Skip to content
August 1, 2010 / venky

Crypto Obfuscator – .NET Code Obfuscation

You are reading this article probably because you develop applications in Microsoft .NET framework and like many other .NET developers you are likely looking for a solution to protect your .NET code from peering eyes that want to look inside the hood so to speak of your software to reverse engineer, reconstruct, and possibly steal your .NET source code and Intellectual Property (IP). If you are a .NET developer you already may know that assemblies in .NET are compiled into Microsoft Intermediate Language (MSIL) or Common Intermediate Language (CIL) as it is called now that keeps the actual code practically unchanged unlike the native Win32 libraries which are compiled into machine code and impossible to reconstruct completely. There are some advantages in having source code compiled into CIL but there is one particularly devastating side effect and that is exposed code that can easily be reverse engineered. With very little effort CIL code can be reverse engineered and reconstructed into the original source code. As you may have guessed there is no dearth of tools that make de-compilation of the MSIL code possible and in fact there are many tools known by different names such as Dis-Assembler, Reflector, and De-compiler that can reveal your code and open the door to reverse engineering. One need only imagine the detrimental consequences of such acts: code tampering, stolen code, stolen trade secrets and intellectual property, lost revenue, etc. Therefore developers need to make every ounce of effort to secure and protect their code.

The proven and reliable solution to deter reverse engineering and code tampering is to make your compiled code obscure and harder to understand for anyone looking at it. This is accomplished via a technique known as “Code Obfuscation”. The key here is to confuse, frustrate, complicate, and in some cases completely shut down the ability for hackers and crackers to reverse engineer source code. Of course, to accomplish this feat one needs good Code Obfuscation software typically known as “Obfuscator” and one such software is Crypto Obfuscator for .NET by LogicNP which in my opinion is a very reliable and excellent solution code obfuscator and I will provide details to back up my claim in this article. Crypto Obfuscator for .NET not only allows developers to protect their code, trade secrets, and IP but also enables code optimization and simplified deployment by making use of features such as assembly linking, merging, compression, resource compression, metadata reduction, duplicate string elimination, and runtime performance optimizations. In this article I will write about Crypto Obfuscator for .NET but I will take a different approach in that I will first briefly mention about the typical, fundamental obfuscator features that any Obfuscator software should have but discuss the features and functionality that set Crypto Obfuscator apart from other obfuscators. After all the true value of an obfuscator is not in what it has common with other obfuscators or that it has the basic obfuscation functionality but in what is unique to it that is not present in other obfuscators and what is unique about it. I will do my best to highlight what I believe are such unique features and functionality to Crypto Obfuscator.

First, Crypto Obfuscator has a very easy to use interface with obfuscation options and settings provided in simple and easy to understand UI. I was able to obfuscate my code absolutely easily. The simple and accessible UI is backed up by pretty good documentation that explains all features and functionality in great detail. Crypto Obfuscator has all the basic requirements that an obfuscator should have and is typically common in all obfuscator software. These include:

  • Symbol Renaming – This is the technique of substituting names of classes, member fields, methods, etc. with some other names that don’t make much sense and makes it harder to understand and difficult to reverse engineer the code.
  • Advanced Overload Renaming – Crypto Obfuscator renames member fields with different types or methods with different parameters to the same name. This works perfectly fine in .NET because the signatures are different but at the same time makes it harder to reverse engineer the code.
  • Method Call Hiding – Crypto Obfuscator hides calls to methods and properties from external assemblies as well as from methods and properties that have not been obfuscated or renamed thereby making it difficult to follow the code.
  • String Encryption – Use of strings in any program is all but certain but sometimes the strings contain information that you do not want others to find out such as passwords, logic, formulas, etc. Crypto Obfuscator can ensure safety of your information by encrypting strings in your code.
  • Control Flow Obfuscation – An important aspect of a program is the flow of program control. Program flow can provide valuable insight into what the program is doing and makes it easy to decipher the program. De-Compilers can easily recreate the code using the program flow. Crypto Obfuscator can obscure the program flow to make code reconstruction harder while still maintaining code integrity and performance.
  • Resource Encryption – It is a common and best practice to put information in resource files in a .NET program. These can include copyrighted images, information, localization files, media files, etc. which could be sensitive trade secrets. Without any protection your resources are vulnerable to extraction but Crypto Obfuscator can encrypt and prevent resources extraction and thus protect your information.

