none
What is actual and free obfuscator for .Net? RRS feed

  • Question

  • Yesterday have tried JetBrains dotPeek and was surprised. Can't say that pleasantly...

    All my code was 100% visible. But I have DES encription inside my code - what mean that anyone programmer can decrypt my texts, couse he will be able to see my keys......

    Have found some freeware obfuscators - will try them, but have some questions:

    Whats about ngen - can I distributre only compiled images? don't understand how to use it...

    Is DotFuscator still supported? Which free obfuscator better to use?

    Tuesday, October 11, 2011 10:40 AM

Answers

  • One of the primary rules in encryption is don't try to make up your own. Use one of the APIs that will do it properly.
    Phil Wilson
    • Marked as answer by Paul Zhou Wednesday, October 19, 2011 4:57 AM
    Saturday, October 15, 2011 5:31 PM

All replies

  • There are two other tools you should also be aware of i.e. Reflector and ILSpy (free)

    As I understand it you can't/shouldn't distribute ngen'd images as they are tailored to your computer/environment.

    Obfuscators however do not hide anything from the determined attacker especially if they can translate IL and capable of unpicking the obfuscation.

    Wednesday, October 12, 2011 2:02 AM
  • As I understand Reflector - is that one which is not freeware?

    Thanks for advice - will try ILSpy.

    Yes, I understand that obfuscators only helping to hide code, but what to do if I want to store somewhere password for example? Or if I want to use crypting and don't want to allow for some other programmer easy to crack it?

    Wednesday, October 12, 2011 6:31 AM
  • Reflector now costs and ilspy was born when redgate decided to charge for reflector - both do the same/similar job as dotpeek, as I understand it; and of course there is always ildasm which will decompile to IL - no fancy UI but if your adversary can understand IL (which isn't difficult) and has the time...

    It depends on what a password is for; if it is possible to deliver it separately then you could then encrypt it in a config file after the user has entered it for the first time.

    However if you store your key in your code and an unwanted attacker has access to your code then all is effectively lost as they have all the facts needed ... and time.

    Consider this - is your data that valuable to require this level of engineering? If the attacker has access to code/data/key then what is to stop them just pulling the code at manually through the UI (assuming there is one).

    Wednesday, October 12, 2011 9:19 PM
  • It looks like you changed the subject... Storing passwords securely and encrypting data is not the same as obfuscating your code. It goes without saying that if you've got a hardcoded password in your code then you're already doing the wrong thing. Use something like CryptProtectData() or .NET equivalent to store secrets in your code, this may help:

    http://msdn.microsoft.com/en-us/library/ms995355 

     


    Phil Wilson
    Thursday, October 13, 2011 6:02 PM
  • The best really free Obfuscators for .Net are Eazfuscator and Codefort obfuscator FREE Edition,  as far as I know.
    HXMCN (deerstalking at gmail dot com - email)
    Friday, October 14, 2011 3:18 AM
  • Huang Xinmin : About Eazfuscator I know, but thank you very much for recommending Codefort!

     

    PhilWilson : Seems that you have understand my needs absolutely correct, but this info is loking to complicated for me. But what to do - will try to find something more simple in explaination..

    Friday, October 14, 2011 6:18 AM
  • One of the primary rules in encryption is don't try to make up your own. Use one of the APIs that will do it properly.
    Phil Wilson
    • Marked as answer by Paul Zhou Wednesday, October 19, 2011 4:57 AM
    Saturday, October 15, 2011 5:31 PM
  • I have used DES...

    But what has worried me - is that anyone was able to see my encryption KEY.

    I have found solution. Just a little function that changes Key.

    I let for users to set there own password and letters of this password have changing by there code encryption KEY. 

     

    Wednesday, October 19, 2011 6:10 AM
  • Hello,

    We are using FxProtect Express. It is free .net obfuscator. We can obfuscate even cross assemblies. If we will use tools like .NET Reflector after protecting assembly with FxProtect, extracted source code is now more secure and very complected to understand.

    You can try it...

    FxProtect Express - Free .Net Obfuscator



    • Edited by MTShah Tuesday, March 13, 2012 3:48 PM
    Tuesday, March 13, 2012 3:42 PM
  • You can try ILProtector
    It is free .NET protector. It protects .NET code using code virtualization. In this case level of code protection increases manyfold compared to obfuscation. Аnd of course your code is not recognized by disassemblers and decompilers such as IL DASM or .NET Reflector.

    Friday, March 30, 2012 8:12 AM
  • Hi,

    you can try below obfuscator

    http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx

    Regards

    Anand

    Friday, March 30, 2012 10:06 AM
  • I can suggest you FxProtect as I am already using it. It protects application very successfully...

    You can try it... .NET Obfuscator

    Thursday, April 26, 2012 7:05 AM