PreEmptive Protection - Dotfuscator
Community Edition User Guide

Understanding Obfuscation

Assemblies in the .NET Framework contain significant source code details, such as type and member names (even for private types) and instructions written in a high-level intermediate language. Dotfuscator's obfuscation transforms protect against reverse-engineering by removing these details from your assemblies while preserving the application's functionality.

Transforms

Dotfuscator Community Edition (Dotfuscator CE) offers basic protection with its renaming transform. This transform is aimed at making a human attacker's job harder by removing meaning from the names of types, members, and parameters.

Additional transforms, including those aimed at defeating automated decompilation, are exclusive to Dotfuscator Professional Edition.

Library Mode

Dotfuscator classifies input assemblies into two categories:

  • Library assembly: This assembly will be referenced by other assemblies not included in the Dotfuscator project.

  • Non-library assembly: This assembly is either stand-alone or is only referenced by other input assemblies.

Depending on the category of an input, Dotfuscator's transforms behave differently. In Community Edition, the most relevant difference is that the public types and publicly-accessible members of a library assembly are never renamed, because external assemblies may be referencing those code elements by name.

Inputs are assumed to be library assemblies unless Library Mode is explicitly turned off in the configuration of the input. If an input is not referenced by external assemblies, you may wish to disable Library Mode for that input, to increase the amount of renaming.

Smart Obfuscation

Smart Obfuscation is a feature of Dotfuscator which applies built-in obfuscation rules automatically for known API usage patterns and application types.

For example, if the assemblies use the names of a certain enumeration (via Enum.ToString(), etc.), Smart Obfuscation will automatically exclude that enumeration's members from renaming, as the names are probably significant to the code or to users.

Sometimes Smart Obfuscation can recognize that an action needs to be taken, but cannot determine what specific action to take because static analysis does not yield enough information. When this happens, Smart Obfuscation issues a warning instead.

When Smart Obfuscation is enabled (which it is by default), building the project can produce, in addition to normal Build Output, Smart Obfuscation information and warnings. These will be displayed as additional tabs in the lower section of the user interface.

Declarative Obfuscation

In addition to configuring obfuscation transforms through the Dotfuscator user interface, Dotfuscator also obeys configuration specified declaratively in the assembly via standard .NET attributes. This process is known as Declarative Obfuscation.

To enable Declarative Obfuscation:

  1. Annotate your code with obfuscation attributes as appropriate.

  2. Ensure that, for each relevant input assembly, the Honor obfuscation attributes option is enabled.

    • We strongly recommend you also enable the Strip obfuscation attributes option, as these attributes are not needed after Dotfuscator has processed the assemblies.
  3. Build your Dotfuscator project.

For instance, consider a method that is known to be called by reflection. If Dotfuscator renames this method, the reflection lookup will cause runtime errors.

The ObfuscationAttribute can be used on this method to indicate that it should be excluded from renaming, as in the following code.

Invoked via Reflection, Excluded from Renaming:

[System.Reflection.Obfuscation(Exclude=true, Feature="renaming")]
public void CalledFromReflection(int someValue) {

When Dotfuscator processes the assemblies produced by this source code, it will exclude the method from renaming, in addition to any exclusions configured in the project.



Dotfuscator Version 5.27.0.4713. Copyright © 2017 PreEmptive Solutions, LLC