Obfuscate

[RF]

Hi All,

I need some help from experts of preparing an application for obfuscation
and installation.

A solution with two projects:
1. I have a standard windows form app with an implemented custom
installer class.
2. I have a standard setup referencing the "output" of the above app and
implementing the custom actions from the custom installer class.

How can I package an obfucated version of the above solution? I've used the
built-in obfuscator (Dotfuscator) but it hasn't help me, or perhaps I'm
using Dotfuscator wrong!

Can someone point me towards the correct direction.

Thanks,

RF

 

[Jonathan Pierce]

If you are using a standard install project, you can add the
obfuscated dlls to your application directory so they get deployed
when you run the msi file.

If you are having issues with using your chosen obfuscator, you may
want to take a look at our Decompiler.NET product which includes full
obfuscation capabilities. It is much easier to use than other
obfuscator products since it requires no special configuration by the
nature of it's design and supports full COM Interop. It generates
obfuscated code which you can recompile and debug as well as relink
with other assemblies since it is the only obfuscator product which
produces obfuscated code that can be recompiled. It also replaces
string literals with method calls and encrypts their values in an
embedded resource. You can download a free trial version of the
product and see how well it works for your needs from
http://www.junglecreatures.com/
We bundle both the decompiler and obfuscator as a single product that
is priced lower than what comparable competitors are charging for
obfuscation alone.

Jonathan

 

[PreTech]

Hi RF,

You must be doing something wrong. The Community Edition will provide
perfectly good entry level obfuscation. Obviously, Professional
Edition does much more and is full integrated with VS.NET (unlike any
other obfuscator).
Also the best decompiler is "Reflector for .NET" which is absolutely
free.

-The Dotfuscator Team

 

[John Wood]

What kind of weird, twisted, sad advertising is this

 

[Alan Morgan]

I start to dislike the Decompiler.net ads as well.

 

[Jonathan Pierce]

Also the best decompiler is "Reflector for .NET" which is absolutely

free.

We are attempting to educate the developer community regarding new
options available to them regarding low cost and better tools for both
decompilation and obfuscation. I'm sorry that you are threatened by
the competition, but we are happy to compete with you based on product
merits and reproduceable examples, rather than biased opinions. The
reality is that there are many cases including this user's experience
where our product works correctly and runs well without requiring any
preconfiguration prior to obfuscation, where your product and others
do not in both the obfuscator and the decompiler marketplace.

You should try our product before forming an opinion about which
product is best. There is a reason that our product is not free and
our customers have decided to purchase it after having tested both it
and Reflector.

Please try to maintain a level of professionalism and make your claims
based on actual facts that can be substantiated after having actually
examined the products that you claim are not as good. We have sent
Lutz a lot of feedback regarding code generation issues in Reflector
that he has not yet had time to correct. The reality is that our
product generates higher level code which also compiles and runs
correctly which Reflector is unable to accomplish. We can provide many
common examples of both higher level code generation such as goto
elimination in switch statements, and of incorrect code generation by
Reflector where our product generates correct code. There are a lot of
subtle issues related to casting primitive types and manipulating
unsafe code for which other products including Reflector fail to
generate correct code. A good example would be the ILReader library
written by Reflector's author. Our product decompiles, recompiles, and
runs the library correctly while Reflector is unable to do the same
even with a library written by it's own author. We also are the only
decompiler which reads symbol files and retains local variable names.
We also do a much better job with unsafe code and COM Interop and each
release is produced by decompiling and recompiling itself with
obfuscation enabled. Our releases would not even compile or run
correctly if they did not generate correct code.

Here is a simple example that you can try if you don't believe me.
I've included the output from both products in case you are too lazy
to bother running them, but you can verify these statements yourself
by downloading and running our free trial version from
http://www.junglecreatures.com/.

We have reported these bugs and many others to the author of Reflector
the first day that Reflector 4.0 shipped over a month ago and they
have still gone unfixed. We have also reported and posted several
bugs, fixes, and extensions to him regarding his ILReader library.

