Protect .Net application from Deobfuscators?

Question

I know that we can protect .Net applications from decompiling by using obfuscators.

But I read somewhere that there is some Deobfuscators (like de4dot ) that can deobfuscate .Net obfuscated applications. They can Neutralize the effect of some obfuscators like Eazfuscator.NET . So, they can decompile even obfuscated .Net applications.

Is that right? If yes, how to protect applications from deobfuscators?

score 4 · Answer 1 · answered Dec 16 '11 at 10:12

4

In short, you can't. You can only make life difficult for people, but ultimately, if they want to access your code, they can do.

answered Dec 16 '11 at 10:12

ChrisBint

12,773
6
40
62

But this process is much harder in c++ compiler. is this mean that we should not make valuable programs with .Net ? – Mahdi Ghiasi Dec 16 '11 at 10:15

score 4 · Accepted Answer · answered Dec 16 '11 at 10:13

4

No app is 100% protected, but the commercial obfuscators make a pretty good job of making it hard.

answered Dec 16 '11 at 10:13

Preet Sangha

64,563
18
145
216

Can you say the name of some of these commercial obfuscators that making deobfuscate much harder? And what about free obfuscators? Aren't they safe? – Mahdi Ghiasi Dec 16 '11 at 10:17
http://stackoverflow.com/questions/71195/should-you-obfuscate-a-commercial-net-application – Preet Sangha Dec 16 '11 at 10:27
Can I use some obfuscators together? will this increase security? – Mahdi Ghiasi Dec 16 '11 at 10:55
You would have to talk to the producers of them – Preet Sangha Dec 16 '11 at 11:07

score 1 · Answer 3 · answered Apr 25 '12 at 10:42

1

Use an obfuscator to prevent this - obfuscators change the structure but not the meaning/intent of your source code so as to make it very hard for a cracker/hacker to understand the code. Take a look at Crypto Obfuscator which employs various techniques like symbol renaming, string encryption, control flow obfuscation, etc.

It also has special defenses against de4dot - if you try to run de4dot on assemblies obfuscated with Crypto Obfuscator, it will crash.

DISCLAIMER: I work for LogicNP Software, the developer of Crypto Obfuscator.

answered Apr 25 '12 at 10:42

logicnp

5,796
1
28
32

1

Looks like he's onto you: https://github.com/0xd4d/de4dot/wiki/Changelog – CAD bloke Aug 14 '12 at 04:45
@CADbloke - Its like an arms race - we are onto him too. – logicnp Aug 14 '12 at 06:27
2

But every time they crack it then everything you've obfuscated is vulnerable, so you only get to cloak new IP, until the next round. Or am I missing something here? Genuine question. – CAD bloke Aug 15 '12 at 03:59
You have a defense for this in 218? – HGMamaci Jun 18 '18 at 13:57

score 0 · Answer 4 · answered Apr 01 '12 at 20:01

0

Why not? You can try ILProtector. It is free .NET protector. It protects .NET code using code virtualization. In this case level of code protection increases manyfold compared to obfuscation. Your code is not recognized by disassemblers and decompilers such as de4dot, IL DASM or .NET Reflector.

answered Apr 01 '12 at 20:01

Ivan Developer

64
1

Will it decrease the performance of application? – Mahdi Ghiasi Apr 05 '12 at 13:44
I didn't check, but i think it will change insignificantly if at all – Ivan Developer Apr 08 '12 at 11:15
Looks like he cracked that one too: https://github.com/0xd4d/de4dot/wiki/Changelog ... v1.9.0 – CAD bloke Aug 14 '12 at 04:47
1

ILProtector encrypts method instructions. This is NOT virtualization. This is banal Code Encryption, just like in any other protector. It looks like the feature is called virtualization just because it sounds trendy for the author. – ogggre Aug 30 '12 at 13:07

Protect .Net application from Deobfuscators?

4 Answers4