Dotfuscator User's Guide
Observing and Understanding Obfuscated Output

Step 1 – Using a Disassembler

The .NET Framework SDK ships with a disassembler utility called ildasm that allows you to decompile .NET assemblies into IL Assembly Language statements. To start ildasm , make sure that the .NET Framework SDK is installed and in your path. Type ildasm on the command line.

Note: If this does not work and Visual Studio is installed, then ildasm is not in your path. To open a Visual Studio command prompt, click start > Visual Studio [version] > Visual Studio Tools > Visual Studio [version] Command Prompt. Type ildasm.
Path
Copy Code
C:\Program Files (x86)\PreEmptive Solutions\Dotfuscator Professional Edition 4.x\samples\GettingStarted\bin\Debug

 

Path
Copy Code
C:\Program Files (x86)\PreEmptive Solutions\Dotfuscator Professional Edition 4.x\samples\GettingStarted\Dotfuscated.

 

Un-Encrypted String:
Copy Code
IL_0000:  ldstr      "Hello, my name is "

Now view the obfuscated version, and try to find the above string. If you’re having trouble finding it, it’s because it’s encrypted and looks like the following:

Encrypted String:
Copy Code
IL_0000: ldstr bytearray (09 42 26 44 29 46 2B 48 26 4A 67 4C 6D 4E 22 50  
                          28 52 73 54 3B 56 36 58 34 5A 3E 5C 7D 5E 36 60  
                          12 62 43 64 )

You can imagine how confusing this can be for attackers who are trying to reverse-engineer the code, especially with more complex applications.

Step 2 –Decompiling

If you're thinking your source code is accessible only to a small circle of technical folks who actually know IL Assembly Language, think again. You can take this a step further and actually recreate the source code from our application by using a decompiler such as Reflector. These utilities can decompile a .NET assembly directly back to a high level language like C#, VB .NET, or Managed C++.

In this section we use Reflector for .NET, from http://www.red-gate.com/products/reflector/.

Running .NET Reflector against the obfuscated GettingStarted.exe file and trying to examine a method such as a()displays the following:

Run .NET Reflector Against GettingStarted.exe
Copy Code
This item appears to be obfuscated and can not be translated.

Thus, Dotfuscator successfully prevented a major decompiler from reverse engineering your obfuscated code.

See Also

 

 


© 2016 PreEmptive Solutions, LLC. All Rights Reserved.

www.preemptive.com