Here is the original code written by one of our customers:
unsafe static bool unsafePointer(string s) {
char[] c = new char[10];
s.CopyTo(0,c,0,10);
fixed(char *p=c){
*(p+5) = 'x';
for (int i = 0; i < 10; i++)
if (*(p+i) == 'p')
return true;
}
return false;
}

Below is what the latest version of Reflector 4.0.5 does with it.
Reflector's generated code will not compile, and would not run
correctly even if it did because of incorrect pointer arithmetic.
Notice that the generated code is missing the fixed statement. It also
fails to convert the type of the value from 112 back to the char type
in the original code. Also, notice that the assignment local1[10] =
120; generated from *(p+5) = 'x'; assigns the wrong location in the
array because it doesn't account for the size of the pointer object.

private static bool unsafePointer(string s)
{
int num1;
char[] chArray1 = new char[10];
s.CopyTo(0, chArray1, 0, 10);
pinned ref char local1 = ref chArray1[0];
local1[10] = 120;
for (num1 = 0; (num1 < 10); num1 += 1)
{
if ((local1 + (num1 * 2)) == 112)
{
return true;

}

}
local1 = 0;
return false;

}

Now, Here is what Decompiler.NET produces. Notice that not only does
the code compile and run correctly, it retains the original local
variable names and actually improves on the original code by replacing
pointer arithmetic with array references.

static unsafe bool unsafePointer (string s)

{
char[] c;
c = new char[10];
s.CopyTo (0, c, 0, 10);
fixed (char* p = c)
{
p[5] = 'x';
for (int i = 0; (i < 10); i++)
{
if (p == 'p')
{
return true;
}
}
}
return false;
}

We will be extremely happy to discuss any real examples that you or
anyone else may have that compare our product to competitive products,
free or not, from both a quality and usability standpoint. We also
provide free updates, and much better support than anyone else by
posting improved versions with new features almost daily and we
respond to any customer issues immediately and would post fixed
versions within a day or so if a customer actually identified an
issue. We have a lot of very happy customers and so far, we have
identified any bugs before any of them even encountered them.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

 

[John Wood]

You have to understand that newsgroups are not a free advertising medium.
This whole thread appears to be concocted to create a platform from which
you can promote your product, and that's deceptive and out of line with the
essence of the unbiased peer-group support network that makes up newsgroups.

Also the best decompiler is "Reflector for .NET" which is absolutely
free.

We are attempting to educate the developer community regarding new
options available to them regarding low cost and better tools for both
decompilation and obfuscation. I'm sorry that you are threatened by
the competition, but we are happy to compete with you based on product
merits and reproduceable examples, rather than biased opinions. The
reality is that there are many cases including this user's experience
where our product works correctly and runs well without requiring any
preconfiguration prior to obfuscation, where your product and others
do not in both the obfuscator and the decompiler marketplace.

You should try our product before forming an opinion about which
product is best. There is a reason that our product is not free and
our customers have decided to purchase it after having tested both it
and Reflector.

Please try to maintain a level of professionalism and make your claims
based on actual facts that can be substantiated after having actually
examined the products that you claim are not as good. We have sent
Lutz a lot of feedback regarding code generation issues in Reflector
that he has not yet had time to correct. The reality is that our
product generates higher level code which also compiles and runs
correctly which Reflector is unable to accomplish. We can provide many
common examples of both higher level code generation such as goto
elimination in switch statements, and of incorrect code generation by
Reflector where our product generates correct code. There are a lot of
subtle issues related to casting primitive types and manipulating
unsafe code for which other products including Reflector fail to
generate correct code. A good example would be the ILReader library
written by Reflector's author. Our product decompiles, recompiles, and
runs the library correctly while Reflector is unable to do the same
even with a library written by it's own author. We also are the only
decompiler which reads symbol files and retains local variable names.
We also do a much better job with unsafe code and COM Interop and each
release is produced by decompiling and recompiling itself with
obfuscation enabled. Our releases would not even compile or run
correctly if they did not generate correct code.

Here is a simple example that you can try if you don't believe me.
I've included the output from both products in case you are too lazy
to bother running them, but you can verify these statements yourself
by downloading and running our free trial version from
http://www.junglecreatures.com/.

We have reported these bugs and many others to the author of Reflector
the first day that Reflector 4.0 shipped over a month ago and they
have still gone unfixed. We have also reported and posted several
bugs, fixes, and extensions to him regarding his ILReader library.

