Export (0) Print
Expand All

The Dotfuscator Solution 

Visual Studio 2005

Today, most commercial obfuscators employ a renaming technique that applies trivial identifiers. Typically, these can be as short as a single character. As the obfuscator processes the code, it selects the next available trivial identifier for substitution. This seemingly simple renaming scheme has an advantage over hashing or character-set offset: it cannot be reversed. While the program logic is preserved, the names become nonsense. At this point, we have frustrated human understanding to a large degree. Faced with identifiers like a, t.bb(), ct, and 2s(e4), it is a stretch to translate the semantic purpose to be concepts like invoiceID, address.print(), userName, and deposit(amount). Nevertheless, the program logic can be reverse engineered.

A deeper form of obfuscation uses Overload Induction, a patented algorithm devised by PreEmptive Solutions. Trivial renaming is still used; however, a crafty twist is added. Method identifiers are maximally overloaded after an exhaustive scope analysis. Instead of substituting one new name for each old name, Overload Induction will rename as many methods as possible to the same name. After this deep obfuscation, the logic, while not destroyed, is beyond comprehension. The following simple example illustrates the power of the Overload Induction technique:

Original Source Code Before Obfuscation
private void CalcPayroll(SpecialList employeeGroup) {
   while (employeeGroup.HasMore()) {
        employee = employeeGroup.GetNext(true);
        employee.UpdateSalary();
        DistributeCheck(employee);
    }
}
Reverse-Engineered Source Code
After Overload Induction Dotfuscation
private void a(a b) {
    while (b.a()) {
        a = b.a(true);
        a.a();
        a(a);
    }
}

The example shows that the obfuscated code is more compact. A positive side effect of renaming is size reduction. For example, if a name is 20 characters long, renaming it to a() saves a lot of space (specifically 19 characters). Renaming also saves space by conserving string heap entries. Renaming everything to “a” means that “a” is stored only once, and each method or field renamed to “a” can point to it. Overload Induction enhances this effect because the shortest identifiers are continually reused. Typically, an Overload Induced project will have up to 70% of the methods renamed to a().

Dotfuscator removes debug information and non-essential metadata from a MSIL file as it processes it. Aside from enhancing protection and security, this also contributes to the size-reduction of MSIL files.

It is important to understand that obfuscation is a process that is applied to compiled MSIL code, not source code. The development environment and tools will not change to accommodate renaming. Source code is never altered, or even read, in any way. Obfuscated MSIL code is functionally equivalent to traditional MSIL code and will execute on the Common Language Runtime (CLR) with identical results. (The reverse, however, is not true. Even if it were possible to decompile strongly obfuscated MSIL, it would have significant semantic disparities when compared to the original source code.) The following illustration shows the flow of the Dotfuscation process.

PreEmptive Solutions has been protecting and improving intermediate-compiled software since 1996, beginning with its DashO tools for Java. Its products have enjoyed market-dominance due to their power, versatility, and unique patented features.

Dotfuscator is offered as a family of tools that allow you to take advantage of the powerful .NET platform without worrying about protecting your intellectual property. Dotfuscator has three editions:

Dotfuscator Community Edition is a free version that offers basic obfuscation. Its main purpose is to rename identifiers, raising the bar against reverse engineering. Dotfuscator Community Edition incorporates advanced technologies to facilitate this protection. In addition, some size reduction is achieved (as a result of renaming to trivial identifiers).

Dotfuscator Community Edition 3.0 does not:

  • Operate separately from Visual Studio, meaning it cannot be used in a commercial build environment.
  • Rename .NET 2.0 generic types and methods.
  • Dotfuscate managed code written for Microsoft Office integration.
  • Dotfuscate managed code meant to run inside Microsoft SQL Server 2005.
  • Support Library mode other than as a global option (Library mode is either on or off for all input assemblies).
  • Support Declarative Obfuscation settings other than as global options (Declarative Obfuscation settings are either on or off for all input assemblies).
  • Support C++ applications that target the CLR.

If you need to go beyond these limitations, contact PreEmptive Solutions for more information about Dotfuscator Professional Edition 3.0.

Features available to Dotfuscator Community Edition licensees are flagged with a icon.

Dotfuscator Standard Edition is an entry level commercial obfuscator that has all the advanced renaming capabilities of Dotfuscator Community Edition. On top of that, it adds capabilities such as support for C++ applications that target the CLR, support for generating debug symbol files for obfuscated assemblies, the ability to decode obfuscated stack traces, and better reporting. Features available to Dotfuscator Standard Edition licensees are flagged with a icon.

Dotfuscator Professional Edition includes the features of Dotfuscator Standard Edition and much more. It is the industry leading obfuscator, and is designed for organizations that produce commercial and enterprise applications. Dotfuscator Professional Edition provides superior protection to foil decompilation, advanced size reduction to conserve memory and improve load times, deep Visual Studio.NET integration for seamless configuration, incremental obfuscation to release patches, watermarking to uniquely tag assemblies, and phone and email technical support. Features available to Dotfuscator Professional Edition licensees are flagged with a icon.

Here is a side by side comparison of Dotfuscator product features:

Feature Professional Edition Standard Edition Community Edition
Deep Visual Studio Integration    
Compacting/Pruning    
Comprehensive support for the .NET Compact Framework    
Control Flow Obfuscation    
Enhanced Overload Induction    
Incremental Obfuscation    
Seamless obfuscation of satellite DLLs    
String Encryption    
Assembly Linking    
Support for Pre and Post Build Events    
Automatic Strong Named Assembly Re-signing    
Integration with MSBuild    
Watermarks Software    
Can Run Independent of Visual Studio.NET  
Various Renaming Schemes  
PDB Debugging Support  
Rename Prefix  
Supports C++ .NET assemblies  
Automated Stack Trace Translation  
XML/HTML Report Files  
Support for Generic Types and Methods  
Integration with Build Scripts  
Cross Assembly Obfuscation
Removal of Unused Metadata
Renaming
Support for Declarative Obfuscation

Community Additions

ADD
Show:
© 2015 Microsoft