Difference between revisions of "List of obfuscators for .NET"

From Deletionpedia.org: a home for articles deleted from Wikipedia
Jump to: navigation, search
m (inclusion power)
m (inclusion power)
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
{{Article for deletion/dated|page=List of obfuscators for .NET (2nd nomination)|timestamp=20160812093316|year=2016|month=August|day=12|substed=yes}}
 +
<!-- Once discussion is closed, please place on talk page: {{Old AfD multi|page=List of obfuscators for .NET|date=12 August 2016|result='''keep'''}} -->
 +
<!-- End of AfD message, feel free to edit beyond this point -->
 
<!-- Please do not remove or change this AfD message until the issue is settled -->
 
<!-- Please do not remove or change this AfD message until the issue is settled -->
{{Article for deletion/dated|page=List of obfuscators for .NET|timestamp=20160605124806|year=2016|month=June|day=5|substed=yes}}
+
<!-- The nomination page for this article already existed when this tag was added.  If this was because the article had been nominated for deletion before, and you wish to renominate it, please replace "page=List of obfuscators for .NET" with "page=List of obfuscators for .NET (2nd nomination)" below before proceeding with the nomination.
<!-- Once discussion is closed, please place on talk page: {{Old AfD multi|page=List of obfuscators for .NET|date=5 June 2016|result='''keep'''}} -->
+
-->{{multiple issues|
<!-- End of AfD message, feel free to edit beyond this point -->
+
{{original research|date=June 2016}}
{{multiple issues|
+
{{Underlinked|date=December 2013}}
 +
{{refimprove|date=August 2014}}
 
{{notability|Lists|date=February 2014}}
 
{{notability|Lists|date=February 2014}}
 
{{advert|date=February 2014}}
 
{{advert|date=February 2014}}
{{refimprove|date=August 2014}}
 
{{Underlinked|date=December 2013}}
 
{{original research|date=June 2016}}
 
{{Notability|date=June 2016}}
 
 
}}
 
}}
  
 +
[[Compiler|Compiling]] a .NET project generates an [[Assembly (CLI)|assembly]] that contains Intermediate Language ('''[[Common Intermediate Language|CIL]]''') instructions, managed resources and metadata describing the types, methods, properties, fields and events in the assembly. This metadata allows inspecting the assembly through the [[Reflection (computer programming)|reflection]] API which makes dynamic code like data bindings in [[Windows Presentation Foundation|WPF]] possible. But this metadata and the high-level nature of CIL instructions make it possible to understand the assembly structure and the method instructions in order to decompile it to the high-level source code. In many cases, the generated source code looks similar to the original source code used by the compiler. It lacks code formatting and comments but it has all the type and member names. An attacker could use this information to understand how a program was implemented, which would allow the access to manipulate or to extract sensitive information or algorithms.
  
[[Compiler|Compiling]] a .NET project generates an [[Assembly (CLI)|assembly]] that contains Intermediate Language ('''[[Common Intermediate Language|CIL]]''') instructions, managed resources and meta data describing the types, methods, properties, fields and events in the assembly. This metadata allows inspecting the assembly through the [[Reflection (computer programming)|reflection]] API which makes dynamic code like data bindings in [[Windows Presentation Foundation|WPF]] possible. But this metadata, and the high-level nature of CIL instructions, makes it possible to understand the assembly structure and the method instructions in order to decompile it to high-level source code. In many cases the generated source code looks similar to the original source code used by the compiler. It lacks code formatting and comments but it has all the type and member names. An attacker could use this information to understand how a program was implemented to manipulate it or to extract sensitive information or algorithms.
+
'''[[Obfuscation (software)|Obfuscation]]''' is the process of modifying an assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. While it may change metadata or the actual method instructions, it does not alter the logic flow or the output of the program. There are several techniques that can be used which are described below.
  