Here is the original code written by one of our customers:
unsafe static bool unsafePointer(string s) {
char[] c = new char[10];
s.CopyTo(0,c,0,10);
fixed(char *p=c){
*(p+5) = 'x';
for (int i = 0; i < 10; i++)
if (*(p+i) == 'p')
return true;
}
return false;
}

Below is what the latest version of Reflector 4.0.5 does with it.
Reflector's generated code will not compile, and would not run
correctly even if it did because of incorrect pointer arithmetic.
Notice that the generated code is missing the fixed statement. It also
fails to convert the type of the value from 112 back to the char type
in the original code. Also, notice that the assignment local1[10] =
120; generated from *(p+5) = 'x'; assigns the wrong location in the
array because it doesn't account for the size of the pointer object.

private static bool unsafePointer(string s)
{
int num1;
char[] chArray1 = new char[10];
s.CopyTo(0, chArray1, 0, 10);
pinned ref char local1 = ref chArray1[0];
local1[10] = 120;
for (num1 = 0; (num1 < 10); num1 += 1)
{
if ((local1 + (num1 * 2)) == 112)
{
return true;

}

}
local1 = 0;
return false;

}

Now, Here is what Decompiler.NET produces. Notice that not only does
the code compile and run correctly, it retains the original local
variable names and actually improves on the original code by replacing
pointer arithmetic with array references.

static unsafe bool unsafePointer (string s)

{
char[] c;
c = new char[10];
s.CopyTo (0, c, 0, 10);
fixed (char* p = c)
{
p[5] = 'x';
for (int i = 0; (i < 10); i++)
{
if (p == 'p')
{
return true;
}
}
}
return false;
}

We will be extremely happy to discuss any real examples that you or
anyone else may have that compare our product to competitive products,
free or not, from both a quality and usability standpoint. We also
provide free updates, and much better support than anyone else by
posting improved versions with new features almost daily and we
respond to any customer issues immediately and would post fixed
versions within a day or so if a customer actually identified an
issue. We have a lot of very happy customers and so far, we have
identified any bugs before any of them even encountered them.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/




"John Wood" <[email protected]> wrote in message

What kind of weird, twisted, sad advertising is this



above
app and perhaps
I'm

 

[Jonathan Pierce]

I start to dislike the Decompiler.net ads as well.

Alan,

These are not advertisements.

It is necessary for us to refute false unsubstantiated negative
statements that you make about our products in public forums. Aside
from announcements, we only post information about our products in
response to postings in public forums that mislead readers with
inaccurate information about our products. If you don't want to see
our products promoted, then you should stop making unsubstantiated
negative and inaccurate statements about them since these will always
induce us to respond asking you to support your inaccurate accusations
and unsubstantiated claims.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

 

[John Wood]

I think you need to go see a doctor and get treatment for your delusions.

 

[Jonathan Pierce]

You have to understand that newsgroups are not a free advertising medium.
This whole thread appears to be concocted to create a platform from which
you can promote your product, and that's deceptive and out of line with the
essence of the unbiased peer-group support network that makes up newsgroups.

John,

There are very few products available that solve the issues asked
about in this thread by this user, and most of the ones that do exist
are inferior to ours so it is important for us to communicate the
existence of our newly available product to the developer community
that directly solves this user's problems.

Perhaps you should re-read the thread. The original post was from a
user asking a technical question regarding how he might be able to
successfully obfuscate his code into dlls and distribute them with the
standard installer. He also mentioned that he was having problems
configuring his chosen obfuscator to work correctly.

"I need some help from experts of preparing an application for
obfuscation
and installation."

I responded with a technical answer directly relevant to his question
about packaging dlls and distributing them with the standard
installer. I also suggested that he consider using our obfuscator
product since he was having trouble configuring the one he was using
and our product requires no pre-configuration prior to obfuscating.

This is a perfectly reasonable response and all of the different
product vendors suggest their products in these forums when users
haven't which product best meets their needs, are having problems with
their current selected product, or are asking about whether other
products exist that can better serve their needs.

The discussion didn't change into a product specific discussion until
you began making negative statements about our product and we were
forced to respond by asking you to back them up with facts, and to
defend our product to the developer community agaist your inaccurate
and unsubstantiated accusations.

