Home
Monday, July 24, 2017
10:51:58 PM
Users online: 0   You are here >> Home > Programming

Forums | Programming Forums search
Forum FAQ
   
  1 | 2 Next Page 
good free/low cost c# obfuscator?
Sneaky 
21/8/08 11:53:15 AM
Learner
looking to make it difficult for people to reverse engineer vs2005 c# applications back into source code. i can purchase something if necessary, but the budget is limited so free is best.
thankyou!

edit: needs to work with vs2008 also, but not that important at the moment


Edited by Sneaky: 21/8/2008 11:54:35 AM

-----

kikz 
21/8/08 1:07:31 PM
Immortal

Are you a junior programmer? If not, hire one, if you are your code is already obfusicated!

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

Slace 
21/8/08 4:49:08 PM
Hero
Titan


I'm quite good at obfuscating code, particularly .NET 3.5 code. I can make LINQ completely unreadable :P

I believe DotNet Obfuscator has a free version but it's apparently rather shit. Reflector can beat most obfuscations anyway

-----

Why can't a programmer tell the difference between Halloween and Christmas? 
Because OCT31 = DEC25


What's playing? http://www.last.fm/user/slace/

spielentwickler 
21/8/08 11:44:20 PM
Guru

I find the fact most obfuscation is trivial to figure out means that obfuscation in generaly is fairly limited in what it can do...

May I ask what the system actually does?

-----
http://www.last.fm/user/spielentwickler/
<= knight of the 6fAOEC =>

Sneaky 
22/8/08 12:42:43 PM
Learner
its an app that makes it easier to keep track of whether a business is compliant with government regulations or not. dont want our rules available to just anyone.
so do most businesses just say stuff it and release code that can be reversed?

-----

kikz 
22/8/08 12:44:37 PM
Immortal

Quote by Sneaky
its an app that makes it easier to keep track of whether a business is compliant with government regulations or not. dont want our rules available to just anyone.
so do most businesses just say stuff it and release code that can be reversed?


Pretty much. We dont' bother with obfusication.

Aren't your rules dependant on the goverment's compliance laws and rules of the time? Do you mean your logic for determining compliance?

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

Slace 
22/8/08 12:57:48 PM
Hero
Titan


Quote by kikz
Quote by Sneaky
its an app that makes it easier to keep track of whether a business is compliant with government regulations or not. dont want our rules available to just anyone.
so do most businesses just say stuff it and release code that can be reversed?


Pretty much. We dont' bother with obfusication.



Neither do we and we've built government and large commercial applications.

-----

Why can't a programmer tell the difference between Halloween and Christmas? 
Because OCT31 = DEC25


What's playing? http://www.last.fm/user/slace/

eckythump 
22/8/08 4:52:24 PM
Champion

Um... wtf?

Maybe I'm not clueful enough about such things, but this is my understanding...

You've got some code, you then obfuscate it. The obfuscation leaves the code to work identically to before, just with major pain for reading it.

So, when you compile it, aren't you going to end up with identical ASM code anyway? Won't decompiling it give you a fairly non-obfuscated base of code?

And I don't understand why you'd want to keep the rules for how to comply with government regulations secret. That sounds totally braindamaged to me.

"DO NOT BREAK THE RULES!"
"What are they, then?"
"Not telling!"
"Then you can blow it out your arse."
"You swore, that's against the rules! Pay $10,000!"
"Gobble my crank, fuckstick."
...

And I get the distinct impression that you could probably do better spending more time learning how to write nice code, rather than spending time trying to obfuscate it. :)

-----
"Grandfather had an accident, he got burnt." "Oh no, how bad?" "Well, they don't fuck around at the crematorium."

Slace 
22/8/08 5:09:27 PM
Hero
Titan


ecky - if you can convert .NET ASM back into C# you're doing bloody well if you ask me!
Obfuscation is designed to make it harder for programs such as the .NET Reflector and the .NET IL reader to read, or make is readable but not in a compilable format.

-----

Why can't a programmer tell the difference between Halloween and Christmas? 
Because OCT31 = DEC25


What's playing? http://www.last.fm/user/slace/

Meeko 
22/8/08 6:41:13 PM
Titan

So obfuscators would actually do what he wants it to do, Slace? To make reverse engineering more difficult? Because I was thinking the same thing as Ecky - that once compiled, it's in machine code, and decompilers would work just as effectively and produce just as readable code.

-----

kikz 
22/8/08 9:20:41 PM
Immortal

Quote by Meeko
So obfuscators would actually do what he wants it to do, Slace? To make reverse engineering more difficult? Because I was thinking the same thing as Ecky - that once compiled, it's in machine code, and decompilers would work just as effectively and produce just as readable code.


