Preemptive Dotfuscator

Administrator

VB.NET Forum Admin
Joined
Jun 3, 2004
Messages
1,461
Programming Experience
10+
Review: PreEmptive Dotfuscator
Web: http://www.preemptive.com/products/dotfuscator/index.html

Over a year ago, we began our migration out of the VB6 world into the land of VB.NET. Excited to enter the new era for VB programmers, .NET has proven a wonderful experience with so much potential in VB.NET that we didn’t have as easy in VB6. In learning more about the .NET framework, that naturally led us to viewing the Intermediate Language using tools such as ILDASM and Lutz Roeder’s (and preferred) Reflector (http://www.aisto.com/roeder/dotnet/). However, in researching the Intermediate Language written when compiling our .NET applications, my eyes became “huge” when realizing what others could see in our applications. I’m sure other “snooping” developers enjoy Reflector’s “Disassembler” which makes the IL code viewable in the language of preference, VB.NET that is, instead of the mystery IL that ILDASM shows us. At this point, we knew we could not deliver an application of any type without ensuring the IL was “obfuscated.”

What is “obfuscated” you ask? Yeah, this was a new word for our vocabulary too entering the land of .NET, so let’s take a look at our trusty online dictionary:

ob·fus·cate
tr.v. ob·fus·cat·ed, ob·fus·cat·ing, ob·fus·cates

  • To make so confused or opaque as to be difficult to perceive or understand: “A great effort was made... to obscure or obfuscate the truth” (Robert Conquest).
  • To render indistinct or dim; darken: <CITE>The fog obfuscated the shore.</CITE>
PreEmptive’s Dotfuscator, as you know, ships with Visual Studio .NET, and from what we hear, will continue to do so with Visual Studio .NET 2005 aka “Whidbey.” This is great news as we really enjoy using PreEmptive Dotfuscator and have it embedded in over 50 applications already! PreEmptive Dotfuscator comes in three different versions: The free “Community Edition” a small upgrade to the “Standard Edition” and the full feature packed “Professional Edition” which we’ll discuss here. Honestly, if you’re going to obfuscate your code, why cut corners and not do it right? We’ll cut to the chase in the event you choose to stop reading here, get the PreEmptive Dotfuscator Professional Edition! It is worth every penny and clears any worries about competitors disassembling your hard work!

As listed on PreEmptive’s web site, here are the key features of Dotfuscator:
  • Complete support for .Net Framework
  • Makes application size smaller
  • Designed to stop even the best of decompilers from producing useful output.
  • Easy to use XML based configuration file.
  • Generated Map files allow you to interpret stack traces.
  • Namespace/Type/Method/Field renaming using our patented Overload-Induction<SMALL><SUP>TM</SUP></SMALL> renaming system
  • Enhanced Overload Induction
  • Incremental Obfuscation
  • Control Flow Obfuscation
  • Pruning/Compacting - Unused Type, Method, and Field removal
  • String Encryption
  • Includes GUI and command line interface suitable for integrating into build environments.
  • Complete and accurate Users's Guide in PDF format
  • Support for Managed C++ modules
  • Powerful and easy to use command line interface
  • Several predefined renaming schemes including unprintable characters
  • Comprehensive support for the .NET Compact Framework
  • Seamless obfuscation of satellite DLLs
  • The ability to break ildasm (the disassembler that ships with the .NET Framework SDK) dumps
  • Deep Integration with Visual Studio Project Builds.
  • Debugging support, including stack trace decoding.
  • Enhanced pruning and renaming reports.
  • Ability to include/exclude by custom attribute matching.
And the version comparison:

