This page focuses on the capabilities of Dotfuscator Community Edition (Dotfuscator CE) with some references to advanced options available through upgrades.
Dotfuscator is a post-build system for .NET applications. With Dotfuscator CE, Visual Studio users are able to obfuscate assemblies and inject active defense and application telemetry into the application – all without Dotfuscator needing to access the original source code. Dotfuscator protects your application in multiple ways, creating a layered protection strategy.
Intellectual Property Protection
Your application's design, behavior, and implementation are forms of intellectual property (IP). However, applications created for the .NET Framework are essentially open books; it's very easy to reverse engineer .NET assemblies, as they contain high-level metadata and intermediate code.
Dotfuscator CE includes basic .NET obfuscation in the form of renaming. Obfuscating your code with Dotfuscator reduces the risk of unauthorized access to source code through reverse engineering, as important naming information will no longer be public. Obfuscation also shows effort on your part to protect your code from examination - a valuable step in establishing that your IP is legally protected as trade secret.
Many of the application integrity protection features of Dotfuscator CE further hinder reverse engineering. For instance, a bad actor may attempt to attach a debugger to a running instance of your application in order to understand the program logic. Dotfuscator can inject anti-debug behavior into your application to obstruct this.
Application Integrity Protection
In addition to protecting your source code, it's also important to ensure your application is used as designed. Attackers can attempt to hijack your application in order to circumvent licensing policies (i.e., software piracy), to steal or manipulate sensitive data handled by the application, or to change the behavior of the application.
Dotfuscator CE can inject application validation code into your assemblies, including anti-tamper and anti-debug measures. When an invalid application state is detected, the validation code can call upon application code to address to the situation in an appropriate way. Or, if you prefer not to write code to handle invalid uses of the application, Dotfuscator can also inject telemetry reporting and response behaviors, without requiring any modification to your source code.
Many of these same methods may also be used to enforce end-of-life deadlines for evaluation or trial software.
When developing an application, it is critical to understand the behavior patterns of users, including beta testers and users of prior versions. Instrumentation allows you to track how frequently the application is used and how it is used, including what errors customers experience.
Dotfuscator CE can inject exception-tracking, session-tracking, and feature-tracking code into your application. When run, the processed application will transmit telemetry to a configured PreEmptive Analytics endpoint.