"The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
Bookmark and Share      
Obfuscate .NET code

Do you know that .NET compiled code can be revert back to C# or VB.NET source code? Yes it is possible by using decompiler we can get the original source code, then what about security. We can use .NET obfuscation using Skater for source code protection.

All the language compilers currently exist are producing the byte code or intermediate code that could be understandable to their language interpreters. Microsoft .NET compiler converts the VB.NET or C# source code to MSIL (Microsoft Intermediate Languages).

Skater .NET Obfuscator
More about Skater .NET Obfuscator
Download Skater .NET Obfuscator
Order Skater .NET Obfuscator

An interesting part is there are lots of decompilers are available in market like Reflector for .NET hackers can get back the source code anytime from intermediate code script using these decompilers. How do we provide security for the .NET source code? Here is the solution using obfuscation software tools like Skater.

Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering or as a puzzle or recreational challenge for readers. It is a form of security through obscurity. Programs known as obfuscators transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanisms. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit modified to hide its functionality.

Obfuscating code to prevent reverse engineering is typically done to manage risks that stem from unauthorized access to source code. These risks include loss of intellectual property, ease of probing for application vulnerabilities and loss of revenue that can result when applications are reverse engineered, modified to overreach metering, security logic or usage control and then recompiled. Obfuscating code is, moreover, also a compensating control to manage these risks.

The risk is greater with technologies such as Java and Microsoft's .NET which take advantage of just-in-time compilation technology that allow developers to deploy an application as intermediate code rather than code which has been compiled into machine language before being deployed. Those are far easier to reverse engineer because the virtual machine code is simpler than real machine code and thus, can be decompiled as, nearly, the original source code.

Obfuscators may be used to compact object code or interpreted code without affecting its behavior when size is important. .NET languages are far easier to reverse engineer because they do not compile to machine code, they compile into intermediate MSIL code.

Microsoft recommends using the Script Encoder to obfuscate the ASP files, so in case the web server is compromised, the cracker would be unable to find out how your ASP applications work. The Script Encoder works also on JScript and VBScript files. Note that the encoded JScript is only functional in Internet Explorer. However, that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you have done and how.

Control Flow Obfuscation
Change the flow of the program
Break the link between the original code and the obfuscated code
Must ensure does not introduce any bugs
For example, if or while statements can be transformed into other statements that are logically equivalent but more complex appearing by using the rules of logic. An obfuscator might also insert GoTo statements and labels to turn your neat logic into "spaghetti code" to further confuse human readers.

String Encryption
String constants and literal strings in your .NET source code appear unchanged in your compiled .NET assemblies. Such strings can provide valuable clues for anyone trying to reverse-engineer your code. For example, an attacker trying to break a licensing routine would first focus attention on strings having to do with licensing to locate the appropriate section of code. Obfuscators can make this more difficult by encrypting the strings in the .NET assembly. This is accomplished by inserting a decryption routine into the assembly and calling the decryption code at runtime to return the original strings.

Assembly Linking
Assembly linking, sometimes called merging, is the ability to merge multiple assemblies into one or more output assemblies. This can make an application even smaller and simplify deployment scenarios. When combined with obfuscation and pruning, assembly linking provides a powerful packaging solution for .NET applications.

Skater .NET obfuscator significantly enhances source code security
.NET rich intermediate language is focused on application flexibility and inherently provides significant information on how an application was written. Because of this, .NET applications are more prone to reverse-engineering attack than most previous computer programs. Skater includes obfuscation technologies to protect .NET applications - securing the important intellectual property contained within.






Copyright © 2001-2024 Rustemsoft LLC All Rights Reserved.