Obfuscating assemblies before they get integrated to the MSI

views:

392

answers:

+1 Q:

Obfuscating assemblies before they get integrated to the MSI

I have a VS.NET 2008 solution which contains a Setup Project. This Setup Project takes output of my other project (in the same solution) and produces a MSI. So far, so good... I would like the assemblies included in the MSI to be obfuscated. This obfuscation itself is simple, but how can I introduce this pre-step (obfuscation) to the MSI building? Anybody has an idea?

Thanks!

Make it a post build step of each assembly project?

(If you do not want it for debug builds, the post-build is defined per configuration.)

Separately: -1 for obfuscation.

Richard 2009-02-22 22:17:06

Out of curiousity, why -1 for obsfucation? Most of us don't write software we want others to be able to see.

Steve 2009-02-22 22:27:20

All it is doing is making analysis hard, not impossible. And then someone needs to integrate with your code and you have gone out of business. The protection of the IP is in law, not in messing with your code.

Richard 2009-02-22 22:52:39

I agree, but making it hard is better than making it easy. If its easy anyone can do it. By making it hard, you at least require people to put some effort into it. As for integration, we expose what people need. If they need more, we expose more. We definitely do not want our stuff integrated.

Steve 2009-02-22 23:05:55

"Require people to put some effort into it"? What's your threat model? Non-technical people that are smart enough to use disassemblers? Or technical people smart enough to use disassemblers, but not smart enough to bypass an obfuscator? And, at what cost for debugging, etc.?

MichaelGG 2009-02-23 00:05:04

Use a build tool such as Finalbuilder to automate this process.

eg Build assemblies, then obfuscate them and finally build the setup project.

geoff 2009-02-22 22:25:01

I would consider WiX or something similar (some other build tool) to create the MSI file. You can use the windows tools to decompile the MSI, and then obfuscate, and put them back in the MSI.

Another option is to add an obfuscation tool to the build process. I have done this post build with CodeVeil. If you can branch this into the Post Build steps of all of the projects, sans the setup project (which is built last), you should be able to do this. Having not worked heavily with the setup project, I am not certain this will work, but I see no reason it should not work.

Gregory A Beamer 2009-02-23 00:26:16

If you are using Dotfuscator Professional you can achieve this easily as it ships with a Visual Studio project that is added to your system upon installation.

All you need to do is to add a new Dotfuscator project to your solution, add the outputs from your other projects as inputs to the Dotfuscator project (using the Add Assembly/Add Project Output functionality), set any necessary obfuscation settings and then change the input for your setup project to be the Dotfuscator project. When you now build your solution your code files are compiled then obfuscated and then handed off to the setup project to be built into the MSI.

Joe Kuemerle 2009-04-23 17:59:29

The obfuscator needs to support MSBuild integration for this to work, so that the build output of the compiler can be obfuscated and passed on to the MSI project as input.

Crypto Obfuscator is one such tool which supports this type of scenario.

logicnp 2010-04-01 10:06:16

ansaurus

tags:

views:

answers:

Obfuscating assemblies before they get integrated to the MSI

related questions