I hinted a little about the obfuscation features in Visual Studio 2005 in Chapters 1, "Introducing .NET," and 5, ".NET Assemblies," but it's high time we actually took a look at the features. Visual Studio includes a stripped-down version of Dotfuscator from a company named PreEmptive Solutions (not a part of Microsoftyet). To access the program, use the Tools Dotfuscator Community Edition menu command in Visual Studio. The main interface appears in Figure 21-2. Figure 21-2. It's time to obfuscate!Note As of this writing, Dotfuscator Community Edition is not included with Visual Basic 2005 Express Edition. Even though this is the basic version of the product, you can see that it has a gazillion options. If you want to dive into its enhanced features for your project, that's fantastic. I'll just cover the basic usage here. Let's recall quickly why you would want to obfuscate your code, or even use the word "obfuscate" in mixed company. Here's some code from the Library project. Public Function CenterText(ByVal origText As String, _ ByVal textWidth As Integer) As String ' ----- Center a piece of text in a field width. ' If the text is too wide, truncate it. Dim resultText As String resultText = Trim(origText) If (Len(resultText) >= textWidth) Then ' ----- Truncate as needed. Return Trim(Left(origText, textWidth)) Else ' ----- Start with extra spaces. Return Space((textWidth - Len(origText)) \ 2) & _ resultText End If End Function This code is quite easy to understand, especially with the comments and the meaningful method and variable names. Although .NET obfuscation works at the MSIL level, let's pretend that the obfuscator worked directly on Visual Basic code. Obfuscation of this code might produce results similar to the following. Public Function A(ByVal AA As String, _ ByVal AAA As Integer) As String Dim AAAA As String AAAA = Trim(AA) If (Len(AAAA) >= AAA) Then Return Trim(Left(AA, AAA)) Else Return Space((AAA - Len(AA)) \ 2) & AAAA End If End Function In such a simple routine, we could still figure out the logic, but with more effort than in the original version. Naturally, true obfuscation goes much further than this, scrambling the readability of the code at the IL level, and confounding code readers and hackers alike. To obfuscate an assembly:
To prove that the obfuscation took place, use the IL Disassembler tool that comes with Visual Studio to examine each assembly. (On my system, this program is accessed via Start [All] Programs Microsoft .NET Framework SDK v2.0 Tools MSIL Disassembler.) Figure 21-4 shows the global variables included in the Library Project's General.vb file. The obfuscated version of these same variables appears in Figure 21-5. Figure 21-4. Global variables before obfuscationFigure 21-5. Global variables after obfuscation
I will not be performing obfuscation on the Library Project through this book's tutorial sections. Feel free to try it out on your own. |