Obfuscator

[Peter Morris]

Hi all

I am happy to say that I was recently proven wrong in this group about
obfuscation. Now my boss wants to help protect the source to his
application so my question is, what was the name of the tool used to
obfuscate the DLL published?


Thanks


Pete

 

[Cowboy \(Gregory A. Beamer\)]

If you mean the one I published with, it was CodeVeil:
http://www.xheo.com/products/codeveil/

There are others you can consider, but CodeVeil is the best price/value
option IMO. Things to consider (by my tests):

Dotfuscator Pro
RemoteSoft Salamander
Wise Owl Demeanor

Each of these is about 2x as expensive as CodeVeil. There are some absolute
pieces of garbage out there, which is probably why we got into the
discussion (aka argument?) in the first place. Dotfuscator Visual Studio,
for example (the free version) is just a symbol renamer, as is the free
version of Skater.Net.

There are others you can try, if you would like:
http://sharptoolbox.com/categories/code-protectors-obfuscators

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

*************************************************
| Think outside the box!
|
*************************************************

 

[Peter Morris]

I use VS2005 for the app in question. The solution has an installer project
which works on the primary output of other projects. Does CodeVeil allow me
to slot it into the build process so that the DLL's are protected before the
MSI file is built?


Pete

 

[Cowboy \(Gregory A. Beamer\)]

Not sure about that Peter.

If there is a command line in CodeVeil (will have to check), you should be
able to add it to the compiler line, but I have not personally checked
whether or not you can set it up in that way. I am also not sure if any of
the better obfuscators can do what you desire.

I know you can rip apart MSIs with some of the platform tools and replace
bits, including the files it will exract, but I have not played with any of
the tools, so I am not sure how effective. That would end up being a
separate build step for MSIs you are shipping, and I am not sure if can
easily be automated.

I wish I had better news, but I will try to find if CodeVeil can be
contacted via command line as an after step of compilation. If so, there
might be hope.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

*************************************************
| Think outside the box!
|
*************************************************

 

[Cowboy \(Gregory A. Beamer\)]

Okay, here is a partial answer, as it will not solve what you are doing
directly.

You can veil from the command line with the following post-build event
command line (project >> properties >> build events):

C:\CodeVeil\cve.exe $(TargetPath)

So, to veil and then copy the file to the location expected, you would use:

C:\CodeVeil\cve.exe $(TargetPath)
copy $(TargetDir)\Veiled\$(TargetFileName) $(TargetPath)

But you probably want to clean up the bogus veiled directory, so here is the
post-build with cleanup.

C:\CodeVeil\cve.exe $(TargetPath)
copy $(TargetDir)\Veiled\$(TargetFileName) $(TargetPath)
rmdir /s /q $(TargetDir)\Veiled

NOTE: There are options with COdeVeil that you may want to explore. By
default, it obfuscates, but it does not encrypt, so you should check out
this page:
http://tinyurl.com/28mp9d

This may lead you to do something like the following to ensure strings,
resources and blobs are encrypted:

C:\CodeVeil\cve.exe /ox+ /er+ /es+ /er+ $(TargetPath)
copy $(TargetDir)\Veiled\$(TargetFileName) $(TargetPath)
rmdir /s /q $(TargetDir)\Veiled

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************
| Think outside the box!
|
*************************************************