1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is the best option to obfuscate?

Discussion in 'Visual Basic .NET' started by dynander, Dec 19, 2008.

  1. dynander

    dynander Regular Member

    Joined:
    Nov 16, 2008
    Messages:
    279
    Likes Received:
    53
    does anybody here have expertise with obfuscators?
     
  2. 195471

    195471 Regular Member

    Joined:
    Oct 11, 2008
    Messages:
    417
    Likes Received:
    260
    Whether to obfuscate depends on what your goal is and also how your program is coded. I've heard of people having problems using obfuscators where their applications make heavy use of reflection.

    There are some good SO threads out there about this topic:

    Code:
    Should you obfuscate a commercial .Net application?
    http://stackoverflow.com/questions/71195/should-you-obfuscate-a-commercial-net-application
    
    (Why) should I use obfuscation?
    http://stackoverflow.com/questions/31882/why-should-i-use-obfuscation
    
    Should I be worried about obfuscating my .NET code?
    http://stackoverflow.com/questions/12075/should-i-be-worried-about-obfuscating-my-net-code
    IMHO, if you're really concerned about protecting your code, a web application (hosted on a server that you own and control) is the way to go. Or, if you must have a Windows Forms app, you could make part of its functionality dependent upon server-side code (i.e., a Web service, a remote login to your site to retrieve data, etc.).

    I'm an ASP.NET developer, but I have recently started developing Windows Forms apps (for the sole purpose of traffic generation for some blackhat methods ;)), and obfuscation has been a frustrating topic for me. It can deter some people, but at the end of the day, the computer must get its instructions from somewhere, and a determined individual or team of people can eventually get your code. This is why I prefer web development...the code is much harder to hack/steal.

    Hope that helps.
     
  3. 195471

    195471 Regular Member

    Joined:
    Oct 11, 2008
    Messages:
    417
    Likes Received:
    260
    Another option that came to mind...

    You could build selected parts of your program in native DLLs or COM objects and then call them from your managed app using P/Invoke or COM Interop. This sounds like a pain in the rear to me, though.

    There's a chapter in the following book about calling unmanaged code from a managed application if you're interested in learning more:

    Code:
    Visual Basic 2005 Recipes
    http://www.apress.com/book/view/9781590598528
    I don't have the book, but I was reading it at B0rders last weekend. :D
     
  4. dynander

    dynander Regular Member

    Joined:
    Nov 16, 2008
    Messages:
    279
    Likes Received:
    53
    I've many years of corporate world (big office, normally in the basement, no windows, Use Cases of 500 pages, terrible). And in the corporate world, normally the client buy the executable and the code.

    But now I'm coding a twitter bot, pure black hat :). I think I could sell it, depending in the quality I manage to achieve. So, the tipically win32 app is the context here

    I came to think that one of the best ways of protecting you source code is to have the product in the non share list in the forum, but besides that I want to find a practical way of protection.

    The options you say are very good, but:

    1) Calling home for funcionality will increase the complexity, and the operational costs

    2) Having some parts of the code in unmanaged DLLs is, like you say, "a pain in the rear". Also, I code with full objects and designs patterns. It's impossible to reproduce the design in Visual Basic 6, and C++ is way out of my league.

    Thanks you for answers, and I will continue to search a viable and practical option, and I will share my results here
     
  5. 195471

    195471 Regular Member

    Joined:
    Oct 11, 2008
    Messages:
    417
    Likes Received:
    260
    Very true.

    You're welcome. For the time being, I'm going to have my app call home, but if I come across a "viable and practical option" for future projects, I'll share my results here as well.
     
  6. loxy

    loxy Registered Member

    Joined:
    Dec 12, 2008
    Messages:
    71
    Likes Received:
    984
    Occupation:
    Professional Coder
    Location:
    Wouldn't you like to know!
    yeah calling home is the best way.

    A lot of my programs logic is done by a .net webservice running on my server.

    You could hack the app to remove it but then it wouldn't function.
    The only downside to this is requiring a windows server with enough grunt to handle the traffic.

    If you sell ure app this shouldnt be a problem tho.