Code Protection and Obfuscation of .Net Software Using Crypto Obfuscator


Published on

Crypto Obfuscator For .Net provides superior code protection, obfuscation, optimization and automatic exception reporting for your .Net assemblies. Crypto Obfuscator fully supports WPF, Silverlight , Windows Phone 7, XNA, Xbox, Compact Framework and .Net Micro Framework assemblies. It supports direct XAP file obfuscation, XAML/BAML obfuscation, support for PDB files, a Visual Studio MSBuild Project Integration Wizard, automatic authenticode signing, test mode obfuscation and more!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Code Protection and Obfuscation of .Net Software Using Crypto Obfuscator

  1. 1. AbstractAn unprotected and unobfuscated .Net assembly is an easy target for piracy, reverse-engineeringand IP theft. Crypto Obfuscator is a popular obfuscator from LogicNP Software which protectsagainst these threats by using advanced software obfuscation, protection and encryptiontechniques.Code Protection and Obfuscation of .Net Software Using Crypto ObfuscatorIntroductionMost non-.Net compilers emit binary programs containing native CPU instructions which arevery hard to disassemble, decompile and reverse-engineer. However, all .Net compilers such asC#, VB.Net, Managed C++, IronPython, etc emit compiled programs in MSIL (MicrosoftIntermediate Language) format. This format preserves a lot of high-level information about yoursoftware such as class, field, method, property and parameter names and even the actual code ina well-defined structure. This has facilitated the development of many decompilers anddissassemblers which can extract this information from a .Net assembly. Some tools can evenreconstruct the actual structure of your code including loops, if statements, method calls, etc.Needless to say, this means that an unprotected .Net assembly is an easy target for hackers,crackers or competitors who can easily reverse-engineer your .Net code from the compiledassembly. They can easily glean valuable trade secrets, algorithms, sensitive information such aspasswords, SQL queries, etc stored in strings, or even try to find security vulnerabilities andchange product functionality.The solution to this problem is to obfuscate all your .Net assemblies before releasing them in thewild. Crypto Obfuscator from LogicNP Software can be used very effectively by softwaredevelopers in their fight against piracy, reverse-engineering and IP theft, to which billions ofdollars are lost every year. Using powerful software obfuscation, protection and encryptiontechniques, Crypto Obfuscator can help software companies shield their valuable code fromcompetitors, reverse-engineers and crackers.Obfuscation & Protection TechniquesCrypto Obfuscator makes use of the following advanced obfuscation and protection techniques:Symbol RenamingCrypto Obfuscator renames the names of the classes, methods, properties, fields, events, etc inyour .Net assembly to a garbled unintelligible name. Depending on the symbol renaming schemechosen, this will result in either very long or very short names which have no relation to the
  2. 2. original names. The original names cannot be derived or guessed from the obfuscated names.Since meaningful names are the most powerful ally when reverse-engineering a software, thismakes it very hard to determine the purpose and function of the renamed entity.Before AfterAdvanced Overload RenamingCrypto Obfuscator renames fields or methods with different signatures to the same name. Forexample two fields having types int and boolean will be given the same name. Similarly twomethods will different parameters will be given the same name. In the case of methods, themethod return type is also used in the signature even though high-level languages such as C# andVB.Net do not support overloading by return type. The .Net runtime is able to differentiatebetween the fields/methods without any problem since the signatures are different. Needless tosay, this scheme makes it even harder to reverse-engineer your code.Before After
  3. 3. Method Call HidingCrypto Obfuscator can hide calls to methods and properties from external assemblies such asthose from the .Net framework. In addition, it can also do the same for unrenamed methods andproperties from the assemblies which are being obfuscated. This provides very strongobfuscation and makes it impossible to determine when, where and how such methods andproperties are used.Before AfterString Encryption