'''[[Obfuscation (software)|Obfuscation]]''' is the process of modifying an assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. While it may change metadata or the actual method instructions, it does not alter the logic flow or the output of the program. There are several techniques that can be used which are described below.
+
There are a number of .NET obfuscators available including a free one that is part of Visual Studio (Dotfuscator CE).<ref>MSDN Visual Studio [https://msdn.microsoft.com/en-us/library/dd551423.aspx “PreEmptive Dotfuscator CE”], “[[Microsoft Developer Network]]”, June 2016</ref>  Note, not all of these support the latest version of the .NET framework, Xamarin and Universal Apps. Different obfuscators support different protection methods, however, most share common features which can be used for the purpose of comparison. The list is followed by a brief explanation of each one of the features on which the comparison is based.
  
There are a number of .NET obfuscators available including a free one that is part of Visual Studio (Dotfuscator CE). <ref>MSDN Visual Studio [https://msdn.microsoft.com/en-us/library/dd551423.aspx “.NET Obfuscator documentation”], “[[Microsoft Developer Network]]”, June 2016 </ref>. This list includes most of the solutions available in market today (However, not all of them have support for the latest version of the .NET framework, Xamarin and Universal Apps). Different obfuscators support different protection methods, however many share common features which can be used for the purpose of comparison. The list is followed by a brief explanation of each one of the features on which the comparison is based on.
+
The list of features below has not been vetted by a credible authority with references. For example, a vendor may claim to support a specific feature that only works under a very narrow set of circumstances and some vendors may deliberately manipulate the feature list for a competitor. As always, do you own research, testing and validation.
  
 
{| class="wikitable sortable"
 
{| class="wikitable sortable"
 
! Name
 
! Name
! Price
 
 
! Last<br>Release
 
! Last<br>Release
 +
! License
 
! Tamper<br>Defense
 
! Tamper<br>Defense
 
! Anti<br>Decompiler
 
! Anti<br>Decompiler
Line 33: Line 34:
 
! Data<br>Virtualization
 
! Data<br>Virtualization
 
! Debug<br>Symbols
 
! Debug<br>Symbols
 +
! Assembly<br>Merging
 
|-
 
|-
 
| Agile.NET
 
| Agile.NET
| $795
 
 
| 2016
 
| 2016
 +
| Commercial
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 46: Line 48:
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
 +
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
|-
 
|-
| Babel Obfuscator
+
| Appfuscator
| 115–245&nbsp;€
 
 
| 2016
 
| 2016
 +
| Commercial
 +
| {{No}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
| {{Unknown}}
+
| {{No}}
| {{Yes}}
+
| {{No}}
 +
| {{No}}
 +
| {{No}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
| {{No}}
 
| {{Unknown}}
 
 
|-
 
|-
| ConfuserEx
+
| Babel Obfuscator
| Free
+
| 2016
| 2015
+
| Commercial
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
| {{No}}
+
| {{Unknown}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
 +
| {{Unknown}}
 
| {{Yes}}
 
| {{Yes}}
 
|-
 
|-
| Crypto Obfuscator
+
| ConfuserEx
| $149–$4,469
 
 
| 2015
 
| 2015
 +
| MIT License
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 86: Line 91:
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 +
| {{Unknown}}
 
| {{No}}
 
| {{No}}
| {{No}}
+
| {{Yes}}
 
| {{Unknown}}
 
| {{Unknown}}
 
|-
 
|-
| Disguiser.NET
+
| Crypto Obfuscator
| $14.99–$499.99
 
 
| 2015
 
| 2015
 +
| Commercial
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 103: Line 109:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{No}}
 
|-
 
|-
| Dotfuscator Community Edition
+
| [[Dotfuscator]] Community Edition
| Free inside Visual Studio
 
 
| 2016 (June)
 
| 2016 (June)
| {{Yes}}
+
| Free
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
| {{No}}
+
| {{Unknown}}
 +
| {{Unknown}}
 +
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
|-
 
|-
| Dotfuscator Professional Edition
+
| [[Dotfuscator]] Professional Edition
| On request ($1,900–7,800)
 
 
| 2016 (June)
 
| 2016 (June)
| {{Yes}}
+
| Commercial
| {{Yes}}
+
| {{Unknown}}
| {{Yes}}
+
| {{Unknown}}
| {{Yes}}
+
| {{Unknown}}
 +
| {{Unknown}}
 +
| {{Unknown}}
 +
| {{Unknown}}
 +
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
| {{Yes}}
 
