Coding Sanity

.NET development and technology thoughts
posts - 51, comments - 30, trackbacks - 0

Obfuscating Code

For my Reflector.Diff v2, I decided to obfuscate it for two main reasons:

  1. It made use of our high-performance Palantir.Diff library, which is based on a popular algorithm, but with some very sneaky tweaks to get the optimum speed out of it. We’d like to protect that sneakiness.
  2. I wanted to use this as a dry run for our trial and download versions of Signate that we’re working on.

Now, the nice folks at Red Gate gave me access to their {smartassembly} obfuscation tool a while ago, and I’d never gotten around to trying it out. I really like their software, especially the ANTS Performance Profiler which has consistently kicked the snot out of the performance tools in Visual Studio.

Anyway, I started up {smartassembly} and created a new project within minutes and happily obfuscated it. I quickly learned that obfuscating everything to the max doesn’t work with something like Reflector.Diff, since you can’t obfuscate it so much that Reflector can’t load it. So, note to self: scrambling the metadata can cause problems with dynamic loading. Fair enough.

So, I backed off on some of the options and obfuscated again. Worked a charm. It linked the Palantir.Diff assembly directly into the Reflector.Diff library, so that even the public types of Palantir.Diff weren’t visible. The code was obfuscated more than I’ve ever seen in a commercial product, and with a few desultory attempts to crack it, I gave up. It then took me just a short while to integrate it directly into my build process (they have an MSBuild task for this).

If there’s a single feature that I like most it’s the linking. I like to have nice assemblies in our projects with public types nicely visible to all and sundry, but I don’t want that getting out in our final product, and the linking takes care of that nicely. Not even that, it allows us to hide exactly what third party tools we’re using in our product, making it even more difficult for someone to figure out what’s cutting.

The cost is not cheap, at $795 it would be difficult to justify in a lot of scenarios. But if you are going to obfuscate, and you want it to be able easy as pie and reliable and good, then you can’t go far wrong in giving Red Gate your money.

I must admit I’d like more control over what {smartassembly} does in the build process. Currently it just runs the project you manually create, but it’d be nice to be able to control the obfuscation settings within MSBuild/Team Builds. Other than that, no complaints so far.

Print | posted on Sunday, October 10, 2010 10:30 AM | Filed Under [ Review ]


No comments posted yet.

Post Comment

Please add 8 and 1 and type the answer here:

Powered by:
Powered By Subtext Powered By ASP.NET