PreEmptive logo

Dotfuscator: Code Obfuscation
Techniques & Features

Discover the features Dotfuscator offers and how they can help you get the protection your app needs.

App hardening is essential for protecting your work and keeping your users safe. However, to have a truly secure application, you need to take a layered approach to security with multiple code obfuscation techniques in place.

Discover the features Dotfuscator offers and how they can help you get the protection your app needs.

PreEmptive Protection Dotfuscator Professional Config Editor view on laptop

Benefits of Code Obfuscation & App Hardening

Code obfuscation is one of the most robust security techniques developers can use to protect their applications against hackers. The world’s top cybersecurity experts recommend it as a baseline security measure because it’s an ideal defense mechanism against hacking attempts.
As a line of defense for your applications, obfuscating your code can prevent the most common types of attacks, including:
  • Code injection
  • Reverse engineering
  • Unauthorized debugging
  • Tampering with user data
app hardening icon
In short, it allows you to take a layered approach to application hardening and security, making your products safer for users and protecting your brand reputation.
While adding one type of security measure helps your application stay more secure, using additional layers of security makes it a harder, less enticing target for hackers.

Obfuscate Your Code & Reduce Risk Today

Code Obfuscation Methods with Dotfuscator

Renaming for Code Obfuscation

One of the most basic and essential forms of C# code obfuscation is renaming. Renaming obfuscation tools change the names of methods, variables, and other elements in your code to make them harder for hackers to understand.
Dotfuscator uses a deeper, customized form of renaming obfuscation called Overload Induction™. Instead of substituting just one new name for each old name of an element, Overload Induction renames as many methods as possible, giving them all the same name to make them harder to decode. This deep obfuscation makes your code impossible to comprehend.
Here is an example of the Overload Induction technique in action:
Before and after rename obfuscation example image

Control Flow for C#

As a C# code obfuscation tool, traditional control flow obfuscation introduces false conditional statements and misleading constructs to confuse and break decompilers. The process combines branching, conditional, and iterative constructs that produce valid logic, but yield non-deterministic semantic results when a hacker attempts to decompile them.
Instead, Dotfuscator’s control flow obfuscation produces spaghetti logic that can be very difficult for a hacker to analyze.
In addition to adding misleading code constructs, Dotfuscator destroys the code patterns decompilers use to replicate source code. In turn, the obfuscated code is semantically equivalent to the original but leaves no traceable clues for how it was written. The process is similar to a cipher machine, only it’s even harder to crack.
Even if a hacker has one of the most sophisticated decompiling tools on the market, its output will be pure guesswork due to the complexity of the obfuscated C# code.
Control Flow before and after

C# String Encryption

A common hacking technique is to locate critical code sections by looking for string references inside the binary code, known as user strings. For example, if your application is time-locked, it may display a message when the user has used the app for a set amount of time.
Before and after string encryption example image
Hackers search for the timeout message in the code they’ve decompiled. Once they find it, that makes it much easier for them to compromise the algorithm you’re using.

Dotfuscator allows you to encrypt user strings in the sensitive areas of your application, adding an extra barrier to your code. Since string encryption incurs a slight runtime penalty, it will also only perform string encryption on the parts of the app that you specify.

Code Watermarking

As a form of mobile app code obfuscation, Dotfuscator’s watermarking tool helps you more easily track unauthorized copies of your software back to the source. It does this by embedding data such as copyright information or unique identification numbers into your .NET application without impacting its runtime behavior.

It also doesn’t increase the size of the app’s files or introduce metadata that could break your application and cause performance issues.
Watermarking icon

Pruning Features

Just like a speedboat can sail and maneuver faster than a cruise ship, small applications can download, install, load, and run faster than their larger counterparts. Dotfuscator includes pruning features that use static code analysis to find unused types, methods, and fields in your code and remove them.

Dotfuscator also removes debug information and non-essential metadata from your files as it processes them, shrinking both the application’s file size and the amount of data it has available for hackers to exploit.
Code removal icon

Assembly Linking

Dotfuscator combines multiple input assemblies into one output assembly. Linking assemblies can shrink your app’s attack surface area even further, especially when you combine it with other obfuscation methods like renaming and pruning.

The only rule for linking input assemblies is that you can’t link the same input assembly into multiple output assemblies.
Code merge icon

Tamper Defense & Detection

Dotfuscator injects code that verifies your application’s runtime integrity. If it detects tampering, it can shut down the application, invoke random crashes to disguise its tamper checks, or perform other custom actions to disrupt hacking attempts while they’re happening.

For more information on Dotfuscator’s tamper defense capabilities, see our Tamper Defense Fact Sheet.
Anti tamper icon

Checks for Debug Detection & Protection

Checks are prebuilt validations Dotfuscator can inject into your .NET apps. They enable your apps to detect instances of unauthorized use like tampering or debugging attempts.

Dotfuscator’s Checks can also react to these unauthorized use attempts with preset actions and behaviors based on the results they find, such as forcing the user to exit the app and sending you a report about the results. You can configure these reporting and response features for each check, so your apps can respond to detections differently as needed.
Anti debugging icon

Shelf Life

Shelf Life is an app inventory management feature that allows you to embed expiration and notification logic into your code. Dotfuscator will then react to your application’s expiration logic by forcing the user to exit or sending a message saying their session had timed out.

This feature is a great choice for beta or evaluation applications. It allows developers to schedule an application’s expiration or deactivation for a specified date and issue warnings to users that the application will expire in a set number of days.
Shelf life icon

Root Check for Xamarin.Android

Rooted devices can be a major security concern for apps on Android. However, Dotfuscator can detect when your app is running on a rooted device, either offline or on a network. This allows your developers to abort the session, quarantine the app, or report the incident to prevent a data breach.
Opaque insertion icon

Taking a Risk-Based Approach to App Security

Application security is essential for both protecting intellectual property and your users’ private information.
Similarly, failure to take extra steps to protect your app can result in:
Failure to take extra steps to protect your app can result in: Intellectual property loss, Revenue loss, User personal information theft, Credit card or banking information theft, Lawsuits, Brand reputation damage

Make Dotfuscator Your Code Obfuscation Tool

App hardening is easy with the right tools.

Request a quote to learn how Dotfuscator can make your app more secure, or start a free trial today.
app hardening