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
| {{Yes}}
 
 
|-
 
|-
 
| DotNet Patcher
 
| DotNet Patcher
 +
| 2015
 
| Free
 
| Free
| 2015
 
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 145: Line 154:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{No}}
 
|-
 
|-
 
| Eazfuscator.NET
 
| Eazfuscator.NET
| $399
 
 
| 2016  
 
| 2016  
 +
| Commercial
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 156: Line 166:
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
 +
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 161: Line 172:
 
|-
 
|-
 
| Eziriz .NET Reactor  
 
| Eziriz .NET Reactor  
| $179
 
 
| 2016
 
| 2016
 +
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 173: Line 184:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{Yes}}
 
|-
 
|-
 
| ILProtector
 
| ILProtector
| Free demo / $199
+
| 2016
| 2015
+
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 187: Line 199:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{No}}
 
|-
 
|-
| [http://netguard.io/ .NETGuard]
+
| NETGuard.io  
| Free demo / $2 - $9
 
 
| 2016
 
| 2016
 +
| Commercial
 +
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 197: Line 211:
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 +
| {{Coming soon}}
 +
| {{Coming soon}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
| {{No}}
 
| {{Yes}}
 
 
|-
 
|-
 
| NetWinProtector (Protector)
 
| NetWinProtector (Protector)
| $100
 
 
| 2014
 
| 2014
 +
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 215: Line 229:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{No}}
 
|-
 
|-
 
| Obfuscar
 
| Obfuscar
| Free
 
 
| 2015
 
| 2015
 +
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 226: Line 241:
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
|-
 
| Salamander
 
| $1,899
 
| 2006
 
| {{Yes}}
 
| {{Unknown}}
 
| {{Unknown}}
 
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{Unknown}}
 
| {{No}}
 
| {{No}}
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
 
|-
 
|-
 
| SeeUnsharp .NET Obfuscator
 
| SeeUnsharp .NET Obfuscator
| 99–499&nbsp;€
 
 
| 2016
 
| 2016
 +
|
 
| {{Coming soon}}
 
| {{Coming soon}}
 
| {{Yes}}
 
| {{Yes}}
Line 255: Line 257:
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
| {{Unknown}}
+
| {{No}}
| {{Yes}}
 
|-
 
| SharpObfuscator
 
| Free
 
| 2007
 
 
| {{Yes}}
 
| {{Yes}}
 
| {{No}}
 
| {{No}}
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
 
|-
 
|-
 
| Skater
 
| Skater
| $79.90–$1,709.99
+
| 2016
| 2015
+
| Commercial
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 285: Line 274:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{Yes}}
 
|-
 
|-
 
| Smart Assembly
 
| Smart Assembly
| $993–$1,493
 
 
| 2015
 
| 2015
 +
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 298: Line 288:
 
| {{No}}
 
| {{No}}
 
| {{No}}
 
| {{No}}
 +
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
|-
 
|-
 
| Spices
 
| Spices
| $399.90–$6,499.90
 
 
| 2013
 
| 2013
 +
|
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
 
| {{Yes}}
Line 313: Line 304:
 
| {{No}}
 
| {{No}}
 
| {{Unknown}}
 
| {{Unknown}}
 +
| {{No}}
 
|-
 
|-
 
|}
 
|}
Line 328: Line 320:
  
 
==Method Call Redirection==
 
==Method Call Redirection==
The way CIL instructions work references to external types and methods are clearly visible and will be unaffected by name obfuscation and control flow obfuscation. Even without reasonable names, the fact that a method makes use of certain [[Standard Libraries (CLI)|framework classes]] like I/O, networking or cryptography can draw attention to it. Calls to suspicious methods can be redirected through a simple generated method that only wraps the original call. This wrapper method can be renamed and the called method's name will no longer appear in the obfuscated method body. The Just-In-Time compiler ([[Just-in-time compilation|JIT]]) will normally inline such short wrapper methods so that it does not affect runtime performance.
+
The way CIL instructions work references to external types and methods are clearly visible and will be unaffected by name obfuscation and control flow obfuscation. Even without reasonable names, the fact that a method makes use of certain [[Standard Libraries (CLI)|framework classes]] like I/O, networking or cryptography can draw attention to it. Calls to suspicious methods can be redirected through a generated method that only wraps the original call. This wrapper method can be renamed and the called method's name will no longer appear in the obfuscated method body. The Just-In-Time compiler ([[Just-in-time compilation|JIT]]) will normally inline such short wrapper methods so that it does not affect runtime performance.
  
