Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC:

How to Obfuscate your code! 30 Oct 2020 15:12 #16440

  • ic2
  • ic2's Avatar
  • Topic Author


  • Posts: 1525
  • Anyone working with a .NET programming language (such as XSharp) should realize that the programming code is converted into so-called Intermediate Language (IL) which is the same for all .NET languages. This also means that with various decompilers such as ILSpy usually almost the entire source code of the program can be opened from the .exe file which is generated by the compiler. See ilspy.net/https://ilspy.net/ for the program. For the latest version 6x we are awaiting Fabrice's plugin, but for version 5 you can download the plugin from www.xsharp.eu/itm-downloads?folder=general%252FTools. It means that you can e.g. open a X# created .exe file and see how the individual methods would look in C# (although sometimes a specific X# method or function shows unchanged, preceded by the X# DLL where it is from). And of course you can see how method from a C# .exe would look in X#.

    Programmers don't always realize that, or they don't care that this can be done. What I personally find particularly annoying is that if your program has access to external data, such as FTP sites or SQL databases, everyone can see which credentials you used to access these data. The same applies to algorithms to achieve security.

    For those who find that a bothering idea, there are tools that edit the .exe (or .dlls) in such a way that it is not possible, or very difficult, to open that data in this way. It is called obfuscation. I found one via CodeProject on GitHub that hasn't been maintained for years, but a well-maintained current fork turned out to be recently maintained. See github.com/mkaring/ConfuserEx

    This one worked immediately, and exactly how this should be done is explained step by step in this website: www.codeproject.com/articles/1139773/pro...decompiling-or-rever

    In short:

    1 Start ConfuserEx
    2 In tab Project: Open the project directory (e.g. … \ Release) under Base Directory and for Output Directory you can make it e.g. … Release\Confused
    3 Click on the + at the right side of the screen and select your files to be obfuscated, e.g. your exe file
    4 Go to the Settings Tab, click on the Plus -you can do it globally and/or on the file(s) you selected, double click on the Rules where it says true. The 2nd window opens, click here twice on plus to add these 2 rules (or more):

    anti ildasm
    anti tamper

    5 Click the tab Protect! followed by the button Protect! and use obfuscated exe from the Output directory

    You can run this exe instead of the compiler generated exe. Open it in IlSpy and you will see the methods you used, but with the messages as in this image, instead of the source code, see the attached image. The .exe seems to work flawlessly to me, and was not bigger or slower as far as I could see.

    I hope this helps some of you.

    Dick

    Please Log in or Create an account to join the conversation.

    Last edit: by ic2.

    How to Obfuscate your code! 19 May 2022 11:45 #22541

    • pemo18
    • pemo18's Avatar


  • Posts: 65
  • Hello Dick,

    Thank you for the hint (and the very good summary) - I would have not found it myself probably. This looks like a good project and the tool obviously does what its needed.

    I am just not sure if a commerial product is a better choice for a large application and when you don't want to include more sources for potential problems.

    Regards,
    Peter

    Please Log in or Create an account to join the conversation.

    Last edit: by pemo18.
    • Page:
    • 1