Application Deployment

  • Thread starter Thread starter Symeonb
  • Start date Start date
S

Symeonb

Hi There, I am starting a project to choose the best method and tools
to deploy our c# app - it probably needs to include obfuscation, maybe
some for of encryption/source code protection etc and certainly be
able to run without the framework being previously installed. I know
there are a few products out there - Can anyone recommend some/give
some advise on what to look for etc


Thanks
Symeon
 
For obfuscation, you want more than just symbol renaming. Most of the
products at this level cost a bit more, however, so you have to figure
budget, as well. If it is shrink wrap wear, it is probably worth the grand
you have to throw down (roughly).

I have tried Dotfuscator Pro and it does a nice job. I am more thrilled with
CodeVeil, but it does more than just obfuscate and will prevent decompile in
Reflector. Salamander (remotesoft.com) is also good at "breaking" the
decompilers. I have heard that Wise Owl's obfuscator (Demeanor) is very
good, as well, but have not contacted Brent Rector for a copy to play with,
so I cannot guarantee anything.

If you are just heading for obfuscation, I would look at symbol overloading
(using the same symbol for multiple routines, variables, etc.) and one that
uses symbols outside of the normal Ascii range (aka unprintable characters).
This will not prevent decompile, but will make it very difficult. And, you
can find cheaper obfuscators that do this. If you just obfuscate to this
level, you will stop the casual user from decompiling and stealing your
proprietary info.

Other things to look for:
1. Removal of unneeded symbols and metadata - this will help speed up the
assembly some (load time) and possibly make decompile harder.
2. Encryption of string literals - Otherwise, they are open text to anyone
opening an assembly in a text editor
3. Control Flow Obfuscation - makes decompiled code harder to figure out.

In the past, I tried Spices.Net and was not particularly thrilled. I was
also not really thrilled with the lesser-software.com (LSW) obfuscator or
Apose's. Apose is free, however, so I cannot really complain. Dan Appleman,
of Desaware, also has a free obfuscator (buy an eBook and get the
obfuscator), but realize it "breaks some rules" of the CLR. Please note,
however, that I have not retried these products lately, so they may have
improved.

My fave, right now, is CodeVeil, as mentioned.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

*************************************************
| Think outside the box!
|
*************************************************
 
For obfuscation, you want more than just symbol renaming. Most of the
products at this level cost a bit more, however, so you have to figure
budget, as well. If it is shrink wrap wear, it is probably worth the grand
you have to throw down (roughly).

I have tried Dotfuscator Pro and it does a nice job. I am more thrilled with
CodeVeil, but it does more than just obfuscate and will prevent decompile in
Reflector. Salamander (remotesoft.com) is also good at "breaking" the
decompilers. I have heard that Wise Owl's obfuscator (Demeanor) is very
good, as well, but have not contacted Brent Rector for a copy to play with,
so I cannot guarantee anything.

If you are just heading for obfuscation, I would look at symbol overloading
(using the same symbol for multiple routines, variables, etc.) and one that
uses symbols outside of the normal Ascii range (aka unprintable characters).
This will not prevent decompile, but will make it very difficult. And, you
can find cheaper obfuscators that do this. If you just obfuscate to this
level, you will stop the casual user from decompiling and stealing your
proprietary info.

Other things to look for:
1. Removal of unneeded symbols and metadata - this will help speed up the
assembly some (load time) and possibly make decompile harder.
2. Encryption of string literals - Otherwise, they are open text to anyone
opening an assembly in a text editor
3. Control Flow Obfuscation - makes decompiled code harder to figure out.

In the past, I tried Spices.Net and was not particularly thrilled. I was
also not really thrilled with the lesser-software.com (LSW) obfuscator or
Apose's. Apose is free, however, so I cannot really complain. Dan Appleman,
of Desaware, also has a free obfuscator (buy an eBook and get the
obfuscator), but realize it "breaks some rules" of the CLR. Please note,
however, that I have not retried these products lately, so they may have
improved.

My fave, right now, is CodeVeil, as mentioned.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

*************************************************
| Think outside the box!
|
Click to expand...


Thanks for the info - FYI we have decided to use Softinstall from
bitfactory software - it has a lot of what we are looking for and
talking to the guys there they have some exciting new stuff to come.



Rgds
Symeon.
 
Back
Top