none
XAP file obfuscation

    Question

  • Is there any way to obfuscate main SL assembly in XAP file? All codes open for view... I tried many standard .NET obfuscators, but it doesn't seem to work - when i package new .dll to xap archive (using WinZip, for example) it doesn't open in browser.

    Saturday, July 12, 2008 7:18 PM

Answers

All replies

  • Possibly some time after final release some kind soul will see a marketing opportunity for this, but frankly, if your primary concern is to be able to successfully obfuscate Silverlight assemblies, IMHO you are focusing down the wrong path. I've had no trouble decompiling obfuscated .NET assemblies. It can be time- consuming, but obfuscation alone is quite insufficient to protect your intellectual property, if that is your goal.

    Saturday, July 12, 2008 8:22 PM
  • Possibly some time after final release some kind soul will see a marketing opportunity for this, but frankly, if your primary concern is to be able to successfully obfuscate Silverlight assemblies, IMHO you are focusing down the wrong path. I've had no trouble decompiling obfuscated .NET assemblies. It can be time- consuming, but obfuscation alone is quite insufficient to protect your intellectual property, if that is your goal.

    I agree with Peter, obfuscation will only stop the casual programmer from decompling your code.  More determined souls will crack it anyway, and they generally aren't after the code in it's entirety, just the juicy stuff.

    However, having said that, some protection is better than none, and you can use existing products on SL code just fine.

    Sam...

     

    Saturday, July 12, 2008 9:50 PM
  • You can also try DeepSea Obfuscator:

     http://www.deepseaobfuscator.com/

     Have a nice day,

    Sunday, July 13, 2008 11:34 AM
  • Thanks.

    DeepSea causes errors while connecting SLb2 application to service.

    I think, there is better solution:

    http://www.smartassembly.com

    Tuesday, July 22, 2008 10:16 AM
  • You can try with ComponentOne's XapOptimizer. It reduces XAP file size by recompressing and removing unneeded files and xaml resources and it also provides obfuscation.

    Try it here: http://demo.componentone.com/silverlight/XapOptimizer/

     Regards.

    Tuesday, February 3, 2009 3:40 PM
  • You can try with ComponentOne's XapOptimizer. It reduces XAP file size by recompressing and removing unneeded types and xaml resources from assemblies and it also provides obfuscation support.

    Try it here: http://demo.componentone.com/silverlight/XapOptimizer/

     Regards.

    Tuesday, February 3, 2009 3:40 PM
  •  SmartAssembly crashes my assemblies. :) Try .NET Reactor: http://www.eziriz.com. It is reliable so far.

    Tuesday, November 3, 2009 1:45 PM
  • The reason it does not work is becuase obfuscation changes the assembly and maybe you are not resigning your assemblies? One solution is to do obfuscation as part of the build process in VIsual Studio. Check out Crypto Obfuscator ( http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm ) which supports this and silverlight assemblies.

    Wednesday, November 4, 2009 12:55 AM
  • Hi Denis and others,

    For a while there has been obfuscators out there, that are able to process XAP files directly, and obfuscate your assemblies contained therein. But it's has involved a lot of manual tweeking each time, because you had to manually exclude all those type names and member names that were being referenced from your XAML files - or else the changed names would break your app.

    I'm happy being able to announce, that my company Creatix today released version 1.0 of our CodeFort software. CodeFort is an intelligent obfuscation tool for all .NET apps (specifically WPF and Silverlight), that not just automatically, and by default, and in the Free Edition, detects all references in XAML files and compiled BAML files to members and types of your app, and excludes them from obfuscation. It even provides you with an option to rename those references, making it possible to obfuscate nearly 100% of your type and member names!

    This makes a huge difference, as you can see if you download the Free Edition from the link below (as mentioned, it includes the option to automatically exclude XAML/BAML-referenced names from the obfuscation).

