List of obfuscators for .NET
When your .NET project is compiled Visual Studio generates an assembly containing Microsoft Intermediate Language (MSIL) instructions, managed resources and meta data describing the types, methods, properties, fields and events in the assembly.
Obfuscation is the process of renaming this meta-data in an Assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. It does not modify the actual instructions or mask them from observation by a hacker.
There are quite a few .NET obfuscators out there, this list includes most of the solutions available in market today. Different obfuscators support different protection methods, however many share common features which can be used for the purpose of comparison. The list is followed by a brief explanation of each one of the features on which the comparison is based on.
|Name||Price||Last Release||Tamper Defense||Anti Decompiler||String Encryption||Control Flow Obfuscation||Compression||Code Encryption||Code Virtualization|
|Eziriz .NET Reactor||$179||2014||yes||yes||yes||yes||yes||yes||no|
Name obfuscation changes the name of your classes and methods to unreadable characters, making your code harder to understand. Name obfuscation makes the decompiled source harder to understand but the overall flow of the code is not obscured.
Managed software stores all the strings in one place and in a clear structure. This makes it easy to find the strings in a decompiled assembly. By following the references to these strings, it may be possible to understand the purpose of your code, even after obfuscation. String encryption works by moving all user strings to an encrypted block of storage. When needed, the runtime executive decrypts the string in memory.
Control Flow Obfuscation
Control flow obfuscation is about modifying the program so that it yields the same result when run, but is impossible to decompile into a well-structured source code and is more difficult to understand. Most code obfuscators would replace MSIL instructions produced by a .NET compiler with gotos and other instructions that may not be decompiled into valid source code.
Code encryption protects the MSIL instructions by encrypting them and stripping the original instructions from the assembly, encrypted instructions are kept in a secure storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the MSIL as needed.
Code virtualization converts your MSIL code into Virtual Opcodes that will only be understood by a secure Virtual machine. As opposed to protecting MSIL code through encryption where the encrypted code must be decrypted back into MSIL before it can be executed by the CLR, Code Virtualization use a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation, code is never translated back to its original form, instead the virtual machine emulates the original code behavior. Code Virtualization can significantly degrade performance and make debugging very difficult.