johonline2 Comments on .NET Obfuscators

.NET Obfuscators

I’ve spent the last 2 days looking and testing few .NET obfuscator tools.

I can tell this is not as easy as it sounds!

There are a lot of tools available on the market from the free-community editions to the professional-enterprise editions.

The main features offered by such tools are:

  • Renaming: which renames private member, method and class names with inexpressive characters.
  • String Encryption: which encrypts any string in your code.
  • Control Flow: which transforms your code flow and scrambles it, so that it becomes more difficult to read.
  • Code Protection: which replaces the original code by stub methods so that they can’t be decompiled.

I have tried the following tools:

Dotfuscator (community edition): which is included in Visual Studio and free. Only includes the Renaming feature, and provides a fairly good result. However in my very quick test, I couldn’t run my app once obfuscated!

Eazfuscator: free as well. Includes Renaming, String Encryption and Control Flow. I was quite impressed by this tool which is very easy to use (one drag and drop, it’s done!) – straight to the point!

Babel.NET: paid version 150-200 euros. Includes Renaming, String Encryption and Control Flow. The tool does a decent job as well for those who like command line tools.

http://www.babelfor.net/Default.aspx

Skater.NET: used to be free tool – now from $100 to $370. Includes Renaming, String Encryption and Control Flow. Again, the tool does a decent job, but the Control Flow is a bit weak… It added a set of while(true/false) statements to every new method and anonymous method.

http://www.rustemsoft.com/obfuscator.asp

CliSecure: $795. This is the only tool that provides Code Protection which totally hides your code when you try and access it through reflector. It’s also doing a very good job with Renaming and Control Flow.

Another big addition is that it actually deals with mixed .NET DLLs written in C++/CLI.

This is actual the tool that we peaked, but we still to tweak our code to make our application with the obfuscation.

http://www.secureteam.net/index.aspx

Dotfuscator (professional edition): I finally got a quote! $1975 per build machine and $500 per user…

At this price, it does a very good job… but it doesn’t provide the Code Protection.

However, it does work with mixed .NET DLLsas well, and the application worked straight away once obfuscated.

http://www.preemptive.com/products/dotfuscator/overview

Few links that helped us find our way:

Published by johonline

I am an Agile Coach and Professional Scrum Trainer based in Sydney. I have 20 years of experience in Software Development on the Microsoft ecosystem working for several consulting groups and software companies. I am now a passionate Developer, Solution Architect, Scrum Master, Agile Coach and Professional Scrum Trainer. I love working with development teams and helping them improving their development practices.

Categories Code

2 thoughts on “.NET Obfuscators

  1. Eran smith 04/08/2011 — 22:52

    I loved your article joh. Its .net obfuscator is really useful Technic in security.

    Reply
  2. Leslie 03/11/2022 — 11:27

    Thanks for a greatt read

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close