How to Obfuscate your code!

This forum is meant for examples of X# code.

Post Reply
ic2
Posts: 1858
Joined: Sun Feb 28, 2016 11:30 pm
Location: Holland

How to Obfuscate your code!

Post by ic2 »

Anyone working with a .NET programming language (such as XSharp) should realize that the programming code is converted into so-called Intermediate Language (IL) which is the same for all .NET languages. This also means that with various decompilers such as ILSpy usually almost the entire source code of the program can be opened from the .exe file which is generated by the compiler. See https://ilspy.net/https://ilspy.net/ for the program. For the latest version 6x we are awaiting Fabrice's plugin, but for version 5 you can download the plugin from https://www.xsharp.eu/itm-downloads?fol ... %252FTools. It means that you can e.g. open a X# created .exe file and see how the individual methods would look in C# (although sometimes a specific X# method or function shows unchanged, preceded by the X# DLL where it is from). And of course you can see how method from a C# .exe would look in X#.

Programmers don't always realize that, or they don't care that this can be done. What I personally find particularly annoying is that if your program has access to external data, such as FTP sites or SQL databases, everyone can see which credentials you used to access these data. The same applies to algorithms to achieve security.

For those who find that a bothering idea, there are tools that edit the .exe (or .dlls) in such a way that it is not possible, or very difficult, to open that data in this way. It is called obfuscation. I found one via CodeProject on GitHub that hasn't been maintained for years, but a well-maintained current fork turned out to be recently maintained. See https://github.com/mkaring/ConfuserEx

This one worked immediately, and exactly how this should be done is explained step by step in this website: https://www.codeproject.com/articles/11 ... g-or-rever

In short:

1 Start ConfuserEx
2 In tab Project: Open the project directory (e.g. … Release) under Base Directory and for Output Directory you can make it e.g. … ReleaseConfused
3 Click on the + at the right side of the screen and select your files to be obfuscated, e.g. your exe file
4 Go to the Settings Tab, click on the Plus -you can do it globally and/or on the file(s) you selected, double click on the Rules where it says true. The 2nd window opens, click here twice on plus to add these 2 rules (or more):

anti ildasm
anti tamper

5 Click the tab Protect! followed by the button Protect! and use obfuscated exe from the Output directory

You can run this exe instead of the compiler generated exe. Open it in IlSpy and you will see the methods you used, but with the messages as in this image, instead of the source code, see the attached image. The .exe seems to work flawlessly to me, and was not bigger or slower as far as I could see.

I hope this helps some of you.

Dick
Attachments
IlSpyConfused.jpg
IlSpyConfused.jpg (65.1 KiB) Viewed 1552 times
User avatar
pemo18
Posts: 81
Joined: Fri Apr 27, 2018 10:38 am
Location: Germany

How to Obfuscate your code!

Post by pemo18 »

Hello Dick,

Thank you for the hint (and the very good summary) - I would have not found it myself probably. This looks like a good project and the tool obviously does what its needed.

I am just not sure if a commerial product is a better choice for a large application and when you don't want to include more sources for potential problems.

Regards,
Peter
Post Reply