I’ve spent the last 2 days looking and testing few .NET obfuscator tools.
I can tell this is not as easy as it sounds!
There are a lot of tools available on the market from the free-community editions to the professional-enterprise editions.
The main features offered by such tools are:
- Renaming: which renames private member, method and class names with inexpressive characters.
- String Encryption: which encrypts any string in your code.
- Control Flow: which transforms your code flow and scrambles it, so that it becomes more difficult to read.
- Code Protection: which replaces the original code by stub methods so that they can’t be decompiled.
I have tried the following tools:
– Dotfuscator (community edition): which is included in Visual Studio and free. Only includes the Renaming feature, and provides a fairly good result. However in my very quick test, I couldn’t run my app once obfuscated!
– Eazfuscator: free as well. Includes Renaming, String Encryption and Control Flow. I was quite impressed by this tool which is very easy to use (one drag and drop, it’s done!) – straight to the point!
– Babel.NET: paid version 150-200 euros. Includes Renaming, String Encryption and Control Flow. The tool does a decent job as well for those who like command line tools.
– Skater.NET: used to be free tool – now from $100 to $370. Includes Renaming, String Encryption and Control Flow. Again, the tool does a decent job, but the Control Flow is a bit weak… It added a set of while(true/false) statements to every new method and anonymous method.
– CliSecure: $795. This is the only tool that provides Code Protection which totally hides your code when you try and access it through reflector. It’s also doing a very good job with Renaming and Control Flow.
Another big addition is that it actually deals with mixed .NET DLLs written in C++/CLI.
This is actual the tool that we peaked, but we still to tweak our code to make our application with the obfuscation.
– Dotfuscator (professional edition): I finally got a quote! $1975 per build machine and $500 per user…
At this price, it does a very good job… but it doesn’t provide the Code Protection.
However, it does work with mixed .NET DLLsas well, and the application worked straight away once obfuscated.
Few links that helped us find our way:
2 thoughts on “.NET Obfuscators”
I loved your article joh. Its .net obfuscator is really useful Technic in security.
Thanks for a greatt read