tags:

views:

840

answers:

5
+5  Q: 

Best method to obfuscate or secure .Net assemblies

I'm looking for a technique or tool which we can use to obfuscate or somehow secure our compiled c# code. The goal is not for user/data security but to hinder reverse engineering of some of the technology in our software.

This is not for use on the web, but for a desktop application.

So, do you know of any tools available to do this type of thing? (They need not be free)

What kind of performance implications do they have if any?

Does this have any negative side effects when using a debugger during development?

We log stack traces of problems in the field. How would obfuscation affect this?

+2  A: 

There is a guide on obfuscators here. It lists some tool options, and talks about many of your concerns.

NerdFury  2008-09-12 20:49:54
A: 

There are tools that also 'deobfuscate' obfuscated DLLs - I'd suggest turning the piece that needs to be protected into an unmanaged component.

Gishu  2008-09-12 21:02:21
At which point we will just turn to de-assemblers just like they do for cracking the copy-protection on computer games.
Jonathan Allen  2008-09-12 21:58:43
A: 

This is a pretty good list of obfuscators from msdn Obfuscators

I have not observed any performance issues when obfuscating my code. If your just sending text basted stack traces you might have a problem translating the method names.

Aaron Fischer  2008-09-12 21:56:48
It would be nice to have links. If you get a chance, could you add them?
spoulson  2008-09-14 16:52:06
Another one to add to that list is Crypto Obfuscator.
logicnp  2009-11-20 09:03:21
+2  A: 

You are wasting your time going down that path. If you have code that you don't want anyone to see, you need to keep it behind closed doors. For example, only execute that code on your own server using a web service interface.

Obfuscating your code only deters the most casual of people. As the video game industry leaned a long time ago, no code is safe from cracking.

Jonathan Allen  2008-09-12 22:01:31
It's absolutely true that none of the protection options will stop the most determined attacks. That doesn't translate to "wasting your time". That's comparable to suggesting you not lock your car when you leave it because a skilled thief can break in. It's still an asset worth protecting and it's negligent not to try and protect it. There is a balance to be struck between protection and aggravating customers and making a minor investment in protecting against 99% of the script kiddies and attackers out there.
Paul Alexander  2009-05-05 00:52:38
A: 

http://www.xheo.com/products/codeveil/Default.aspx

Done the job for me in the past.

Crippeoblade  2008-09-12 22:15:18

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?