Obfuscation

One of the things that has always made me nervous is the security of my .Net applications. I was apprehensive of the potential for someone to decompile my .Net programs. I have always wondered why Microsoft developed such a powerful framework and yet left it open to prying eyes. Why didn't Microsoft provide any tools (at least I am not aware of any tools) to protect the .Net assemblies? Well all is not lost. Thank goodness to 3rd party obfuscation and protection software. I used one such software to obfuscate my startup manager program and it worked out pretty good.

{smartassembly} is a great software to obfuscate .Net programs and assemblies. I used {smartassembly} to protect my startup manager program. The user interface is very simple. The protection process is very intuitive. The software simplified the protection process by presenting the options in a straightforward and easy to understand manner. There are several options to protect the assemblies. I was able to obfuscate the control flow of the program and encode strings in my program. I was able to add extended protection to my program by adding incorrect metadata to confuse decompilers and to prevent decompilation by ILDASM.

One useful feature I found was the capability to embed dependent assemblies where in you could embed dependent assemblies in your main assembly. I was able to take and embed three of my assemblies into the main program and not have to worry about dealing with many assemblies during deployment and runtime. This greatly reduced the number of assemblies I had to deploy with my application.



The size of the obfuscated program was less than the original program. I tried to open the obfuscated program in ILDASM but the program would not open. This was due to an option I selected in {smartassembly} to prevent from being opened in ILDASM.

















I then opened the obfuscated program in Lutz Reflector. The obfuscated program opened but the program was obfuscated and decompilation of the program would be next to impossible. As can be seen from the screenshot strings, classes, methods are obfuscated and classes were automatically sealed. This level of obfuscation makes it very difficult to understand and decompile the program.




{smartassembly} is not just an obfuscator but also provides several extended protection and optimization features such as memory management, pruning to reduce the size of the assembly, compressing, dependency merging and resource compression. Using the string encoding feature I was able to obfuscate sensitive strings that reveal intellectual information. This is a good feature to prevent decompilation of strings that may contain proprietary information. My application uses a lot of resources where icons are one of them. I was concerned about the size of the application but by using the resource compression feature I was able to compress the resources in the application.

Overall not only was I able to achieve protection for my application very easily but also improved and optimized the code, size and performance. I wouldn't have it any other way. For additional information on {smartassembly} please visit the website by clicking on the following link: http://www.smartassembly.com/