Code obfuscation solutions

Question

3.29/5 (5 votes)

See more:

Looking for a good Code Obfuscator, for managed code,
I am well aware of PreEmptive's dotfuscator, their paid edition is pretty good.
Anyone know of a good (free or for a reasonable price) obfuscator for C# (and\or Java) and if you have worked with one, I'd like to hear your experience please.

If any of you guys have self-implemented (a good one), please write a CP article

NOTE: Yes, I can google it, but I what I want here is a first hand opinion, tnx :)

Best,
H

Posted 9-Sep-13 4:36am

Herbisaurus

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ron Beyer · Answer 1 · 2013-09-09T04:49:00

Solution 1

I searched high and low for a "free" obfuscation tool, while there are some out there (CodePlex has an open-source one), they didn't meet my needs. Unfortunately all the paid ones think that they are made of gold.

I may end up developing (and this is an idea for you) that just makes it impossible to open in ildasm (easy, there is an attribute for this) or reflector (this is harder and may require unmanaged wrappers). I figure once they can't open it in those tools it would deter 99% of people looking to reverse engineer them.

The only obfuscation tool that really worked for me was SecureTeam CliSecure. This worked great on small projects but once I tried to obfuscate my large scale project (40 DLL's, plug-ins, etc) it trashed the output and it would break the execution. Its also pretty expensive ($795).

In the end there is no real way to protect 100%, the truely motivated will get around just about anything you have, but if you can deter 90% I think that's good enough. Many of the free ones can do this just by variable/method renaming.

Posted 9-Sep-13 4:49am

Ron Beyer

Comments

Nelek 9-Sep-13 10:55am

That's true. You can not secure anything 100%, but it is enough secure if you manage to make it difficult enough to avoid the lazy people.

Ron Beyer 9-Sep-13 11:00am

Which is why I said "if you can deter 90% (aka the lazy) ... thats good enough" :) Or my contradicting 99% who stop after not being able to open in ildasm or reflector...

Sergey Alexandrovich Kryukov 9-Sep-13 14:23pm

It tells me that obfuscation is almost useless. Those people who would have problems in reverse-engineering won't even bother (or won't understand what it is), but the minority of people who can do it well will crack nearly everything (I've read that the strongest protection products, which are much more advanced than obfuscation, are actually easier to crack, because reverse-engineering specialists studied them much better)...
—SA

Herbisaurus 10-Sep-13 2:12am

Tnx for the reply Ron :)

Did you use the obfuscator (CliSecure) as a default protection you add to your products or was it a client's requisition?

Fact is that I need a more rebust product than an obfuscator, but I wasn't sure that CP is the right site to ask this...
I also need to hide constants like strings that are sensitive, and I need tamper detection (and defense if possible)

Ron Beyer 10-Sep-13 9:39am

CliSecure will do all that, and some free ones will too but I never found one that "worked". I did this to try to protect the code for one of my products, most of my clients don't care about obfuscation since the monkeys behind the operator stations still prefer buttons and lights to computers and despise the "new fangled box with the pretty graphics".