Add to collection(s) Add to saved
  1. No category

What is Obfuscation?

advertisement 
Obfuscation
in .NET
Atchyutuni Shilpa
CS-795
What is Obfuscation?

Dictionary Meaning:
To confuse, to make obscure a problem with
extraneous information, to darken.
-www.dictionary.com

Obfuscation in .Net:
- Technology of shrouding the facts.
-Technology that makes .NET assemblies more
difficult to decompiles and impedes reverse
engineering efforts.
.NET Software Development
Lifecycle
2
1
4
Design
Develop
and Build
Deploy
Test
3
Protect
Why Obfuscation?

.NET Programs compiled in MSIL, which is at a
higher level than binary machine code.

So .NET Programs are easy to reverse engineer
using decompilation.

The .NET framework ships with a tool (ILDASM)
that can disassemble MSIL.

Anyone can peruse the details of the software.
Why Obfuscation ctd….
Obfuscation reduces the size of an
executable.
 Obfuscation improves the application
performance at runtime.
 It protects the intellectual property.

Dotfuscator




Acts obfuscator, pruner, linker, and watermarker
for .NET applications.
Obfuscation is applied to MSIL and not source
code.
Obfuscated code is functionally equivalent to
traditional MSIL.
It executes on CLR with similar results.
Dotfuscator features
1.
Renaming :
-
Uses a patented Overload-Induction
renaming system.
-
Renames as many methods as possible to
a same name.
-
Saves space as short names used for
renaming.
Renaming Example
Original Source Code Before Obfuscation
private void CalcPayroll(SpecialList employeeGroup)
{ while (employeeGroup.HasMore())
{ employee = employeeGroup.GetNext(true);
employee.UpdateSalary();
DistributeCheck(employee);
}
}
Reverse-Engineered Source Code After Overload
Induction Dotfuscation
private void a(a b)
{ while (b.a())
{ a = b.a(true);
a.a(); a(a);
}
}
Dotfuscator Features ctd…
2. String Encryption:
Strings in sensitive part of the code are
encrypted.
3. Control Flow Obfuscation:
- Introduces false conditions and misleading
constructs in decompiled code.
4. Pruning:
-
Determines unused types, methods and fields.
Helps reduce size of the assembly.
5. Assembly Linking:
- Links multiple assemblies into one or more
output assemblies.
6. Watermarking:
- Used to Embed data (copyright
info/unique nos.) into applications, making
them unique.
Demonstration
Drawbacks
Maintaining and Troubleshooting becomes
difficult.
 Can break code that depends on
reflection, serialization or remoting.
 Hampers the debugging process, as
obfuscation alters MSIL.

Conclusion
Obfuscation is not 100 percent protection.
 If a hacker is perseverant enough, they
can find the meaning of your code.
 The goal of obfuscation is to make the
reverse engineering process extremely
time consuming and painful so that it not
worth the effort.

References
Professional Visual Studio 2005 – Andrew
Parsons and Nick Randolph.
 http://aspnet.4guysfromrolla.com
 http://www.preemptive.com
 http://msdn2.microsoft.com/enus/library/ms227295(VS.80).aspx

THANK YOU !!
Related documents
Obfuscated code
Obfuscated code
Vikas Gonti
Vikas Gonti
From Politeness to Passion
From Politeness to Passion
Slides
Slides
ON OBFUSCATION WITH RANDOM ORACLES
ON OBFUSCATION WITH RANDOM ORACLES
Resume - Jessica, the Potato
Resume - Jessica, the Potato
Capturing the Essence of Practical Obfuscation
Capturing the Essence of Practical Obfuscation
Protecting Location Privacy - Infoscience
Protecting Location Privacy - Infoscience
paper
paper
Code Obfuscation - Department of Computer Science
Code Obfuscation - Department of Computer Science
Obfuscation - Northwestern University
Obfuscation - Northwestern University
Presentation
Presentation
9%20-%20Schneider
9%20-%20Schneider
IRJET-Obfuscation: Maze of Code
IRJET-Obfuscation: Maze of Code
Evasion and Obfuscation in Speaker Recognition Surveillance and Forensics
Evasion and Obfuscation in Speaker Recognition Surveillance and Forensics
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 2, Issue 6, June 2013
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 2, Issue 6, June 2013
Enhanced Obfuscation Technique for Data Confidentiality in Public Cloud Storage
Enhanced Obfuscation Technique for Data Confidentiality in Public Cloud Storage
An Intermediate Level Obfuscation Method Dmitriy Dunaev, László Lengyel
An Intermediate Level Obfuscation Method Dmitriy Dunaev, László Lengyel
Load Profile-based Efficiency Metrics for Code Obfuscators Marko Đuković
Load Profile-based Efficiency Metrics for Code Obfuscators Marko Đuković
On Best-Possible Obfuscation Please share
On Best-Possible Obfuscation Please share
A Search Cost Model of Obfuscation Please share
A Search Cost Model of Obfuscation Please share
Download
advertisement