 
==Code Encryption==
 
==Code Encryption==
Code encryption protects the CIL instructions by [[Encryption|encrypting]] them and stripping the original instructions from the assembly. The encrypted instructions are kept in a separate storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the CIL as needed. If native code is involved, the application may not run on [[Cross-platform|different platforms]] anymore.
+
Code encryption protects the CIL instructions by [[Encryption|encrypting]] them and stripping the original instructions from the assembly. The encrypted instructions are kept in a separate storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the CIL as needed. If the native code is involved, the application may not run on [[Cross-platform|different platforms]] anymore.
  
 
==Code Virtualization==
 
==Code Virtualization==
Code virtualization converts the CIL code into virtual opcodes that will only be understood by a secure [[virtual machine]]. As opposed to protecting CIL code through encryption where the encrypted code must be decrypted back into CIL before it can be executed by the [[Common Language Runtime|CLR]], code virtualization uses a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation. The code is never translated back to its original form, instead the virtual machine emulates the original code behavior. Code virtualization can significantly degrade performance and make debugging very difficult.
+
Code virtualization converts the CIL code into virtual opcodes that will only be understood by a secure [[virtual machine]]. As opposed to protecting CIL code through encryption where the encrypted code must be decrypted back into CIL before it can be executed by the [[Common Language Runtime|CLR]], code virtualization uses a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation. The code is never translated back to its original form, instead, the virtual machine emulates the original code behavior. Code virtualization can significantly degrade performance and make debugging very difficult.
  
==Data Virtualization==
+
== Data Virtualization ==
The data stored in the class fields are vulnerable to analysis and unauthorized modification at runtime. The virtualization helps to minimize this vector of attack by changing the way the data are presented in memory and in assembly file. The original fields are replaced with special holders that store the values in encrypted form. The data are only decrypted when the value is used by the program code, after that it gets cleared from the memory.
+
The data stored in the class fields are vulnerable to analysis and unauthorized modification at runtime. The virtualization helps to minimize this vector of attack by changing the way the data are presented in memory and in the assembly file. The original fields are replaced with special holders that store the values in encrypted form. The data are only decrypted when the value is used by the program code, after that it gets cleared from the memory.
  
==Debug Symbols==
+
==Symbol files==
Debug symbols, .pdb files for [[Microsoft Visual Studio|Visual Studio]], contain mappings from CIL elements and method body offsets to the original source code files. These symbol files are required to use a debugger on the assembly. The obfuscated assembly is a modified version of the original assembly and the original assembly's symbol files do not match the obfuscated one. The obfuscator software must therefore write the corresponding debug symbols for the obfuscated assembly. This file should not be deployed with the application (as it would defeat the purpose of obfuscation) but it can be used by the developer to analyse issues in the obfuscated assembly.
+
Symbol files are .pdb files for [[Microsoft Visual Studio|Visual Studio]] applications that show how the compiler converted source code into machine code. They contain mappings from CIL elements and method body offsets to the original source code files. These symbol files are required to use a debugger on the assembly. The obfuscated assembly is a modified version of the original assembly and the original assembly's symbol files do not match the obfuscated one. The obfuscator software must, therefore, write the corresponding debug symbols for the obfuscated assembly. This file should not be deployed with the application (as it would defeat the purpose of obfuscation) but it can be used by the developer to analyze issues in the obfuscated assembly.
  
