Code Protection and Obfuscation of .Net Software Using Crypto Obfuscator

Posted by: G. Himangi , on 7/20/2010, in Category Product Articles
Views: 65690
Abstract: An unprotected and unobfuscated .Net assembly is an easy target for piracy, reverse-engineering and IP theft. Crypto Obfuscator is a popular obfuscator from LogicNP Software which protects against these threats by using advanced software obfuscation, protection and encryption techniques
This article has been written by LogicNP Software and provides useful information about the Crypto Obfuscator Product.

Most non-.Net compilers emit binary programs containing native CPU instructions which are very hard to disassemble, decompile and reverse-engineer. However, all .Net compilers such as C#, VB.Net, Managed C++, IronPython, etc emit compiled programs in MSIL (Microsoft Intermediate Language) format. This format preserves a lot of high-level information about your software such as class, field, method, property and parameter names and even the actual code in a well-defined structure. This has facilitated the development of many decompilers and dissassemblers which can extract this information from a .Net assembly. Some tools can even reconstruct the actual structure of your code including loops, if statements, method calls, etc. Needless to say, this means that an unprotected .Net assembly is an easy target for hackers, crackers or competitors who can easily reverse-engineer your .Net code from the compiled assembly. They can easily glean valuable trade secrets, algorithms, sensitive information such as passwords, SQL queries, etc stored in strings, or even try to find security vulnerabilities and change product functionality.

The solution to this problem is to obfuscate all your .Net assemblies before releasing them in the wild. Crypto Obfuscator from LogicNP Software can be used very effectively by software developers in their fight against piracy, reverse-engineering and IP theft, to which billions of dollars are lost every year. Using powerful software obfuscation, protection and encryption techniques, Crypto Obfuscator can help software companies shield their valuable code from competitors, reverse-engineers and crackers.
Obfuscation & Protection Techniques

Crypto Obfuscator makes use of the following advanced obfuscation and protection techniques:
Symbol Renaming
Crypto Obfuscator renames the names of the classes, methods, properties, fields, events, etc in your .Net assembly to a garbled unintelligible name. Depending on the symbol renaming scheme chosen, this will result in either very long or very short names which have no relation to the original names. The original names cannot be derived or guessed from the obfuscated names. Since meaningful names are the most powerful ally when reverse-engineering a software, this makes it very hard to determine the purpose and function of the renamed entity.

Symbol_Renaming
Advanced Overload Renaming
Crypto Obfuscator renames fields or methods with different signatures to the same name. For example two fields having types int and boolean will be given the same name. Similarly two methods will different parameters will be given the same name. In the case of methods, the method return type is also used in the signature even though high-level languages such as C# and VB.Net do not support overloading by return type. The .Net runtime is able to differentiate between the fields/methods without any problem since the signatures are different. Needless to say, this scheme makes it even harder to reverse-engineer your code.

AdvancedOverloadRenaming 
Method Call Hiding
Crypto Obfuscator can hide calls to methods and properties from external assemblies such as those from the .Net framework. In addition, it can also do the same for unrenamed methods and properties from the assemblies which are being obfuscated. This provides very strong obfuscation and makes it impossible to determine when, where and how such methods and properties are used.

MethodCallHidin
String Encryption
.Net assemblies contain all the literal strings used in your code in plain view for anybody to see. Literal strings often contain sensitive information such as login information, passwords, SQL queries, algorithm parameters. In addition, they also help in reverse-engineering your .Net code by providing a marker. For example, someone wanting to remove license checking from your software will search for all instances of strings like "license" or 'valid" or "invalid". Once they have found such strings, they will examine the surrounding code to see if it is the licensing checking code and if so, remove or disable it. Crypto Obfuscator solves all these issues by encrypting all literal strings in your .Net code.
StringEncryption
Advanced Tamper Detection
Crypto Obfuscator can perform strong name verification of the assembly itself even if strong-name verification has been turned OFF on the machine on which the assembly is running or if the assembly has been registered in the verification 'skip-list' - this is typically done by hackers or crackers. Furthermore, the strong name verification is done using the original key used to sign the assembly when it was processed by Crypto Obfuscator. Thus, strong name verification fails even if the key is removed or replaced - again something typically done by hackers or crackers.
 