Jonathan

 

[Jonathan Pierce]

John,

Anyone reading this thread can sse that I have kept the discussion to
technical issues in a professional manner, and you and Alan have tried to
change the focus to peripheral non-technical issues that are inappropriate
for this forum. The original post in this thread was a technical question by
a user. The response was from one of our competitors who included in his
response his opinion about what he thought was the best decompiler. We
attempted to offer reliable relevant information to the original user
regarding a technical solution that he might be interested in to tesolve his
issue and give our competitor the opportunity to support their claims
regarding their opinion that the free product that they use is superior to
our commercial one. We have continuously asked for reproduceable examples
and have offered examples that substantiate our claims both with regard to
product quality and the level of support that we provide. Since then, both
you and Alan Morgan jumped into the technical discussion and started stating
your own opinions and making unsubstantiated negative statements about our
products to the technical community. Rather than refuting out claims with
evidendiary support, you both have introduced argumentative opinions in an
attempt to distort developers perceptions about the available products in
the marketplace that serve their needs. We desire to keep these discussions
as technical and relevant as possible, but so far, the two of you have
posted in multiple threads inaccurate and unsubstantiated claims, and your
responsese have ranged from inapproriate complaints about advertising,
unfounded licenseing issues, objections to our receiving any income to
support our product development efforts, and now personal attacks on the
author and owner of one of the vendor's products that serve the developer
community. You might want to consider being more grateful that we and other
vendors like us have taken the time to build extremely high quality
developer tools that fill a need for developers in this forum, at a cost
that does not even begin to justify the development cost of these products.
Our Decompiler.NET product has been under development for over two years,
and the token amount that we charge for it is insignificant compared to the
value it has provided to our customers, and the cost of developing such an
extensive solution for a very small market. The reality is that our product
works better than both the free ones being offered and our comparable
competitor's products which are being sold at significantly higher prices.
Our customers have also told us that we provide significantly better support
to them, and we can demonstrate that statement with our response time
compared to the response time of our competitors who still have outstanding
bugs in their products that are over a month old.

Once again, I urge you to try to keep your posts in these forums relevant to
the forum and topic of the particular post, technical in nature, and provide
reproduceable examples and claims that can be supported with substantiated
facts rather than argumentative and irrelevant unsubstantiated opinions that
no moderated judicial or arbitrated process would allow.

I hope that I have helped you to understand.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

 

[John Wood]

touché

John,

Anyone reading this thread can sse that I have kept the discussion to
technical issues in a professional manner, and you and Alan have tried to
change the focus to peripheral non-technical issues that are inappropriate
for this forum. The original post in this thread was a technical question by
a user. The response was from one of our competitors who included in his
response his opinion about what he thought was the best decompiler. We
attempted to offer reliable relevant information to the original user
regarding a technical solution that he might be interested in to tesolve his
issue and give our competitor the opportunity to support their claims
regarding their opinion that the free product that they use is superior to
our commercial one. We have continuously asked for reproduceable examples
and have offered examples that substantiate our claims both with regard to
product quality and the level of support that we provide. Since then, both
you and Alan Morgan jumped into the technical discussion and started stating
your own opinions and making unsubstantiated negative statements about our
products to the technical community. Rather than refuting out claims with
evidendiary support, you both have introduced argumentative opinions in an
attempt to distort developers perceptions about the available products in
the marketplace that serve their needs. We desire to keep these discussions
as technical and relevant as possible, but so far, the two of you have
posted in multiple threads inaccurate and unsubstantiated claims, and your
responsese have ranged from inapproriate complaints about advertising,
unfounded licenseing issues, objections to our receiving any income to
support our product development efforts, and now personal attacks on the
author and owner of one of the vendor's products that serve the developer
community. You might want to consider being more grateful that we and other
vendors like us have taken the time to build extremely high quality
developer tools that fill a need for developers in this forum, at a cost
that does not even begin to justify the development cost of these products.
Our Decompiler.NET product has been under development for over two years,
and the token amount that we charge for it is insignificant compared to the
value it has provided to our customers, and the cost of developing such an
extensive solution for a very small market. The reality is that our product
works better than both the free ones being offered and our comparable
competitor's products which are being sold at significantly higher prices.
Our customers have also told us that we provide significantly better support
to them, and we can demonstrate that statement with our response time
compared to the response time of our competitors who still have outstanding
bugs in their products that are over a month old.

Once again, I urge you to try to keep your posts in these forums relevant to
the forum and topic of the particular post, technical in nature, and provide
reproduceable examples and claims that can be supported with substantiated
facts rather than argumentative and irrelevant unsubstantiated opinions that
no moderated judicial or arbitrated process would allow.

I hope that I have helped you to understand.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/