Geek Answers Handbook

How to protect .NET executable from de4dot or similar tools?

I tried obfuscation with the following obfuscators, but no one succeeded against the de40 tool [https://bitbucket.org/0xd4d/de4dot/]

It pains me to see how easy it is .. just drag the tangled .net exe onto de4dot.exe and you will get the source code.

Obfuscators:

Agile.NET (aka CliSecure) Babel.NET CodeFort CodeVeil CodeWall CryptoObfuscator Obfuscator DeepSea Dotfuscator .NET Reactor Eazfuscator.NET Goliath.NET ILProtector MaxtoCode MPRESS rummage Skater.NET SmartAssembly Spices.Net Xenoc

Everyone is useless .. it's really frustrating ..

Can you give a better solution to protect against this tool?

+6
source share
5 answers

de4dot will very soon be compatible with most obfuscators / defenders, and if not, then something else will be.

What I would do is download Confuser from codeplex and use the advanced features tab.

What am I doing, that ALWAYS works and cannot be undone, I:

Confuse everything, but "reduce meta" to "Advanced" in confuser. Then I will compress the assembly with the RPX package. Then I, Reinstall the compressed assembly using "Encrypt Resources" in Confuser.

This makes the assembly almost completely irreversible (there are always people who are good crackers). I also suggest adding the md5 / sha-1 code to the source code.

With all these protection methods, I would officially say that your .net assembly is very secure.

+12
source

I ran into the same problem and could not handle it until now. I am following the release of some obfuscators. I checked that the latest version of ILProtector was released, so I tried to protect the .NET executable and I can say that ILProtector definitely works against de4dot. de4dot cannot decompile secure assemblies.

+2
source

Like today, it seems that the latest version of De4dot can also defocus ILProtector.

Agile.net Secureteam.net code protection says that Defeats de4dot is among other deobfuscators, but I haven't tried it yet. I will edit my answer as soon as I check it.

+2
source

Better try packing with your own packer. All commercial packers can be decompiled by one or the other unpacker.

Good luck.

+1
source

I checked a 4-5 obfuscator today. The main purpose of the obfuscator should not be to hide your license code, but to protect the software / algorithm from being written by the programmer simply by seeing the code. Because if any software, such as Windows, SQL Server, Adobe, etc., can be easily hacked, then there is no chance that you can hide your license code. In my case, I developed several C # programs that can be easily replicated if someone has access to his code inside button click events. So, I tested several obfuscators that implement "code stream obfuscation", which really makes it difficult to understand the execution thread / code algorithm. In fact, when I was performing Codestream Obfuscation on my software, I could not understand my code itself, not to mention what others could understand.

Just imagine that you spent several weeks developing an algorithm that can perform a specific task, such as: you can get airline tickets from all sites and display them in software. If someone can see his code, he / she can simply create the same software in a day. Thus, it is better to mix the algorithm in such a way that it becomes very difficult to understand.

I tried: Dotfuscator, Eziriz.NET Reactor and Crypto Obfuscator and rustemsoft Skater.NET Obfuscator. (And a few others)

Below were my results:

  1. All encodings of strings / variables / functions by all obfuscators were easily de-obfuscated by de-obfuscator de4dot. Thus, it makes no sense to encrypt strings / variables / functions.
  2. I used the maximum level of "code obfuscation" for all 3. I could not use rustemsoft Skater.NET because its software was freezing and the user interface was misleading. And in the free / trial version, "Obfuscation code" was not included for evaluation. So Dotfuscator did the best code development. And then .NET Reactor and Crypto Obfuscator were on the same level, but their entanglement was much worse than that of Dotfuscator.
  3. You can try to virtualize the software using virtualization software, which should prevent direct de-obfuscation with de4dot, but again exe can be easily unpacked with any good unpacker, and then the extracted assembly can be de-obfuscated with de4dot . Virtualization software is used to pack core exe, dll and other resources into one large exe, so you do not need to create an installation file, etc. And run exe directly on any computer. Thus, in this case, you can encrypt the .NET assembly in one encrypted exe file. But, as I said, it can be easily unpacked. There are many videos on this topic on YouTube. This does not "entangle control flow", which was my main goal.

So finally what I did:

Obfuscate the control flow with Dotfuscator, then again the "control flow" obfuscate the confusing exe with .NET Reactor or Crypto Obfuscator. After that, if I de-confuse exe, the code cannot be understood by any intermediate level programmer.

0
source

More articles:


All Articles