Export (0) Print
Expand All

Obfuscating Smart Device Applications

.NET Compact Framework 1.0
 

Content Master Ltd

April 2003

Applies to:
    Microsoft® .NET Compact Framework 1.0
    Microsoft Visual Studio® .NET 2003

Summary: Learn how you protect your source code with the PreEmptive Dotfuscator obfuscator. (4 printed pages)

Contents

Introduction
Understanding Obfuscation
Using Dotfuscator
More Info

Introduction

As with the full Microsoft® .NET Framework, the .NET Compact Framework generates Microsoft Intermediate Language (MSIL). Both .NET compilers for the .NET Compact Framework (VB .NET and C#) produce MSIL as their output. While being a lower level language than VB.NET or C#, MSIL is still laden with identifiers and algorithms that are easily observable.

Reverse engineering of MSIL is a much-discussed topic. One such reverse engineering tool is Jay Freeman’s Anakrino decompiler. Anakrino takes MSIL and converts it into the more easily understandable C# source code. This obviously presents a problem—how do you protect the security of your source code, and your intellectual property?

Fortunately, a solution to the problem of protecting your code comes bundled with Microsoft Visual Studio® .NET 2003. PreEmptive Dotfuscator Community Edition is an obfuscation tool for .NET.

Understanding Obfuscation

Obfuscation takes a working application and modifies it so that it is difficult for humans to understand, while still providing the same executable code for the .NET runtime. Obfuscation renders MSIL that is very difficult, if not impossible, to reverse-engineer into understandable source code. Obfuscation can use a number of techniques to compact repeated names, usually of one character length. This includes the renaming of all properties, fields, methods and classes. Dotfuscator uses a patented Overload Induction renaming system (available in the Professional edition), which renames as many methods as possible to the same name. While your programming logic is not destroyed by this process, it is rendered incomprehensible.

For example, take the following sample code:

private void CalcPayroll(SpecialList employeeGroup)
{
    while(employeeGroup.HasMore()) 
    {
        employee = employeeGroup.GetNext(true);
        employee.UpdateSalary();
        DistributeCheck(employee);
    }
}

After applying Overload Induction obfuscation, the reverse-engineered code looks like the following:

private void a(a b) {
    while(b.a()) {
        a = b.a(true);
        a.a();
        a(a);
    }
}

Using Dotfuscator

Visual Studio .NET 2003 comes complete with PreEmptive Dotfuscator Community Edition. This is a special version of Dotfuscator for .NET developers. It has less functionality that its Professional Edition counterpart, but still provides protection for your source code through non-optimized obfuscation.

From Visual Studio .NET, click the Tools menu and select Dotfuscator Community Edition. This will launch Dotfuscator and the Select Project Type dialog will appear. Select Create New Project and then click OK.

If you click the Options tab you will be presented with four Global Options, namely

  • Investigate: Produce a map file of what changes Dotfuscator would make to your code, but do not produce any modified code
  • Library: Prevent public classes and nested public classes from being renamed
  • Quiet: Run Dotfuscator in quite mode
  • Verbose: Run Dotfuscator in verbose mode

Click the Trigger tab. This page allows you to specify which assemblies you wish to obfuscate. If you click the Browse button you can select an executable to obfuscate.

Figure 1. Dotfuscator

Click the Build tab. This page allows you to select a Temporary Directory which Dotfuscator will use to obfuscate your assemblies. You can also select a Destination Directory where your obfuscated assemblies will be created. When you have done this, clicking the Build button will obfuscate your code. The progress of the obfuscation is shown in the output window at the bottom of the screen.

Finally, you should see a Build Finished message in the output window. You can examine your freshly obfuscated assembly using Anakrino and compare the reverse-engineered C# with your original code.

Your Smart Device application is now ready for deployment to a Smart Device and you can rest assured that your source code is protected from any unwanted eyes.

More Info

For more information, please see the resources below:

Show:
© 2014 Microsoft