Just for interest sake... Reflector (perfectly legitimate tool) "dissambles" the .net source into completely normal c#/vb.net source, as if you were reading your own source code, just without comments (which obviously aren't compiled in the first place). Looking at the source of a .NET assembly is completely trivial unless obfusicated.

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

freespace 
22/8/08 10:25:00 PM
Hero
Titan


I would like to say obfuscating is just silly, since those anyone who needs the know the rules in such a specialised area can get them in other ways.

If you must "hide" parts of your program, then take a leaf from virus writers, and do some in-memory decryption and execution.

Ultimately obfuscation has the same flawed-by-design problem as DRM: the people you are trying to keep the secret from are also the people who must be able to read and interpret your secrets.

-----
By perseverance the snail reached the ark.

http://www.shuningbian.net - blog
http://anonshare.pictorii.com - share files anonymously
http://dailydiscovery.b3ta.org - learn something new
its f reespace damn it!

spielentwickler 
24/8/08 2:04:31 AM
Guru

Unless it's a good obfuscation tool, surely certain patterns in code are going to be obfuscated in similar ways each time, so actually detecting which tool was used and then reversing its behaviour wouldn't be too difficult.

-----
http://www.last.fm/user/spielentwickler/
<= knight of the 6fAOEC =>

TheSecret 
25/8/08 3:35:21 AM
Overlord
When I had to do a C# course in Uni, I saw a few people running the lecturers example program through some sort of decompiler, which gave the answers back quite clearly. It was not very nice code to read, but it made it clear what it was doing and how.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

kikz 
25/8/08 7:46:07 AM
Immortal

Here's an example of how easy it is to "decompile" a C# application. I'll create this assembly from scratch (it'll be a business logic dll)

 
namespace DecompileExample
{
/// <summary>
/// This static class performs some basic arithmetic functions
/// </summary>
public static class SomeFunctions
{
/// <summary>
/// Add two integer numbers together
/// </summary>
/// <param name="number1">first number to add</param>
/// <param name="number2">second number to add</param>
/// <returns>Integer sum of number1 and number2</returns>
public static int Add(int number1, int number2)
{
return number1 + number2;
}

/// <summary>
/// Mutiply two integer numbers together
/// </summary>
/// <param name="number1">first number</param>
/// <param name="number2">second number</param>
/// <returns>Integer Product of number1 and number2</returns>
public static int multiply(int number1, int number2)
{
return number1 * number2;
}
}
}


Now I'll build the source and then pass it to Reflector ( http://www.red-gate.com/products/reflector/ ) for disassembly

Output from Reflector
 
public static class SomeFunctions
{
// Methods
public static int Add(int number1, int number2)
{
return (number1 + number2);
}

public static int multiply(int number1, int number2)
{
return (number1 * number2);
}
}


Well look at that. Everything I typed in, less the comments :)

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

freespace 
25/8/08 12:19:09 PM
Hero
Titan


As kikz demonstrated, you need something to hide the "binary" not to mangle your source code.

-----
By perseverance the snail reached the ark.

http://www.shuningbian.net - blog
http://anonshare.pictorii.com - share files anonymously
http://dailydiscovery.b3ta.org - learn something new
its f reespace damn it!

zephyr 
25/8/08 9:15:21 PM
Hero
Titan


Quote by TheSecret
When I had to do a C# course in Uni, I saw a few people running the lecturers example program through some sort of decompiler, which gave the answers back quite clearly. It was not very nice code to read, but it made it clear what it was doing and how.



The first person who figured that out deserves an HD, they'll go far in the industry. The rest should fail :-)

Programming laziness ftw!

-----
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in. We're computer professionals. We cause accidents. (N. Borenstein)

ozacube 
26/8/08 2:42:27 AM
Guru

Some of us like to learn by thinking for ourselves rather than copying the answers. ;-P

-----
*ISAIAH 53*

Girvo 
26/8/08 8:33:22 AM
Immortal

Quote by ozacube
Some of us like to learn by thinking for ourselves rather than copying the answers. ;-P



Why reinvent the wheel? :P

-----
Quote by tantryl
Psychonaut doesn't count.



Quote by The_Psychonaut
:(



Slace 
26/8/08 8:41:26 AM
Hero
Titan


Quote by Girvo
Quote by ozacube
Some of us like to learn by thinking for ourselves rather than copying the answers. ;-P



Why reinvent the wheel? :P



Cuz I can make it so much better!

-----

Why can't a programmer tell the difference between Halloween and Christmas? 
Because OCT31 = DEC25


What's playing? http://www.last.fm/user/slace/

  1 | 2  | Next Page 
Forums | Programming