views:

117

answers:

4

If one will release clickonce version, how can it be obfuscated by dotfuscator?

.net application

+1  A: 

Yes these are compatible technologies. ClickOnce simply focuses on the deployment of an application and it's associated binaries to a target machine. DotFuscator offuscates the DLL /EXEs. They will work together so long as you run Dotfuscator before publishing the application.

JaredPar
@JaredPar:But, in VS2010, if you 'publish' the clickonce, there are no dll/exe. How to 'run Dotfuscator before publishing the application'.
Begtostudy
Add, 'run Dotfuscator before publishing the application',how to publish?
Begtostudy
A: 

If you are using VS2010, the Dotfuscator that comes with it will obfuscate the files and then re-sign the manifests for you. [Edit -- this is not true unless you buy the full version; it works just like VS2008.]

If you are using VS2008, you will need to publish, then obfuscate the files, and then re-sign the manifests with Mage or MageUI.

RobinDotNet
@RobinDotNet:But, in VS2010, if you 'publish' the clickonce, there are no dll/exe. How to 'run Dotfuscator before publishing the application'.
Begtostudy
See the directions above. Thanks to the Preemptive guys who posted the answer after I asked them for info on twitter. :-)
RobinDotNet
+3  A: 

You can use the commercial version of Dotfuscator to automatically obfuscate a ClickOnce application by adding the deployment manifest ("foo.application") as an input to your Dotfuscator project. Dotfuscator will allow you to add any necessary exclusions to the assemblies contained in the ClickOnce application and will create updated deployment and application manifests containing the obfuscated assemblies.

The free version of Dotfuscator included in Visual Studio (including Visual Studio 2010) does not have the feature to automatically obfuscate ClickOnce applications. In order to get a functioning obfuscated ClickOnce application you will need to recreate or update the ClickOnce manifests since obfuscation changes the signatures of the assemblies.

You can use mage.exe or mageui.exe (included in the Windows/.NET SDK) to update the ClickOnce manifests. If you are going to use mage.exe you need to be aware that you cannot use the "Use .deploy file extension" option in your ClickOnce options as it does not recognize it.

Assuming your ClickOnce application is named "Foo" and is at version 1.0.0.0 the process you will want to follow is:

  1. Publish your ClickOnce application to a directory on disk
  2. Run Dotfuscator CE and add the assemblies you want to be obfuscated from the bin directory of your project
  3. Obfuscate the assemblies. The obfuscated assemblies will be put into a subdirectory named "Dotfuscated" by default.
  4. Resign your obfuscated assemblies with sn.exe (only if you initially strong named them)
  5. Copy the obfuscated assemblies over top of the ones in the ClickOnce publish\Application Files\Foo_1_0_0_0 directory
  6. Update the application manifest and resign it:

    mage.exe -Update "Application Files\Foo_1_0_0_0\Foo.exe.manifest" -CertFile "c:\Foo\foo.pfx" -Password password

  7. Update the deployment manifest and resign it:

    mage.exe -Update Foo.application -AppManifest "Application Files\Foo_1_0_0_0\Foo.exe.manifest" -CertFile "c:\Foo\foo.pfx" -Password password

You now have a valid application and deployment manifest using obfuscated assemblies. You can also use the MageUI.exe tool to accomplish the same tasks (and it knows how to handle assemblies with the .deploy extension) but it is not as easy to automate.

Joe Kuemerle