Easy obfuscation with {smartassembly}.

Wednesday, January 20, 2010 21:02
Posted in category Uncategorized
No Comments

image This week I finished up on a project I started at the end of 2009. The project, a .NET EPP Client, specifically for the Dutch domain registry, now nears completion, and the first beta testers are ready to test my code. (Here it is.)

Yet, I felt I needed to ‘obfuscate’ the generated code. I wanted to prevent tampering with strings inside the classes, since this is still a beta product. (The software created connects to a test server. I wanted to prevent people from changing the hostname or IP Address to the production server.)

It was clear to me that with tools like Hex Editor Nero or some sort of disassembler, you could easily change strings in the binary and keep using the beta code on a production envrionment.

So it was time to ‘obfuscate’. I quickly ran through some options. Obviously, there’s  dotfuscator. A very limited version of software ships with Visual Studio. Yet, this limited version lacks ‘obfuscation’ options. The version that would support this feature, will set you back a few thousand dollars… That’s not the amount of money I want to spend on this project.

In the end, I chose {smartassembly} as the solution that would do the obfuscation for me. It comes feature-packed and is very easy to use.


Getting started.

Since I’m not a born programmer, I’m not really into all the technical terms that come with obfuscating code and preventing dissassemblement (?) of a DLL, ILDASM, MSIL or ILASM. (And I don’t want to learn about these either… sorry!)

After starting {smartassembly} (the GUI, not the commandline one… haha) you can simply select your assembly, select all the options you want. And there are MANY.

image

After opening your assembly, there a tons of features and options you can enable and disable at will. It will even allow you to sign your assembly with the same key you used to compile the thing in the first place. Pretty cool.

(Control Flow) Obfuscating

Since I wanted to ‘obfuscate’ something, I went straight to the obfuscation part of this wizard-like interface;

image image

It appeared though, that these obfuscation options weren’t what I was looking for; It clearly reads that this obfuscation would, and I quote, “…change the name of your classes and methods to unreadable characters, and will this highly complicate the work needed to understand your code.”

Ok, nice. But since this project has produced a DLL file, clearly meant to be used by another piece of software, this option was clearly not what I was looking for.

Note; I could use this feature though; you can obfuscate only SOME methods in you code, and exclude others;

image 

Okay, so that didn’t work as expected…

Lucky for me, the option I wanted was right below the “Obfuscation” part…

Strings Encoding

There it was. Well, I found out it was, by reading the explanation…

image  

This is exactly what I wanted.

So that’s pretty cool.

At this point, I started noticing the colored bar at the left of the item being edited. It was changing from green to red or yellow as I was changing items. The meaning was pretty intuitive; it signals the user the ‘security’ of the generated assembly. Green would mean that you are doing everything possible to make you assembly hard to read, and red gives you nothing; you have disabled the feature.

image

Building the file

After carefully reading about all available options and selecting those I wanted, it’s time to build the new file.

Click on the Build button and all magic will happen…

image

In the end, I found my new DLL in the location I pointed {smartassembly} to at the beginning.

Here’s the original file;

image

And here’s the one {smartassembly}  generated;

image

As you can see, in my case, the DLL got slightly bigger. But {smartassembly} already told me that when I read about some other options I enabled. (Most make your assemly smaller and faster, but there are some that make them bigger or have a small performance penalty).

Now check if {smartassembly} really obfuscated the strings I wanted obfuscated… Here’s a screenshot of a hex editor, in the original DLL; one of the strings in my code is highlighted here;

image

In code, it looked like this;

image

Now, let’s open up the assembly {smartassembly} generated and check if I can find this string…

I opened up the new assembly in the same editor, and searched for the string (in HEX mode…)

image

Guess what..

image

So that worked! And trust me, I spent another hour trying to find the stuff I expected to be hidde, just to find that I wasn’t to be found…

Testing the end result

I had already created a demo project that referenced the DLL I created. The demo project uses all methods in the assembly. I simply replaced the ‘original’ DLL with the one {smartassembly} generated, and guess what… it all worked… No changed needed or noted.

That’s what I was looking for.

Now, I could very well do a lot of performance tests, but there is no noticable difference between the two versions of the DLL’s. Perhaps in a very high performance environment, you might want to do some testing here, but for me; it just WORKS and does what I want!

Now for licensing… (any ideas? drop me an email!)

 

More information:

Free Hex Editor Neo

{smartassembly}

You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

«
»