Crypto Obfuscator .Net v2013 with Portable Class Library and WinRT
Crypto Obfuscator .Net v2013, recently released by India based LogicNP Software provides support for Portable Class Library, Windows 8, WinRT, Windows Phone 8 with improvements to SQL CLR assemblies. The release includes a new log tab which displays complete log output during obfuscation and a fake renaming scheme which enables you to rename all classes, fields, methods to fake but realistic names including support for forwarded types.
Crypto Obfuscator .Net v2013 provides an ability to call a user-defined method from the module constructor. It notifies you as and when a new exception report is generated via e-mail and automatically embeds the screenshot of the primary screen to exception reports with the ability to CryptoLicensing assembly into multiple assemblies.
The new method encryption technique encrypts and hides all Intermediate Language (IL) code within methods and includes an ability to open files attached to exception reports directly from the exception viewer dialog. It also provides an ability to add images, files, binary data to exception reports, specify a prefix and suffix for all renamed symbols, include local variable names in Pdb files.
It is also possible to specify a contains pattern in an obfuscation rule, similar to a wildcard and regex pattern. The latest includes a new sample application which demonstrates the steps required to attach files, logs and screenshots to exception reports.
InfoQ had a chat with Himangi G, Senior Developer, LogicNP Software to know more about Obfuscation and also regarding the recently released Crypto Obfuscator .Net v2013.
InfoQ: What is the need for Obfuscation?
.NET compilers such as C#, VB.NET, Managed C++, IronPython emit compiled programs in MSIL (Microsoft Intermediate Language) format. This format preserves a lot of high-level information about your software such as class, field, method, property and parameter names and even the actual code in a well-defined structure. Therefore, an unprotected .NET assembly is an easy target for hackers, crackers or competitors who can:
- Easily reverse-engineer your .NET code.
- Extract passwords, SQL queries from strings
- Glean valuable trade secrets, algorithms
- Find security vulnerabilities
- Change product functionality.
Using an obfuscator like Crypto Obfuscator can help you:
- Protect your code and intellectual property from hackers, crackers or competitors using a variety of obfuscation and code-protection techniques like symbol (class/method/property/field names) renaming, string/constant encryption, method body encryption, control flow obfuscation, method call hiding, and more.
- Protect time & money investment made in your software - Increase ROI for your business.
- Improve the performance of your application, in some circumstances, as a side-effect.
InfoQ: Does .NET Framework 4.5 include tools for Obfuscation?
The .NET Framework 4.5 does not contain any tool for obfuscation. It is the responsibility of the developer to obfuscate assemblies before deploying them.
InfoQ: What makes Crypto Obfuscator for .Net v2013 different from other similar tools?
Besides the standard protections and obfuscations like Symbol Renaming, String Encryption, Control Flow Obfuscation, Crypto Obfuscator has some unique protections like Method Body Encryption, Constant Field Values Removal, Method Call Hiding, Anti-Tamper, Anti-Debug/Trace, Anti-Reflection and more. These combine to give extremely strong code protection to .Net assemblies.
Another useful feature is Automatic Exception Reporting. This feature can save you many hours of support time and give you useful insights on how your software behaves in the wild.
Another unique feature of Crypto Obfuscator is the Warnings shown after obfuscation. This lists all lines of code in your assemblies which can potentially cause the obfuscated assembly to fail. With other obfuscators, it's like shooting in the dark trying to figure out why obfuscated assemblies are not working.
Crypto Obfuscator is very reasonably priced and does not cost thousands of dollars like some of the other products. We believe Crypto Obfuscator is the best combination of features, functionality and price currently available.
Other features include support for obfuscating Windows 8 based WinRT/Metro apps, Windows Phone 8/7 apps, Silverlight apps, automatic command-line support, Authenticode signing, MSBuild Integration support, support for Pdb files, direct XAP obfuscation, XAML/BAML obfuscation, etc.
InfoQ: How does Automatic Exception Reporting works?
Automatic Exception Reporting works by instrumenting your code during obfuscation so as to catch any unhandled exceptions that occur in your software and further makes it easy for your users to report these exceptions to you with a single click of a button.
The exception reports include all pertinent information including full stack trace info along with the values of all method arguments and local variables, plus the system information, the time of the exception, the build number, and optional developer defined custom data like log files, screenshots, etc.
All exception reports can then be automatically downloaded from the exception reporting service and viewed within Crypto Obfuscator. Each report and its associated data is presented clearly so you can use the information to fix the issue.
InfoQ: How can you claim performance improvement if I make use of Crypto Obfuscator For .Net?
Crypto Obfuscator has some settings which improve performance like Reduce Metadata, Mark Classes as Sealed, Constant Field Value Removal, etc. Other obfuscations provide performance improvements as a side-effect. For example, symbol renaming drastically shortens the names of classes/methods/fields/properties which can provide some performance improvements.
InfoQ: Can I make use of Crypto Obfuscator For .Net v2013 from within Visual Studio 2012?
Yes, Crypto Obfuscator comes with the Visual Studio Project Integrator Wizard which allows you to integrate (using MSBuild) the obfuscation step in the build process of your Visual Studio projects. When this is done, assemblies are automatically obfuscated using Crypto Obfuscator as part of the build process of your projects.
InfoQ: Why did you provide support for Windows Phone and WinRT platforms?
We believe Windows Phone and WinRT/Metro platforms have a lot of potential and their popularity is only going to increase with time. Many of our customers had requested that we add support for obfuscating assemblies targeted to these platforms, so it was a no-brainer.
InfoQ: Do you provide support for Android, iOS platforms?
Yes, Crypto Obfuscator supports these platforms if the apps are developed using Mono for Android or Mono Touch frameworks.
InfoQ: Can you share with us the future roadmap for Crypto Obfuscator for .Net v2013?
We are planning to add some new obfuscations and protections to Crypto Obfuscator in the coming months. Additionally, we also plan to improve existing obfuscations. Ultimately, the main goal of all these is to make it harder to decompile or reverse-engineer .NET assemblies.
John Krewson, Steve Ropa and Matt Badgley Nov 24, 2014