licensing into the obfuscation seemed pretty nice. No idea if it's easy to reverse engineer or not. You can have it obfuscate automatically during each build but I have not figured that part out. Also you can embed and encrypt user data as well. I embed users name, e-mail, and a few other things into the license. Here's a review I found:
Also, for the licensing, if you are building and using a live license in dev mode then the program will crash, you have to code around it while developing, it automatically detects debuggers etc.
As the 6-dimensional mathematics professor said to the brain surgeon, "It ain't Rocket Science!"
Reviews: "dunfiddlin likes his DataTables" - jmcilhinney
Please be aware that whilst I will read private messages (one day!) I am unlikely to reply to anything that does not contain offers of cash, fame or marriage!
Reply With Quote
Originally Posted by malex21