Control Flow Obfuscation
In .Net assemblies, even the code is stored in a well structured manner using a published format. This enables a sufficiently advanced decompiler to reconstruct to a pretty accurate degree the exact structure of your code including the for/while loops, if statements, try-catch blocks, etc. When doing control flow obfuscation on your code, Crypto Obfuscator changes the structure of your code into spaghetti code while maintaining 100% the logic and output of the code. The result is that decompilers are unable to reconstruct your code and output incorrect or garbage code. Most of the times they crash while trying to do so. This provides powerful method body protection for your software.

ControlFlowObfuscation
ILDASM Suppression

ILDASM (Microsoft IL Dissassembler) is a free tool to disassembly any .Net assembly into MSIL (Microsoft Intermediate Language) and extract the entire contents including the classes, methods, code and resources from the assembly. Crypto Obfuscator can modify the assembly in such a way that ILDASM refuses to disassemble the assembly.

ildasm_protection
Anti-Reflection Protection
Many decompilers, dissassemblers and memory dumpers use .Net Reflection mechanism to extract information about a .Net assembly. Crypto Obfuscator can modify the assembly in such a way that such tools will fail when trying to work on your assembly.

Anti-ReflectionProtection
Anti-Decompiler Protection
Advanced decompilers such as the freely available .Net Reflector are your enemy in the battle against the hackers, crackers and competitors. Crypto Obfuscator can modify your assembly in such a way that such tools fail to work on your assembly - many times they are not even able to open your assembly, let alone examine it.

Anti-DecompilerProtection
Resource Encryption
Tools such as ILDASM, .Net Reflector and others can easily extract resources from your assembly. Such resources often contain valuable, sensitive or copyrighted information such as images, UI (WPF baml files), textual content, etc. Crypto Obfuscator can hide and encrypt all such resources so that it is impossible to see them, let alone extract them from the assembly.

ResourceEncryption 
Assembly Encryption
Crypto Obfuscator can encrypt all dependant assemblies and any additional assemblies used by your software. This makes it impossible for someone to get their hands on individual assemblies. You can use this feature to your advantage by separating all sensitive or important code and data in a dependant assembly. In fact, this can be taken to an extreme - simply put ALL your code/data in a separate assembly and use a shell assembly as a starter/loader assembly for your application.
AssemblyEncryption
Easy Of Use and VS Integration
One of the focus areas for Crypto Obfuscator is ease of use and integration to ensure that the obfuscation step becomes a seamless part of the software development process. To this end, Crypto Obfuscator offers features like command-line support, Visual Studio integration via Post-Build events and MSBuild, automatic resigning of strong-named assemblies, and even automatic code signing of obfuscated assemblies using Authenticode. This ensures that the obfuscation step does not become a liability for developers and that developers do not develop a resistance to something so vital to IP protection. Also supported is automatic and manual stack-trace deobfuscation and automatic obfuscation of satellite assemblies.
Conclusion

Each of the above techniques on its own is pretty powerful and effective against hackers, crackers and competitors. When combined and used together for the obfuscation and code protection of your .Net software, they form an impenetrable shield which is extremely difficult to break. Even if broken into by the most expert of hands, all they will see are garbage, encrypted or obfuscated code, names and data.

Crypto Obfuscator arms .Net developers with a powerful code protection and obfuscation tool which enable them to deploy their .Net software without fear of IP theft, reverse-engineering, hacking, cracking and piracy.

Product Info & Fully Functional Trial Download: Crypto Obfuscator Website
Developer: LogicNP Software
Give a +1 to this article if you think it was well written. Thanks!
Recommended Articles


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by B Bungl on Saturday, July 24, 2010 9:34 PM
The feature list looks impressive. does this tool allow you to generate a native exe file?
Comment posted by Mike Cawle on Sunday, July 25, 2010 10:10 PM
I had heard about eziriz too but not sure how the two compare with each other. Eziriz certainly looks cheaper though!
Comment posted by Joe Hamliton on Thursday, August 5, 2010 1:22 AM
I am eager to try out Salamander/9rays on code obfuscated through this tool. I will post results soon.
Comment posted by Peter on Sunday, August 31, 2014 1:51 AM
Salamander is discontinued, isn't it?

There is a good free alternative - DotRefiner
http://aveloy.com/products/DotRefiner.aspx

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel