Obfuscation in .NET Atchyutuni Shilpa CS-795

Obfuscation in .NET Atchyutuni Shilpa CS-795

What is Obfuscation? Dictionary Meaning: To confuse, to make obscure a problem with extraneous information, to darken. -www.dictionary.com Obfuscation in .Net: - Technology of shrouding the facts. -Technology that makes .NET assemblies more difficult to decompiles and impedes reverse engineering efforts.

.NET Software Development Lifecycle 2 1 4 Design Develop and Build Deploy Test 3 Protect

Why Obfuscation? .NET Programs compiled in MSIL, which is at a higher level than binary machine code. So .NET Programs are easy to reverse engineer using decompilation. The .NET framework ships with a tool (ILDASM) that can disassemble MSIL. Anyone can peruse the details of the software.

Why Obfuscation ctd . Obfuscation reduces the size of an executable. Obfuscation improves the application performance at runtime. It protects the intellectual property.

Dotfuscator Acts obfuscator, pruner, linker, and watermarker for .NET applications. Obfuscation is applied to MSIL and not source code. Obfuscated code is functionally equivalent to traditional MSIL. It executes on CLR with similar results.

Dotfuscator features 1. Renaming : - Uses a patented Overload-Induction renaming system. - Renames as many methods as possible to a same name. - Saves space as short names used for renaming.

Renaming Example Original Source Code Before Obfuscation private void CalcPayroll(SpecialList employeeGroup) { while (employeeGroup.HasMore()) { employee employeeGroup.GetNext(true); employee.UpdateSalary(); DistributeCheck(employee); } } Reverse-Engineered Source Code After Overload Induction Dotfuscation private void a(a b) { while (b.a()) { a b.a(true); a.a(); a(a); } }

Dotfuscator Features ctd 2. String Encryption: Strings in sensitive part of the code are encrypted. 3. Control Flow Obfuscation: - Introduces false conditions and misleading constructs in decompiled code. 4. Pruning: - Determines unused types, methods and fields. Helps reduce size of the assembly.

5. Assembly Linking: - Links multiple assemblies into one or more output assemblies. 6. Watermarking: - Used to Embed data (copyright info/unique nos.) into applications, making them unique.

Demonstration

Drawbacks Maintaining and Troubleshooting becomes difficult. Can break code that depends on reflection, serialization or remoting. Hampers the debugging process, as obfuscation alters MSIL.

Conclusion Obfuscation is not 100 percent protection. If a hacker is perseverant enough, they can find the meaning of your code. The goal of obfuscation is to make the reverse engineering process extremely time consuming and painful so that it not worth the effort.

References Professional Visual Studio 2005 – Andrew Parsons and Nick Randolph. http://aspnet.4guysfromrolla.com http://www.preemptive.com http:// msdn2.microsoft.com/en-us/library/ms227 295(VS.80 ).aspx

THANK YOU !!