Click here to Skip to main content
14,826,253 members
Please Sign up or sign in to vote.
3.29/5 (5 votes)
See more:
Looking for a good Code Obfuscator, for managed code,
I am well aware of PreEmptive's dotfuscator, their paid edition is pretty good.
Anyone know of a good (free or for a reasonable price) obfuscator for C# (and\or Java) and if you have worked with one, I'd like to hear your experience please.

If any of you guys have self-implemented (a good one), please write a CP article

NOTE: Yes, I can google it, but I what I want here is a first hand opinion, tnx :)


Best,
H
Posted

1 solution

I searched high and low for a "free" obfuscation tool, while there are some out there (CodePlex has an open-source one), they didn't meet my needs. Unfortunately all the paid ones think that they are made of gold.

I may end up developing (and this is an idea for you) that just makes it impossible to open in ildasm (easy, there is an attribute for this) or reflector (this is harder and may require unmanaged wrappers). I figure once they can't open it in those tools it would deter 99% of people looking to reverse engineer them.

The only obfuscation tool that really worked for me was SecureTeam CliSecure. This worked great on small projects but once I tried to obfuscate my large scale project (40 DLL's, plug-ins, etc) it trashed the output and it would break the execution. Its also pretty expensive ($795).

In the end there is no real way to protect 100%, the truely motivated will get around just about anything you have, but if you can deter 90% I think that's good enough. Many of the free ones can do this just by variable/method renaming.
   
Comments
Nelek 9-Sep-13 10:55am
   
That's true. You can not secure anything 100%, but it is enough secure if you manage to make it difficult enough to avoid the lazy people.
Ron Beyer 9-Sep-13 11:00am
   
Which is why I said "if you can deter 90% (aka the lazy) ... thats good enough" :) Or my contradicting 99% who stop after not being able to open in ildasm or reflector...
   
It tells me that obfuscation is almost useless. Those people who would have problems in reverse-engineering won't even bother (or won't understand what it is), but the minority of people who can do it well will crack nearly everything (I've read that the strongest protection products, which are much more advanced than obfuscation, are actually easier to crack, because reverse-engineering specialists studied them much better)...
—SA
Herbisaurus 10-Sep-13 2:12am
   
Tnx for the reply Ron :)

Did you use the obfuscator (CliSecure) as a default protection you add to your products or was it a client's requisition?

Fact is that I need a more rebust product than an obfuscator, but I wasn't sure that CP is the right site to ask this...
I also need to hide constants like strings that are sensitive, and I need tamper detection (and defense if possible)


Ron Beyer 10-Sep-13 9:39am
   
CliSecure will do all that, and some free ones will too but I never found one that "worked". I did this to try to protect the code for one of my products, most of my clients don't care about obfuscation since the monkeys behind the operator stations still prefer buttons and lights to computers and despise the "new fangled box with the pretty graphics".

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900