    CodeFort Free Edition

    Best regards,
    Christian

    Saturday, April 17, 2010 11:41 AM
  • PreEmptive Solutions is in the final phase of beta testing the latest Dotfuscator release that extends protection beyond the assembly and into the XAML resources too. (This kind of support is already in production for WPF/BAML). This has three benefits; more of your assembly is protected, your XAML is protected, and you save time since configuration is now much simpler (no more exclusions).

    If you are interesting in being a beta candidate, email me (sebastian@preemptive.com) and I will have our support team send you credentials. Please keep in mind, this is beta – there are no fees – and you will have access to our support – but you cannot use this version for any production work.

    The only software requirements are .NET 1.1 or higher and Silverlight 2 or higher. (Yes - test this inside Windows Mobile 7, Windows Azure, ...)

    A few other things to consider:
    • Analytics (feature and usage tracking) can also be injected post-compile
    • The analytics also support the Expression Blend Silverlight Analytics Framework (allowing both design-time web analytics and post-compile- time instrumentation in one).
    • Dotfuscator consumes XAP files rather than assemblies and re-signs them automatically making your builds that much simpler.

    For more information on our “universal Silverlight support”, see our TechEd announcement at http://www.preemptive.com/news-events/press-releases/307

    Monday, June 21, 2010 1:03 PM
  • Re: samcov

    It can be time- consuming, but obfuscation alone is quite insufficient to protect your intellectual property, if that is your goal

    Hi,

    I totally agree with Pete and samcov...
    It's in fact time consuming and can discourage a lot of people at first glance
    though it can be done...
    I was once asked to rebuild a whole app all from scratch from
    dll. I'm not kidding...no source code. The "board of directors"... insisted.
    Use your professional skills and imagination as they say!!!
    The application was a bunch of crap right from the start anyway and I soon discovered
    a bunch of incoherencies in the code as I digged in...
    but still... I managed to make it work. Not perfect and a bit unstable...but
    it worked... I got all the information I needed (including errors and things not to do...) .
    I was payed to do the job... though I agree it's time consuming all right and IMHO a big money waste to some extent...
    though it can be done... patience, skills and imagination... is all it takes...

    Monday, June 21, 2010 1:38 PM
  • Of course there is no magic bullet that will prevent skilled and determined attackers. Deterring the opportunistic, impeding the determined and the skilled, and enabling prosecution of the successful are all reasonable objectives however. Here is an article published in the ISSA Journal PDF (spoiler alert, I am the author) that gives (I think) a balanced view of the gaps, risks, compensating controls, and limitations on all of the above. My one immediate comment to those who have said that they were able to get back to the source code of obfuscated applications is to point out that obfuscation is a “trait” not a single transform or technology. There are many obfuscatory techniques (as well as other classes of “preventative controls” and other categories of preventative controls too). Just because you broke through a lock doesn't mean the same effort will break through any lock.

    Monday, June 21, 2010 1:50 PM
  • Is there any way to obfuscate main SL assembly in XAP file? All codes open for view... I tried many standard .NET obfuscators, but it doesn't seem to work - when i package new .dll to xap archive (using WinZip, for example) it doesn't open in browser.

    CliSecure .NET Obfuscator support obfuscating silverlight application, it takes a xap file, processes it and than output and obfuscated xap. You may control which dlls contained in the xap file will be obfuscated.
    Friday, July 2, 2010 6:13 AM
  • You may also try Babel Obfuscator wich have a free edition.

    http://www.babelfor.net

    Professional edition its able to obfuscate xap packages out of the box but also the free edition can be used to protect xap packages. See a pratical example at Andy's blog:

    http://www.andybeaulieu.com/Default.aspx?tabid=67&EntryID=198

     

    Tuesday, July 27, 2010 2:02 AM
  • you can try this :

    https://soraco.co



    • Edited by johnolivier Thursday, November 1, 2018 10:34 PM
    Monday, October 22, 2018 4:37 PM