 
==See also==
 
==See also==
 
*[[Obfuscation (software)|Obfuscation software]]
 
*[[Obfuscation (software)|Obfuscation software]]
 
*[[.NET]]
 
*[[.NET]]
 +
*[[Dotfuscator]]
  
 
==References==
 
==References==
 
{{reflist}}
 
{{reflist}}
  
 +
== External links ==
 +
* [http://www.infoworld.com/article/2987191/application-architecture/protect-your-assemblies-using-obfuscation.html Protect your assemblies using obfuscation]
  
 
[[Category:Lists of software|Obfuscators for .NET]]
 
[[Category:Lists of software|Obfuscators for .NET]]
 
[[Category:Obfuscation]]
 
[[Category:Obfuscation]]

Latest revision as of 16:10, 29 August 2016

This article was considered for deletion at Wikipedia on August 12 2016. This is a backup of Wikipedia:List_of_obfuscators_for_.NET. All of its AfDs can be found at Wikipedia:Special:PrefixIndex/Wikipedia:Articles_for_deletion/List_of_obfuscators_for_.NET, the first at Wikipedia:Wikipedia:Articles_for_deletion/List_of_obfuscators_for_.NET. Purge

Wikipedia editors had multiple issues with this page:
DPv2 loves original research.

Template:Underlinked

This article needs additional references for verification. Please help[0] improve this article by adding citations to reliable sources. Unsourced material will not be challenged and removed. (August 2014)
The topic of this article may not meet Wikipedia's general notability guideline. But, that doesn't mean someone has to… establish notability by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond its mere trivial mention. (February 2014)

Advertising?

Compiling a .NET project generates an assembly that contains Intermediate Language (CIL) instructions, managed resources and metadata describing the types, methods, properties, fields and events in the assembly. This metadata allows inspecting the assembly through the reflection API which makes dynamic code like data bindings in WPF possible. But this metadata and the high-level nature of CIL instructions make it possible to understand the assembly structure and the method instructions in order to decompile it to the high-level source code. In many cases, the generated source code looks similar to the original source code used by the compiler. It lacks code formatting and comments but it has all the type and member names. An attacker could use this information to understand how a program was implemented, which would allow the access to manipulate or to extract sensitive information or algorithms.

Obfuscation is the process of modifying an assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. While it may change metadata or the actual method instructions, it does not alter the logic flow or the output of the program. There are several techniques that can be used which are described below.

There are a number of .NET obfuscators available including a free one that is part of Visual Studio (Dotfuscator CE).[1] Note, not all of these support the latest version of the .NET framework, Xamarin and Universal Apps. Different obfuscators support different protection methods, however, most share common features which can be used for the purpose of comparison. The list is followed by a brief explanation of each one of the features on which the comparison is based.

The list of features below has not been vetted by a credible authority with references. For example, a vendor may claim to support a specific feature that only works under a very narrow set of circumstances and some vendors may deliberately manipulate the feature list for a competitor. As always, do you own research, testing and validation.

Name Last
Release
License Tamper
Defense
Anti
Decompiler
String
Encryption
Control Flow
Obfuscation
Method Call
Redirection
Compression Code
Encryption
Code
Virtualization
Data
Virtualization
Debug
Symbols
Assembly
Merging
Agile.NET 2016 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:Yes Template:Yes
Appfuscator 2016 Commercial Template:No Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:No Template:No Template:No Template:Yes Template:No
Babel Obfuscator 2016 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:No Template:No Template:Unknown Template:Yes
ConfuserEx 2015 MIT License Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:Unknown Template:No Template:Yes Template:Unknown
Crypto Obfuscator 2015 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:No Template:No Template:Unknown Template:No
Dotfuscator Community Edition 2016 (June) Free Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown
Dotfuscator Professional Edition 2016 (June) Commercial Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown Template:Unknown
DotNet Patcher 2015 Free Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:No Template:No Template:No Template:Unknown Template:No
Eazfuscator.NET 2016 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:Yes Template:No Template:Yes Template:Yes Template:Yes Template:Yes
Eziriz .NET Reactor 2016 Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:No Template:No Template:Unknown Template:Yes
ILProtector 2016 Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:No Template:No Template:Unknown Template:No
NETGuard.io 2016 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Coming soon Template:Coming soon Template:Yes Template:No
NetWinProtector (Protector) 2014 Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:No Template:Yes Template:No Template:No Template:Unknown Template:No
Obfuscar 2015 Template:Yes Template:Yes Template:Yes Template:No Template:Unknown Template:No Template:No Template:No Template:Unknown Template:Unknown Template:No
SeeUnsharp .NET Obfuscator 2016 Template:Coming soon Template:Yes Template:Yes Template:No Template:Yes Template:Yes Template:No Template:No Template:No Template:Yes Template:No
Skater 2016 Commercial Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:Yes Template:No Template:No Template:Unknown Template:Yes
Smart Assembly 2015 Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:Yes Template:No Template:No Template:No Template:Yes Template:Yes
Spices 2013 Template:Yes Template:Yes Template:Yes Template:Yes Template:Unknown Template:Yes Template:No Template:No Template:No Template:Unknown Template:No

