Click here to Skip to main content
15,867,568 members
Articles / Web Development / ASP.NET
Article

Use of Spices.Obfuscator as a Tool for Protection and Optimization of .Net Applications.

20 Apr 20077 min read 33.9K   3   14
Use of Spices.Obfuscator as a Tool for Protection and Optimization of .Net Applications. Current use of obfuscators expands their role in the development and handling of .Net applications.

This article is in the Product Showcase section for our sponsors at CodeProject. These articles are intended to provide you with information on products and services that we consider useful and of value to developers.

Visit the Spices.Obfuscator homepage.

Introduction

The present use of obfuscators as tools for application of protection from snooping and decompilation/disassembly requires more sophisticated obfuscators.

In the past it was considered that obfuscators converted IL-code and metadata into something meaningless and difficult to recognize. The situation appears to be completely different today.

Methods of code development and maintenance have become very sophisticated. A completely different protection level is required as well as additional support services, analysis and maintenance of the code for large projects and for various configurations/packages is required.

Obfuscators do offer the possibility to convert IL-code and its structure into a difficult-to-read and hard to decompile file, protecting the code from hackers and competitors. Apart from that,

hackers and competitors have very efficient tools for the decompilation, deobfuscation and forging of the IL-code and therefore it is necessary to withstand exploitations of this vulnerability. Modern obfuscators expand their realm of this application.

Spices.Obfuscator (one of the products of the Spices.Net family) developed by the 9Rays.Net, Inc. company offers this entire array of applications making it a state of the art development tool.

Its features are listed as follows.

Build-process Automation

Most companies have quite complicated build-processes requiring flexibility and yet specific scripts. MSBuild support included in Spices.Obfuscator allows easy integration of the obfuscation process into the build process in the form of automation, thereby making Spices.Obfuscator more flexible. Obfuscation script can be written using C#, VB.Net, C++ or J# by integrating Spices.Obfuscator into one's own build-solutions.

Spices.Project and Spices.Solution both support launching of various solutions in the process of obfuscation at any step.

Debug Support

With Spices.Obfuscator it is possible to debug applications after the obfuscation. Thorough integration with Visual Studio 2003/2005 allows obfuscating applications right within the build process and launching of the obfuscated application in the debug mode.

Besides this, means of tracing exceptions is offered, allowing the receipt of the original method of stack trace which eventually results in quick analysis and correction of errors.

Support of Large Projects and Various Project Configurations

Many software manufacturers develop several software versions: evaluation version, pro version, light version, etc. They require different obfuscation modes for different versions. Spices.Solution can enable this to happen since it is a collection of projects (each of which contains one of the product configurations), which allow obfuscating various product configurations at a time.

Anonymization

This is a new patent pending technology that is including several methods to complicate code analysis and decompilation.

Spices.Anonymizer factually converts the code monolith of the protected application into sand, substantially complicating the process of analysis of the applications, the search of the vulnerable points for hackers as well as protecting applications from ILASM/ILDASM roundtrip.

This technology only insignificantly reduces the code efficiency. It is flexible in operational control and it allows several protection levels, where even the minimal level of protection considerably increases the security of the applications and the complication of their analysis.

Security

It is not a secret that software developers spend a lot of efforts to provide security for their applications, hide secret information from hackers and substantially complicate its search in bytecode.

StringEncryption technology used by Spices.Obfuscator offers several levels of security ranging from removing strings from the code to string encryption using the TripleDES algorithm. Spices.Anonymizer technology foresees the possibility of code anonymization that is responsible for the information encryption in order to prevent the decompilation software from recognizing decryption methods.

Optimization

Obfuscators do not only rename assembly members but optimize the assembly in size and efficiency as well. The obfuscation effect, which changes the names of the assembly members to shorter ones, increases the efficiency of the applications. Assemblies may contain code and metadata that do not have to be held in the obfuscated assembly. They are superfluous and should be deleted and by doing so reduce the assembly size. The technology used in Spices.Obfuscator allows 50% reduction of the metadata assembly size. This size reduction leads to faster initialization of the assembly and a significant increase of efficiency. Some methods used by Spices.Optimizer complicate the tasks of hacking and assembly research as well as ILDASM/ILASM roundtrip.

Localization

Localization as you know it in developmental tools such as Visual Studio does not allow localization of all of the string and application resources. Localized information must be constantly updated by updating the assembly process of the application with respect to the localization.

Spices.Obfuscator offers a convenient solution of this issue. By means of one of the tools contained in the Spices.Net – Spices.Localizer, a user can extract all the string and resource information from the assembly, obtain localization tables and perform localization of the required information to any language.

Spices.Localizer also offers line synchronization for localization with the current code version, which substantially reduces the assembly time and allows distribution of the tasks between the developers to be more efficient. After the localization tables are completed, they can be used while obfuscating and all the localized information will be implemented in the code. If string encryption is used, localized information will be encrypted as well.

