c# wpf .net Confusere obfuscator

StackOverflow https://stackoverflow.com/questions/19088738

  •  29-06-2022
  •  | 
  •  

Question

I have this problem:

I made a C# WPF (.NET Framework 4.0) application and everything is ok. Now I want to obfuscate it. I tried with Confuser.

The question is:

  1. If the app is published I can see the main exe file and dll-s. So I tried to obfuscate the exe. Where should I put the obfuscated .exe generated file (I obfuscate only the main exe file). I mean Confuser creates a folder called "Confuser" with the obfuscated exe in it. If I doubleclick the obfuscated exe to start the app as usually it doesn't work and I get the normal application crush window. I also tried to replace the original exe file (in the app folder) with the obfuscated one (from Confuser folder).

  2. If the app is deployed I have the setup.msi pack or setup.exe. How should I obfuscate in this case ?

Thankx, Adrian

Was it helpful?

Solution 2

First, you obfuscate your main .exe file and replace the old one. Then you pack everything into installer.

Also make sure all the properties and types involved in xaml are declared as public. Or tell the obfuscator to ignore them somehow.

OTHER TIPS

All XAML-based platforms (WPF, Silverlight, Windows Phone) are quite problematic area for most obfuscators. The main problem is that XAML references types and members by name. No wonder the applications often doesn't work after obfuscation: the integrity breaks.

There are two ways that are used by obfuscators to keep the output assembly work afterwards:

  1. Search XAML content for everything that could be a type or property name and then roughly exclude all members that anyhow match these names. This doesn't give 100% guarantee that the application is not broken while makes the obfuscation coverage poor because of the inaccurate analysis. Still this approach can potentially save your application from breaking.

  2. Do something similar to what XamlReader does: load XAML tree and find all matching CLR types and members. After renaming all the changes are synchronized with XAML. This approach gives the best reliability and coverage (types and members are renamed both in the code and XAML). There are obfuscators on the market that claim that they support XAML renaming. You may want to try some of them.

There is also a workaround. Most obfuscators support conditional obfuscation allowing to manually exclude specific types and members. You should manually exclude all the types and members that are somehow referenced by XAML. This will take some time but usually works.

I'd experiment with a simple console app first. Make sure you can get it working with that.

Then I might progress to a simple WPF app.

The problem with WPF and obfuscation is it relies on reflection. The View Models are bound by name. It could be this obfuscator isn't sensitive to this, or you need to configure it to ignore the names of properties on your view models.

If you've any other reflection using name, that could break it too. Even a Enum.Parse call can be tripped up. Maybe you seralize to/from XML, that is also a point it could break at.

You may want to display the exception that the app is crashing with to help you debug, but I would get comfortible with the tool myself with simple apps to work out how it gets around the above issues.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top