2

I'm evaluating several obfuscators for protecting code in a WPF application.
For checking results of job done by each obfuscator on a given assembly I use Red Gate's .Net Reflector. Just after each obfuscation I open the assembly with .NET Reflector and see what it looks like.

Is it enough? Can .NET Reflector's results be treated as an indicator of quality of obfuscation, or should I try some additional tools? (not any possible instrument of such a kind, but from a point of view of practical common sense).

rem
  • 16,745
  • 37
  • 112
  • 180
  • 2
    You could additionally try [ILSpy](http://wiki.sharpdevelop.net/ILSpy.ashx). I once had a case where ILSpy was able to decompile code that Reflector wasn't. – Daniel Hilgarth Jul 20 '11 at 12:43
  • @Rem - I would say the code that can be viewed within .NET Reflector is a good starting point. Of course its only going to slow the determined person done and certainly would not stop anyone from viewing the code. – Security Hound Jul 20 '11 at 12:44
  • You could post your findings here, there are some questions about obfuscators... – Daniel Mošmondor Jul 20 '11 at 12:44
  • you could use this question: http://stackoverflow.com/questions/2525/best-net-obfuscation-tools-strategy – dierre Jul 20 '11 at 12:44
  • @Daniel Hilgarth: Just one? I have them several times a day! See last 3 posts @ http://xacc.wordpress.com – leppie Jul 20 '11 at 12:47
  • @leppie: Interesting. Yes, I had only one case so far in an obfuscated assembly. – Daniel Hilgarth Jul 21 '11 at 06:37
  • @Daniel Hilgarth: The code I generate is not even meant to be obfuscated :( In fact I try make it look and feel like C#. – leppie Jul 21 '11 at 07:01
  • @leppie: That sounds like you are generating the IL yourself. That might be the reason why I seldom have this issue: I am only reflecting assemblies whose IL has been generated by the compiler. – Daniel Hilgarth Jul 21 '11 at 07:06

3 Answers3

4

The results from Reflector should be enough on an indication of how any casual attempt at decompiling would fare. Some obfuscatory will obfuscate code to the extent that the assembly will not even open in Reflector.

Anyone who would try any deeper than that will not be easily deterred by more advanced obfuscation than others.

Oded
  • 489,969
  • 99
  • 883
  • 1,009
1

It would be best, if Reflector and ILSpy would outright refuse to decompile the resulting assembly. I know that there exist obfuscators that are capable of that.

Daniel Hilgarth
  • 171,043
  • 40
  • 335
  • 443
0

My opinion is: that "is it enough" or not depends on your target app. Obfuscation is never about 100% secure code, it's always to make the code deassembly difficult enough for potential attacker, but it all depends on how much that "potential attacker" will put effort to deassembly your app. And also .NET Reflector is a viewer, like you mantioned, so if it's ecure or not can deduct you, by looking on, for example:

if strings are encrypted

if parameters are encrypted

if class names and fields like (PWD_USER) are encrypted ...

Regards.

Tigran
  • 61,654
  • 8
  • 86
  • 123