Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Several questions on C# obfuscation (SmartAssembly, internal functions)

Status
Not open for further replies.

Korba64

Programmer
May 26, 2015
1
UA
Hello! We are caring experiments with several obfuscators. We want to protect our source code from using once more with somebody else. Our main task is to make exe (or dll) analysis for getting original source code structure as complicated as possible. In other words it must be easier to develop application on your own, than to use our sources restored from exe (or dll). At the moment we are testing SmartAssembly 6. We deobfuscate result exe and dll with de4dot. The result is evaluated in Reflector. Thereby we have several questions (It is implicated that analyzed exe (or dll) was obfuscated with SmartAssembly).

Questions:
1. Is there any method (deobfuscation, process dumping, debugging etc) to recover sources of internal and private functions (which are not called from public functions) without extensive and long work (I mean long time spent on recovering process)? If it is possible - please specify the method.
2. The same questions about internal and private function parameter names and local variable names.
3. Which obfuscator (protector etc) you think we should use instead of SmartAssembly to achieve our goals as best as possible (with license cost less than 200$)?

Several observations from our experiments
:
1. De4dot does not recover local var names after SmartAssembly (just renames basing on var types to facilitate the analysis ). But public function code structure and parameter names are recovered pretty good.
2. internal and private functions was not found with Reflector in De4dot recovered file . Besides, their source cannot be found even if public functions is called from them (I mean from internal or private function source) .
3. However if private function is called by public one, it can be found with Reflector and its structure is easily recognized
 
Obfuscation is a very simple process. It takes class, variable and method names and renames them to some general word. ie. Var1,Var2,Var3, Method1, Method2, Method3.

All of your questions relate to how your code can be deobfuscated. The simple answer is your code can never be deobfuscated to the way it was written by a developer but 100% of your code is visible to Reflector and can be reverse engineered given enough time.
Intelligent deobfuscation software (de4dot) can make educated guesses as to what a class, variable or method should be called but it cannot be guaranteed and it still has no knowledge of your original names.

Do you want some custom SIM scripts developed. Contact me via my website
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top