Refactoring Vs Obfuscate

It is but a reality that most of the code that is floating around is a borrowed one.Not many have the patience to go through the various overloads and find the right approach or find the snippet that we require.Thanks to Google and other search engines who have played a big role in promoting this trend!But what happens when you get the only the demo of the program or the exe/dll.No issues as there are a equal number of refactoring programs on web to help you out.Even the VS SDK comes shipped with the IL Disassembler. But more often than not we are all accustomed to use the Reflector from RedGate(thanks to Lutz Roeder!).But naturally my devils mind played prank and i decided to test reflector itself!And i tried to break open the code using Reflector so that i can test Lutz’s code.But i was rather disappointed to note that the code was obfuscated.Cool eh?

image 

That’s when i realized the power of Obfuscation!I don’t know how many of your would have noted the Dotfuscator Community Edition that come along with Visual Studio.Its gives a good insight into how you can actually hide your implementation or Business Logic.

image

You just need to create a new project in Dotfuscator.Add the assemblies you want to obfuscate in the Input tab and Build the project.It will ask you to save the project and you need to save the .proj as an xml and voila! there you are…ready!

image

You have better options in the professional versions (which are paid versions),but this would do better as the code will now be nearly impossible to read.So what does this do?Basically obfuscation makes code really incomprehensible or in simple terms unreadable.The main goal is to create confusion.A good obfuscator will make a readable program ambiguous,and will confuse a developer, and make refactoring an impossibility. While the forward (executable) logic will be preserved, the reverse will not be possible.Since secure intellectual property is high on the cards of everybody’s mind let us see the various methods that are used to achieve obfuscation.Primitive obfuscators essentially rename identifiers found in the code to something that is unreadable.

image

While most commercial obfuscators employ a renaming technique that applies trivial identifiers,there are others like Overload Induction, a patented algorithm devised by Preemptive Solutions. Trivial renaming is still used; however, a crafty twist is added. Method identifiers are maximally overloaded after an exhaustive scope analysis. Instead of substituting one new name for each old name, Overload Induction will rename as many methods as possible to the same name.There are lots of other obfuscation methods like string encryption,because for paid software ,we would ask for entering serials,and the cracker would most likely search for the string which asks that in the re-engineered code.So string encryption would change the string value and make it harder for the cracker!Other obfuscation methods include control flow,assembly,watermarking,incremental obfuscations.

A positive side effect of renaming is size reduction.Dotfuscator removes debug information and non-essential metadata from a dll\exe.Obfuscated MSIL code is functionally equivalent to traditional MSIL code and will execute on the Common Language Runtime (CLR) with identical results. The reverse, however, is not true.More details kindly see www.preemptive.com as well as see the documentation on Dotfuscator.Note that a bad programmer with pathetic coding standards is a very good obfuscator!!

**Kindly note many snapshots and material that i have taken are from Dotfuscator.

Advertisements