Name Obfuscation

Name obfuscation changes the name of types and members. Name obfuscation makes the decompiled source harder to understand but the overall flow of the code is not obscured. The new names can follow different schemes like "a", "b", "c", or numbers, characters from non-Latin scripts, unprintable characters or invisible characters. Names may be used multiple times in a scope by using overloading. While proper names are technically not required to execute the assembly, the resulting assembly would be unverifiable.

Name obfuscation is the most basic technique that is used by every .NET obfuscator solution.

String Encryption

In a managed assembly all strings are clearly identifiable and readable. Even when methods are renamed, strings used in a method may give clues about the purpose of the method. This includes messages (especially error messages) that are displayed to the user. Those strings can be tracked down to the code that uses them. String encryption works by modifying all strings in the assembly and restore their original value at runtime. Since the string data must be restored automatically at runtime, usually without the user providing a decryption key, the data cannot actually be encrypted but only encoded. The algorithm that decodes the data is always included in the obfuscated assembly. This process may affect the runtime performance of the program, either once at startup or for every string usage.

Control Flow Obfuscation

Control flow obfuscation is about modifying the program so that it yields the same result when run, but is impossible to decompile into a well-structured source code and is more difficult to understand. Most code obfuscators would replace CIL instructions produced by a .NET compiler with gotos and other instructions that may not be decompiled into a valid source code. This process may affect the runtime performance of a method.

Method Call Redirection

The way CIL instructions work references to external types and methods are clearly visible and will be unaffected by name obfuscation and control flow obfuscation. Even without reasonable names, the fact that a method makes use of certain framework classes like I/O, networking or cryptography can draw attention to it. Calls to suspicious methods can be redirected through a generated method that only wraps the original call. This wrapper method can be renamed and the called method's name will no longer appear in the obfuscated method body. The Just-In-Time compiler (JIT) will normally inline such short wrapper methods so that it does not affect runtime performance.

Code Encryption

Code encryption protects the CIL instructions by encrypting them and stripping the original instructions from the assembly. The encrypted instructions are kept in a separate storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the CIL as needed. If the native code is involved, the application may not run on different platforms anymore.

Code Virtualization

Code virtualization converts the CIL code into virtual opcodes that will only be understood by a secure virtual machine. As opposed to protecting CIL code through encryption where the encrypted code must be decrypted back into CIL before it can be executed by the CLR, code virtualization uses a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation. The code is never translated back to its original form, instead, the virtual machine emulates the original code behavior. Code virtualization can significantly degrade performance and make debugging very difficult.

Data Virtualization

The data stored in the class fields are vulnerable to analysis and unauthorized modification at runtime. The virtualization helps to minimize this vector of attack by changing the way the data are presented in memory and in the assembly file. The original fields are replaced with special holders that store the values in encrypted form. The data are only decrypted when the value is used by the program code, after that it gets cleared from the memory.

Symbol files

Symbol files are .pdb files for Visual Studio applications that show how the compiler converted source code into machine code. They contain mappings from CIL elements and method body offsets to the original source code files. These symbol files are required to use a debugger on the assembly. The obfuscated assembly is a modified version of the original assembly and the original assembly's symbol files do not match the obfuscated one. The obfuscator software must, therefore, write the corresponding debug symbols for the obfuscated assembly. This file should not be deployed with the application (as it would defeat the purpose of obfuscation) but it can be used by the developer to analyze issues in the obfuscated assembly.

See also

References

  1. MSDN Visual Studio “PreEmptive Dotfuscator CE”, “Microsoft Developer Network”, June 2016

External links