List of obfuscators for .NET

From Wikipedia, the free encyclopedia
Jump to: navigation, search

When your .NET project is compiled Visual Studio generates an assembly containing Microsoft Intermediate Language (MSIL) instructions, managed resources and meta data describing the types, methods, properties, fields and events in the assembly.

Obfuscation is the process of renaming this meta-data in an Assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. It does not modify the actual instructions or mask them from observation by a hacker.

There are quite a few .NET obfuscators out there, this list includes most of the solutions available in market today. Different obfuscators support different protection methods, however many share common features which can be used for the purpose of comparison. The list is followed by a brief explanation of each one of the features on which the comparison is based on.

Name Price Last Release Tamper Defense Anti Decompiler String Encryption Control Flow Obfuscation Compression Code Encryption Code Virtualization
Agile.NET $795 2013 yes yes yes yes yes yes yes
Babel Obfuscator €115.0-€245.0 2014 yes yes yes yes yes yes yes
Crypto Obfuscator $149–$4469 2013 yes yes yes yes yes yes yes
Confuser free 2013 yes yes yes yes  ?  ?  ?
Dotfuscator On request 2014 yes yes yes yes yes no no
Eazfuscator.NET $399 2014 yes yes yes yes yes no (why) yes
Eziriz .NET Reactor $179 2014 yes yes yes yes yes yes no
Obfuscar free 2014 yes yes yes no no no no
Salamander $1899 2006 yes  ?  ? no  ? no no
SharpObfuscator free 2007 yes no no no no no no
Smart Assembly $993–$1493 2013 yes yes yes yes yes no no
Spices $399.90-$6,499.90 2013 yes yes yes yes yes no no

Name Obfuscation[edit]

Name obfuscation changes the name of your classes and methods to unreadable characters, making your code harder to understand. Name obfuscation makes the decompiled source harder to understand but the overall flow of the code is not obscured.

String Encryption[edit]

Managed software stores all the strings in one place and in a clear structure. This makes it easy to find the strings in a decompiled assembly. By following the references to these strings, it may be possible to understand the purpose of your code, even after obfuscation. String encryption works by moving all user strings to an encrypted block of storage. When needed, the runtime executive decrypts the string in memory.[1]

Control Flow Obfuscation[edit]

Control flow obfuscation is about modifying the program so that it yields the same result when run, but is impossible to decompile into a well-structured source code and is more difficult to understand. Most code obfuscators would replace MSIL instructions produced by a .NET compiler with gotos and other instructions that may not be decompiled into valid source code.

Code Encryption[edit]

Code encryption protects the MSIL instructions by encrypting them and stripping the original instructions from the assembly, encrypted instructions are kept in a secure storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the MSIL as needed.

Code Virtualization[edit]

Code virtualization converts your MSIL code into Virtual Opcodes that will only be understood by a secure Virtual machine. As opposed to protecting MSIL code through encryption where the encrypted code must be decrypted back into MSIL before it can be executed by the CLR, Code Virtualization use a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation, code is never translated back to its original form, instead the virtual machine emulates the original code behavior. Code Virtualization can significantly degrade performance and make debugging very difficult.

See also[edit]