  4. 4. .Net assemblies contain all the literal strings used in your code in plain view for anybody to see.Literal strings often contain sensitive information such as login information, passwords, SQLqueries, algorithm parameters. In addition, they also help in reverse-engineering your .Net codeby providing a marker. For example, someone wanting to remove license checking from yoursoftware will search for all instances of strings like "license" or valid" or "invalid". Once theyhave found such strings, they will examine the surrounding code to see if it is the licensingchecking code and if so, remove or disable it. Crypto Obfuscator solves all these issues byencrypting all literal strings in your .Net code.Before AfterAdvanced Tamper DetectionCrypto Obfuscator can perform strong name verification of the assembly itself even if strong-name verification has been turned OFF on the machine on which the assembly is running or ifthe assembly has been registered in the verification skip-list - this is typically done by hackersor crackers. Furthermore, the strong name verification is done using the original key used to signthe assembly when it was processed by Crypto Obfuscator. Thus, strong name verification failseven if the key is removed or replaced - again something typically done by hackers or crackers.Control Flow ObfuscationIn .Net assemblies, even the code is stored in a well structured manner using a published format.This enables a sufficiently advanced decompiler to reconstruct to a pretty accurate degree theexact structure of your code including the for/while loops, if statements, try-catch blocks, etc.When doing control flow obfuscation on your code, Crypto Obfuscator changes the structure ofyour code into spaghetti code while maintaining 100% the logic and output of the code. Theresult is that decompilers are unable to reconstruct your code and output incorrect or garbagecode. Most of the times they crash while trying to do so. This provides powerful method bodyprotection for your software.
  5. 5. Before AfterILDASM SuppressionILDASM (Microsoft IL Dissassembler) is a free tool to disassembly any .Net assembly intoMSIL (Microsoft Intermediate Language) and extract the entire contents including the classes,methods, code and resources from the assembly. Crypto Obfuscator can modify the assembly insuch a way that ILDASM refuses to disassemble the assembly.Anti-Reflection Protection
  6. 6. Many decompilers, dissassemblers and memory dumpers use .Net Reflection mechanism toextract information about a .Net assembly. Crypto Obfuscator can modify the assembly in such away that such tools will fail when trying to work on your assembly.Before AfterAnti-Decompiler ProtectionAdvanced decompilers such as the freely available .Net Reflector are your enemy in the battleagainst the hackers, crackers and competitors. Crypto Obfuscator can modify your assembly insuch a way that such tools fail to work on your assembly - many times they are not even able toopen your assembly, let alone examine it.Before AfterResource Encryption
  7. 7. Tools such as ILDASM, .Net Reflector and others can easily extract resources from yourassembly. Such resources often contain valuable, sensitive or copyrighted information such asimages, UI (WPF baml files), textual content, etc. Crypto Obfuscator can hide and encrypt allsuch resources so that it is impossible to see them, let alone extract them from the assembly.Before AfterAssembly EncryptionCrypto Obfuscator can encrypt all dependant assemblies and any additional assemblies used byyour software. This makes it impossible for someone to get their hands on individual assemblies.You can use this feature to your advantage by separating all sensitive or important code and datain a dependant assembly. In fact, this can be taken to an extreme - simply put ALL yourcode/data in a separate assembly and use a shell assembly as a starter/loader assembly for yourapplication.Before AfterEasy Of Use and VS Integration
  8. 8. One of the focus areas for Crypto Obfuscator is ease of use and integration to ensure that theobfuscation step becomes a seamless part of the software development process. To this end,Crypto Obfuscator offers features like command-line support, Visual Studio integration via Post-Build events and MSBuild, automatic resigning of strong-named assemblies, and even automaticcode signing of obfuscated assemblies using Authenticode. This ensures that the obfuscation stepdoes not become a liability for developers and that developers do not develop a resistance tosomething so vital to IP protection. Also supported is automatic and manual stack-tracedeobfuscation and automatic obfuscation of satellite assemblies.ConclusionEach of the above techniques on its own is pretty powerful and effective against hackers,crackers and competitors. When combined and used together for the obfuscation and codeprotection of your .Net software, they form an impenetrable shield which is extremely difficult tobreak. Even if broken into by the most expert of hands, all they will see are garbage, encryptedor obfuscated code, names and data.Crypto Obfuscator arms .Net developers with a powerful code protection and obfuscation toolwhich enable them to deploy their .Net software without fear of IP theft, reverse-engineering,hacking, cracking and piracy.Developer: LogicNP SoftwareProduct Info & Fully Functional Trial Download: Crypto Obfuscator Website