Obfuscation


I hinted a little about the obfuscation features in Visual Studio 2005 in Chapters 1, "Introducing .NET," and 5, ".NET Assemblies," but it's high time we actually took a look at the features. Visual Studio includes a stripped-down version of Dotfuscator from a company named PreEmptive Solutions (not a part of Microsoftyet). To access the program, use the Tools Dotfuscator Community Edition menu command in Visual Studio. The main interface appears in Figure 21-2.

Figure 21-2. It's time to obfuscate!


Note

As of this writing, Dotfuscator Community Edition is not included with Visual Basic 2005 Express Edition.


Even though this is the basic version of the product, you can see that it has a gazillion options. If you want to dive into its enhanced features for your project, that's fantastic. I'll just cover the basic usage here.

Let's recall quickly why you would want to obfuscate your code, or even use the word "obfuscate" in mixed company. Here's some code from the Library project.

Public Function CenterText(ByVal origText As String, _       ByVal textWidth As Integer) As String    ' ----- Center a piece of text in a field width.    '       If the text is too wide, truncate it.    Dim resultText As String    resultText = Trim(origText)    If (Len(resultText) >= textWidth) Then       ' ----- Truncate as needed.       Return Trim(Left(origText, textWidth))    Else       ' ----- Start with extra spaces.       Return Space((textWidth - Len(origText)) \ 2) & _          resultText    End If End Function 


This code is quite easy to understand, especially with the comments and the meaningful method and variable names. Although .NET obfuscation works at the MSIL level, let's pretend that the obfuscator worked directly on Visual Basic code. Obfuscation of this code might produce results similar to the following.

Public Function A(ByVal AA As String, _       ByVal AAA As Integer) As String    Dim AAAA As String    AAAA = Trim(AA)    If (Len(AAAA) >= AAA) Then       Return Trim(Left(AA, AAA))    Else       Return Space((AAA - Len(AA)) \ 2) & AAAA    End If End Function 


In such a simple routine, we could still figure out the logic, but with more effort than in the original version. Naturally, true obfuscation goes much further than this, scrambling the readability of the code at the IL level, and confounding code readers and hackers alike.

To obfuscate an assembly:

1.

Build your project in Visual Studio using the Build Build [Project Name] menu command.

2.

Start Dotfuscator using the Tools Dotfuscator Community Edition menu command in Visual Studio.

3.

When prompted for a project type, select Create New Project, and click the OK button.

4.

On the Input tab of the Dotfuscator application window, click the Browse and add assembly to list toolbar button. This is the leftmost buttonthe one that looks like a file folder with a small arrow above iton the panel shown earlier in Figure 21-2.

5.

When prompted for an assembly file, browse for your compiled application, and click the OK button. The assembly to use will be in the bin\Release subdirectory within your project's source code directory.

6.

Select the File Build menu command to generate the obfuscated assembly. You will be prompted to save the Dotfuscator project file (an XML file) before the build begins. Save this file to a new directory. When the build occurs, it will save the output assembly in a Dotfuscated subdirectory in the same directory that contains the XML project file.

7.

The build completes, and a summary appears as shown in Figure 21-3. Your obfuscated file is ready to use. The process also generates a Map.xml file that documents all the name changes made to types and members within your application. It would be a bad thing to distribute this file with the assembly. It is for your debugging use only.

Figure 21-3. Summary of the obfuscation, with some advertising thrown in


To prove that the obfuscation took place, use the IL Disassembler tool that comes with Visual Studio to examine each assembly. (On my system, this program is accessed via Start [All] Programs Microsoft .NET Framework SDK v2.0 Tools MSIL Disassembler.) Figure 21-4 shows the global variables included in the Library Project's General.vb file. The obfuscated version of these same variables appears in Figure 21-5.

Figure 21-4. Global variables before obfuscation


Figure 21-5. Global variables after obfuscation


I will not be performing obfuscation on the Library Project through this book's tutorial sections. Feel free to try it out on your own.




Start-to-Finish Visual Basic 2005. Learn Visual Basic 2005 as You Design and Develop a Complete Application
Start-to-Finish Visual Basic 2005: Learn Visual Basic 2005 as You Design and Develop a Complete Application
ISBN: 0321398009
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Tim Patrick

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net