Tamper-proof /anti Spoofing

If hackers were not attracted to the first .net versions, the growing popularity of them nowadays brings it to their attention. The .Net software uses assembly signing technology, converting the file into a strong-named assembly. At startup, such files are checked for digital signature that is kept in the assembly and confirms that since the moment of assembly signing its content hasn't changed. This is a good solution that allows avoiding corruption and modification of the assembly, but the signing technology has its weaknesses.

For instance, a hacker can remove an assembly signature, modify an assembly and re-sign it using his own key, forging the assembly by doing so. This is one of the widely used methods of .Net code hacking.

Spices.Obfuscator offers solutions to protect code from such hacking attacks by regenerating tamper-proof assembly that is very hard to forge (this is a patent pending technology as well). Experts at 9Rays.Net are working daily to improve this technology.

Assembly Verification

In order to assure that an assembly has been properly obfuscated, Spices.Obfuscator also includes the possibility of assembly verification after obfuscation and optimization.

Additional Means of Analysis, Browsing and Search

One very advantageous feature of Spices.Obfuscator is the fact that it contains additional means of analysis, browsing and verification of assemblies. The package includes a disassembler, an analyzer of call graphs, inheritance and interface implementation. A user can obtain complete context information about a current assembly member when browsing the assembly members, as well as when searched by name or token. The package also includes means for low level browsing and analysis of metadata ranging from the metadata table structure to the structure of PE-files (portable executable format). The package also includes a means of obtaining diagrams depicting various relations between the assemblies and their members. In other words Spices.Obfuscator presents not only the means of protection but serves as a tool for the analysis of the assembly architecture as well as the supplier of practically any information about the assembly that may be needed.

Assembly, Classes Merging & Linking

In the next versions of Spices.Obfuscator, The 9Rays.Net Company plans to develop a Class/Assembly Linker that will allow assembly manipulations such as assembly merging, splitting and extraction of classes from an assembly. Such services are in demand and as you can see, they expand the applicability of obfuscators.

Conclusions

As we can see Spices.Obfuscator offers a wide set of services and means that not only protect software from competitors and hackers, but also optimizes applications in size and efficiency. It can flexibly accompany the most sophisticated build-process and large projects, as well as serve as a supplier of information for browsing, analysis and verification of .Net applications.

Visit the Spices.Obfuscator homepage.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Web Developer
Russian Federation Russian Federation
Founded in 2001, 9Rays.Net is a developer tools company specializing in .NET. Coupled with state of the art products, is an excellent support team and at 9rays we assure you of premium performance. We are the leading company in our field of work.

Development offices are based in St.Petersburg and Moscow.

Comments and Discussions

 
QuestionIs there any way to upgrade the license? Pin
kakang17-Oct-07 23:20
kakang17-Oct-07 23:20 
AnswerRe: Is there any way to upgrade the license? Pin
NineRays18-Oct-07 1:19
NineRays18-Oct-07 1:19 
GeneralHow's it handle reflection, unmanaged code and xaml? [modified] Pin
kakang13-Oct-07 0:59
kakang13-Oct-07 0:59 
AnswerRe: How's it handle reflection, unmanaged code and xaml? Pin
NineRays14-Oct-07 21:21
NineRays14-Oct-07 21:21 
Our app can be extended by adding additional assemblies, and those assemblies are detected in our app by using reflection. Is it possible to obfuscate our app in this case?

Yes, it is possible. You can use especially designed for these pruposes KeepSerialization obfuscation mode to keep serializable and used in reflection types untouched.

Some of our dependency assemblies are mixed up of managed and unmanaged code(c++ interop, p/invoke), can we obfuscate these assemblies?

Yes, Spices.Obfuscator correctly obfuscated mixed code assemblies.

Your website advertise that your obfuscator support .net 3.0 (and even 3.5).<br />
Can xaml resources be obfuscated? And how about if there is resource linking from xaml to other assemblies?


Unfortunately xaml resources can't be obfuscated by Spices.Obfuscator.
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
kakang14-Oct-07 22:21
kakang14-Oct-07 22:21 
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
NineRays14-Oct-07 22:27
NineRays14-Oct-07 22:27 
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
kakang14-Oct-07 22:50
kakang14-Oct-07 22:50 
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
NineRays14-Oct-07 23:05
NineRays14-Oct-07 23:05 
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
kakang15-Oct-07 1:20
kakang15-Oct-07 1:20 
GeneralRe: How's it handle reflection, unmanaged code and xaml? Pin
NineRays15-Oct-07 2:25
NineRays15-Oct-07 2:25 
QuestionIs it free? Pin
Moim Hossain2-Jun-07 4:41
Moim Hossain2-Jun-07 4:41 
AnswerRe: Is it free? Pin
NineRays2-Jun-07 8:22
NineRays2-Jun-07 8:22 
GeneralASP.NET Applications Pin
Bassam Saoud30-Apr-07 9:02
Bassam Saoud30-Apr-07 9:02 
GeneralRe: ASP.NET Applications Pin
NineRays1-May-07 6:39
NineRays1-May-07 6:39 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.