Of course, symbol renaming is a typical obfuscation technique found in many obfuscators but what makes it so special about this technique in Crypto Obfuscator is that it provides developers with three methods to rename symbols: Cryptographic, Normal, and Unprintable. Cryptographic scheme generates substitution symbol names based on a cryptographic algorithm where the names are longer and harder to understand thereby making it difficult reverse engineer. You may also select this option for incremental obfuscation which is to say that existing classes, fields, and methods are given the same obfuscated name every time you run obfuscation but new classes, fields, and methods are given obfuscated names not already taken. Normal symbol renaming scheme generates repeating substitution names that are shorter in length but can confuse anyone trying to read and understand the code thus making it harder to reverse engineer the code. Unprintable symbol renaming scheme generates substitution names with unprintable characters that look the same in a de-compiler thus making it absolutely nonsensical and difficult to reverse engineer. Developers can choose either one of these equally strong and effective symbol renaming schemes according to their preference. See below figures for each of these renaming schemes.

Symbol Names before Obfuscation

Symbol Names before Obfuscation


Cryptographic Symbol Renaming

Cryptographic Symbol Renaming


Normal Symbol Renaming

Normal Symbol Renaming


Unprintable Symbol Renaming

Unprintable Symbol Renaming


In Crypto Obfuscator developers can make use of combination of strong code protection functionality to protect code. The protections include anti debug, anti tracing, and tamper detection which terminate the application when a debugger or tracer is detected or the strong name verification of obfuscated assembly fails. In addition, Crypto Obfuscator includes protection from ILDASM, Reflectors, De-Compilers, and Dis-Assemblers. Since these are the typical tools used to reverse engineer code Crypto Obfuscators protection from them is the first line of defense against reverse engineering. I wanted to test this functionality so I attempted to reverse engineer one of my obfuscated programs using a couple of tools and they failed to do so. I am sure this protection extends to many other tools I have not tested.

DIS # .NET

Dis # Decompiler


ILDASM Protection

ILDASM Protection



Decompiler.NET

Decompiler.NET Protection


Crypto Obfuscator has other functionality that allows developers to protect their code. These include dependant assembly encryption and embedding, watermarking, and customized obfuscation rules. Dependant assembly encryption and embedding allows developers to take their individual assemblies and combine them in a single main assembly. This enables developers to optimize and deploy their code. Thus Crypto Obfuscator not only provides code protection but also code optimization and easy assembly deployment. Another notable feature in Crypto Obfuscator is the ability to add up to 10 watermarks in the assembly. Using the watermarking technique developers can add secret watermarks in their assembly which helps them track the assembly usage. Embedded water marking in an assembly can be retrieved or revealed easily using Crypto Obfuscator thus determining whether code or assembly was stolen or not. Furthermore, obfuscation process can be customized by creating obfuscation rules and selectively obfuscating components in assembly as needed. In a test I did I was able to embed and retrieve a watermark as shown below.

Watermark

Watermarking


Crypto Obfuscator can also be easily integrated into Visual Studio build process using the Pre-Build, Post-Build, and MSBuild process. This allows developers to automate obfuscation using same settings thereby saving time and effort compared to obfuscating manually. Crypto Obfuscator also integrates well with CryptoLicensing by enabling embedding of the licensing assembly directly into the main assembly and eliminating any chance of intercepting calls between main assembly and the licensing assembly.

One aspect of Crypto Obfuscator I really liked is the Stack Trace De-Obfuscator. Ordinarily if you the developer who created the program wanted to troubleshoot the program using the exception and stack trace then it will be nothing short of insurmountable challenge to understand the stack trace and troubleshoot the program because the stack trace will contain obfuscated information. However with Crypto Obfuscator the problem is solved because it post obfuscation it generates a mapping file that maps the original, unobfuscated names to the obfuscated names. When you provide the obfuscated stack trace to the stack trace de-obfuscator it converts the obfuscated stack trace to what would otherwise be an original stack trace. This greatly helps developers in troubleshooting their programs at the same time retaining code protection. I tested this feature and was successful in de-obfuscating an obfuscated stack trace as shown below.

Obfuscated Stack Trace

Obfuscated Stack Trace


Stack Trace De-Obfuscation

De-Obfuscated Stack Trace

In conclusion Crypto Obfuscator provides typical and advanced obfuscation functionality to accomplish effective, strong, and deterring code obfuscation. The program itself is very easy to use with lots of help from the documentation that explains all features functionality. Its integration with Visual Studio and command line support means obfuscation is made easy and automated. Strong tamper detection and de-compilation protection means nipping reverse engineering of your code in the bud. Crypto Obfuscator to me is a reliable code obfuscator that many developers can benefit from in protecting their code. Crypto Obfuscator is available from LogicNP at http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm.

About these ads

One Comment

Leave a Comment

Trackbacks

  1. DotNetShoutout

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: