Help me choose a .NET obfuscator program?

Question

Help me choose a .NET obfuscator program?

I wrote a program in vb.net 2008 (using .net 3.5). This is a decent sized program. One part of this program is access to an online database and file encryption / decryption. I use a hard password to access db. To encrypt / decrypt files, I used a hard drive. No matter what I do, I will need to hardcode one of two things, at least. For example: even if I store the database password in an encrypted file, I need hard code to decrypt it. Or vice versa.

So, after some thought, I decided that I need to confuse my code so that at least these hard-coded elements / values are not easily visible. Infact to test, I used a program to demonstrate my program. And to my surprise, he showed me every line of code in my program. It seemed to me that all my code was pasted into my exe.

So I need to obfuscate my code. Look, I don’t need too complicated settings. My program is not among the popular or super popular programs for which I need very high security. But I need enough security so that my base code, variables and sensitive information (password, etc.) are not visible.

Please help me choose a good obfuscator that will do the job. It should not be too tiring to use and should be enough for me. In addition, he should be trusted and protected. I mean, I do not want my application to crash or become unstable after I messed it up.

I downloaded a trial version of the .net reactor from Ezriz, and it seems perfect. What are you offering? I can’t fool anything more than 200 dollars. So this product is worth it. You guys know better.

Thank you for your support.

Cheers, Saurabh

+3

security a vb.net cryptography obfuscation

Saurabh Jul 19 '10 at 6:41

source share

4 answers

rook · Answer 1 · 2010-07-19T06:46:24+0000

Obfuscation cannot solve this problem. An attacker could modify his hosts to redirect the domain name to the database that he controls. When you log in, it will get a username / password.

Another attack would be to use a debugger like ollydbg to get username / password in memory. Before using, the username / password must be clear, and the attacker can find it.

Security Through Obscurity will never work. You can never control the client.

The best approach is to set up a SOAP server (WCF) to abstract database operations. The logic for building queries should be server-side. Suppose an attacker has full access to any functions that you open through SOAP.

Elitecoder · Answer 2 · 2010-12-01T09:08:00+0000

You should seriously think about the .NET obfuscator grandma. In my opinion, although this is a console application, it is certainly best suited for price, licensing (not locked on one computer) and features.

user333306 · Answer 3 · 2010-07-19T07:55:33+0000

I am using Eazfuscator: http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx

It is powerful and free. A wonderful tool is extremely easy to use.

Qorbani · Answer 4 · 2010-07-20T22:39:39+0000

I have been using Eziriz.NET Reactor for a while and it works great for me. I used to use the Eazfuscator, but it was not very powerful.

.Net Reactor has such great features as Anti ILDASM and Native Exe file generation. It will also fit your budget. You can use the trial version before buying it and check if it works with your script.

Help me choose a .NET obfuscator program?

More articles: