Security of Obfuscators

P

Pete Davis

This isn't directly a C# question, so I apologize for being somewhat off
topic, but we have a project that is open source. When we release, the
actual release builds will be obfuscated using string encryption. This is
necessary because a non-open source component will include some encryption
code.

My question is, does anyone have any experience with obfuscators using
string encryption, and more importantly, because this is open source, people
will actually have access to the rest of the source code in the project. I
guess what I'm concerned about is, if you had on your left, the source code
and on your right, the obfuscated code, would it be fairly easy to match
them up in such a way that you'd be able easily determine which section is
the part that isn't open source?

And furthermore, how secure is the string encryption in these obfuscators?

Thanks.

Pete
 
M

Mr. Mountain

considering that obfuscation is but a small barrier to a good reverse
engineer, I would venture to say that having the source code for much of the
project would probably reduce the obfuscation to a trivial impediment for
determined people.

also keep in mind that a good reverse engineer, who uses SoftICE and the
other tools of the trade well, doesn't have much problem reverse engineering
native code (which is certain more obfuscated than dotnet code with
metadata) and can even accomplish his task when fairly strong encryption has
been applied.

I don't know if this tool is applicable to your situation or not, but I've
heard that Salamander is one of the best tools...
http://www.remotesoft.com/linker/
 
P

Pete Davis

You have a good point. A really determined hacker will break it, and I'm not
too concerned about that. I mean, we're talkin about a game, not a bank
account or a list of credit card numbers. So I think there's going to be a
serious limit to the amount of determination someone is going to put into
hacking it.

I was reading about Salamander Protector on their site after I posted. It
looks really excellent. It's also a bit over my price range. I mean, this is
an open source project. I was actually willing to spend the $500 for an
obfuscator with string encryption, but $1900 is quite a different story.

Still trying to think of clever ways of handling this, but I'm running out
of ideas.

Pete
 
J

jpierce

Pete Davis wrote:
I was actually willing to spend the $500 for an
obfuscator with string encryption, but $1900 is quite a different story.
Click to expand...

Pete,

Our obfuscation feature in our Decompiler.NET product includes string
encryption as well as some other advanced features like the ability to
factor out the bodies of public members so they can be obfuscated
without hiding their public APIs. It is also priced at your $500 price
point and we provide unlimited free support and upgrades. We use the
product on itself for each version we ship. The product includes both
full obfuscation and full decompilation capabilities. The decompiler
feature of the generates high level readable source code that also
compiles and runs correctly. You can download a free trial version and
try it out for yourself at http://www.junglecreatures.com/
email: (e-mail address removed)

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/
 
J

jpierce

Pete Davis wrote:
I was actually willing to spend the $500 for an
obfuscator with string encryption, but $1900 is quite a different story.
Click to expand...

Pete,

Our obfuscation feature in our Decompiler.NET product includes string
encryption as well as some other advanced features like the ability to
factor out the bodies of public members so they can be obfuscated
without hiding their public APIs. It is also priced at your $500 price
point and we provide unlimited free support and upgrades. We use the
product on itself for each version we ship. The product includes both
full obfuscation and full decompilation capabilities. The decompiler
feature of the generates high level readable source code that also
compiles and runs correctly. You can download a free trial version and
try it out for yourself at http://www.junglecreatures.com/
email: (e-mail address removed)

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Obfuscators 5
Symmetric encryption keys 7
Security in windows forms apps 4
HELP: Password not found in ConnectionString for ADODB.Connection in v6.1 2
provider strings for CSV files? 4
Bletchley Park to become elite UK cyber defense school 5
Using RijndaelManaged 3
FreeDOS turns 25 years old: An origin story 2

Top