<TABLE cellSpacing=0 cellPadding=3 border=0><TBODY><TR><TD>Feature </TD><TD>Community Edition </TD><TD>Standard Edition </TD><TD>Professional Edition </TD></TR><TR><TD>Cross Assembly Obfuscation</TD><TD align=middle>
</TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Removal of Unused Metadata</TD><TD align=middle>
</TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Renaming</TD><TD align=middle>
</TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Can Run Independent of Visual Studio.NET</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Various Renaming Schemes</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>PDB Debugging Support</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Rename Prefix</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Supports Managed C++ assemblies</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Automated Stack Trace Translation</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>XML/HTML Report Files</TD><TD></TD><TD align=middle>
</TD><TD align=middle>
</TD></TR><TR><TD>Deep Visual Studio Integration</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Compacting/Pruning</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Comprehensive support for the .NET Compact Framework </TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Control Flow Obfuscation</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Enhanced Overload Induction</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Incremental Obfuscation</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Seamless obfuscation of satellite DLLs </TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>String Encryption</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR><TR><TD>Break ILDASM Disassembler</TD><TD></TD><TD></TD><TD align=middle>
</TD></TR></TBODY></TABLE>

Now that we’ve shown you the information from PreEmptive, let’s discuss how easy it is to actually use Dotfuscator. This demonstration reflects that of the Professional Edition.

Dotfuscator is a project type that you choose as you do when creating a new project in any VS.NET solution (Windows, Web, etc.). Choose the Dotfuscator folder as shown in Figure 1 below, and then choose a file name and location to save your Dotfuscator project. It’s recommended to keep the folder structure within that of your solution for best results.


Figure 1. Creating a New Project​

Click OK then you’ll see your new Dotfuscator project appear within the Solution Explorer. The first thing to do after creating your new Dotfuscator project is to set the properties for the project. Most of the settings we leave as the default, however one area does need to be configured based on the project type being obfuscated (class library or not). See figure 2 below for the configuration settings.​


Figure 2. Project Configuration (Property Pages)​

The only two options I really fine tune are the top option “Library Mode” (for class libraries, as in this case – DLL) and the “Break ILDASM” option. Other then that, it’s simple, the “out-of-the-box” settings are perfect! One key note here is that be sure you make the settings distinct for the Release vs. Debug modes! They are set differently for the different build modes, so use caution in your configuration ensuring the proper build mode is selected.

The remainder of the Dotfuscator configuration is a breeze! Set the “Input Assemblies” i.e. the files (EXE, DLL’s) that you want obfuscated, and configure the four easy pages of settings, which in my case, only two of the pages require a few clicks and I’m done! It’s that simple, the rest is done for you when you build your solution.

The four pages of configuration are shown in Figure 3 below:

Figure 3. Configuration Options​

The two pages (configuration options) we deal with most are the “Renaming” and the “Sting Encryption” (again, this relates to the Professional Edition). With the renaming, we simply check the “Use Enhanced Overload Function” in the Options tab of this page and check the bottom two checkboxes for the map file (Figure 4 below).​

Figure 4. Renaming Configuration (Options Tab)​

After configuring the renaming, I then go to the String Encryption page and simply “check” the checkbox (which is opposite from other areas where you typically would not check the checkbox in the tree) and that’s all there is to the configuration. See Figure 5 for the configuration of the String Encryption area.​

Figure 5. String Encryption Settings​

One would think that the concept of Obfuscation would lend to “Complication” but PreEmptive has done a great job of keeping the complication out of this process. The last thing I check is the build order ensuring the project dependencies are set correctly so the projects are built prior to obfuscation, etc. The beauty of .NET and the solutions and products such as PreEmptive and InstallShield is that you can embed all of them into your solution and really streamline the build process into one operation.

The one downfall we had with Obfuscation is that if you intend to strong name your assemblies, you must use delayed signing. There is no facility in PreEmptive Dotfuscator at this time to perform any post build actions such as completing the signing process after obfuscation. We are happy to report Dotfuscator 3 which was just announced to soon enter beta will provide this facility, which is fantastic news.

We have nothing negative to report, Dotfuscator has been an absolute pleasure to use. The only thing we’d like to see in a future version is the ability to update itself in the background, or at least notify us of updates. Updates of any program that affects our code we consider critical and look forward to working on Dotfuscator 3’s upcoming beta and trying to get this type of ‘smart client’ architecture included.

Visit PreEmptive’s web site to learn more and checkout Dotfuscator included with Visual Studio .NET.
 
Top Bottom