How does Dotfuscator work?
https://stackoverflow.com/questions/1288059
-
18-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How does Dotfuscator work? I tried obfuscate some of my classes and it renamed the methods/class to a, b, c etc. But I can still see the code inside those methods? Is it that, I am doing something wrong?
Is there anything that would prevent a totally block deassembling my assembly?
Solution
That is the way it is supposed to work. Your code is still accessible, just more difficult to understand. If you want something "stronger", take a look at Xenocode PostBuild.
OTHER TIPS
Code obfuscation goes well beyond simple renaming of classes, members and variables, though that's an important part of it.
For example, Dotfuscator uses a patented technique called overload induction, where many methods are renamed to the same name (this is possible as long as they have different signatures). PreEmptive solutions cite cases where a third of all methods in the code are renamed to a(). Other techniques involve rewriting simple iterations as recursion, as well as code morphing.
Actually, modern obfuscation techniques are perfectly adequate for making code virtually impossible to reverse-engineer, at least by hand. While it is true that .NET assemblies can never be RE-safe in principle, obfuscation can provide a pretty formidable barrier.
For most of us, that's enough.
you can't block a de-assembling in .net
Unfortunately, there is no way to prevent somebody reflecting your assembly and dissasembling it down to your source code. Obfuscation tools like Dotfuscator will make it significantly harder for somebody to actually read the disassembled code, where virtually all human-readable names can be replaced by meaningless symbols.
If you are releasing your code anywhere, if somebody is determined enough they will be able to reverse-engineer it. The best you can do is make it not worth their time to do so.
The version that comes with Visual Studio is limited and I wouldn't rely on it for full-scale obfuscation if you need to deploy something to customer sites. A free one that you might want to look at is Eazfuscator.net.
Dotfuscator simply makes the decompiled source harder to read - it doesn't prevent decompilation itself.
if you have Professional or Gold Dotfuscator you can block Reflector program from opening your assebmlies.
