I am looking for a good obfuscater that has visual studio integration, can be commercial or free, and has to work with vs 2010 and .net v4.
Something that is as hassle free as possible, and can obfuscate my release builds
views:
464answers:
4
+5
A:
Dotfuscator ships with Visual Studio, haven't used it though.
There's also a thread on arstechnica about this. It's a couple of years old but worth a read.
R0MANARMY
2010-04-23 13:51:48
+1 for their commercial product which has vs integration.
JL
2010-04-23 13:53:41
+2
A:
Dotfuscator Community Edition(free with VS)
ADVANTAGES: I have used Dotfuscator a lot, the free version will allow you to rename code, so variables like myPassword will show as just ab, it will replace variable names and replaces control statements with goto, making it more difficult to understand the purpose of this section of code after decompiled with tools like reflector.
DISADVANTAGES: But it will still be obvious from the references to encryption COM libraries(not renamed) that there is passwords sensitive content in there, and the encryption key will look very familiar to someone looking for it, making it easy to crack.
Dotfuscator Pro
ADVANTAGES: The pro edition(contact dotfuscator for a trial) will allow you actually encrypt(very easy to do, just one click to select the method you want to encrypt) the method so that when decompiling the code with a reflector, the whole content of the method will show as gibberish and can't be cracked.
DISADVANTAGES: The pro edition is bullet proof safe, but it's very expensive technology, about 3k$ per lisence if i'm correct, but you only need one, on the build line.
GenEric35
2010-04-23 14:14:14
I checked the results personally, the free version exposes a lot of sensitive source code, while the pro version is excellent and conceals just about everything. Price could be a problem for me though.
JL
2010-04-23 14:24:20
yes, it can end up one of the most expensive software licence in a small business, but it's cost is easily justifiable since the code then complies to high security standards.Depending on how much experience you got with obfuscation, it might be good to test your solution with the community edition first, the iron out any bugs that string renaming could cause, especially in asp.net code, then get pro and add the extra features
GenEric35
2010-04-23 14:35:37
+1
A:
Crypto Obfuscator supports VS 2010/.Net 4.0 and it can integrate with your build process. It has a lot of protection and obfuscation features like Anti-Reflector, Anti-Debugging/Tracing, string encryption, symbol renaming, flow obfuscation, resource encryption, etc.
logicnp
2010-04-26 09:55:56
+2
A:
I recommend {smartassembly}. We have been using this now for quite a while and have had great results. Quoting their website, here are some features:
- Further secure your .NET application (Strings Encoding, Anti-disassembler & Anti-decompiler options, Strong Name signature...)
- Deploy your .NET application in one file (Dependencies Merging, Compression and Embedding)
- Remove all non-useful code and metadata (Pruning)
- Perform other code optimizations (Memory Management, Automatic Sealing of Classes...)
- And debug your obfuscated and deployed assembly (automatic unhandled exception reporting via 24x7x365 managed Web Service).
Kyle Rozendo
2010-04-27 20:53:02