z said:
which is the best reasonable price tool for code encryption /
dotfuscation? I found that the dotfuscator community edition only
rename method names but does not encrypt actual implementation.
If someone can share from their experience it will very help.
I have been checking out several products over the last couple of days and
so far they all appeared useless to me.
Two of them who's names I won't mention crashed my app. One in a
reproducable way, the other just once which made me shy away from it just
the same. They wrap your assembly in a Win32 executable and unpack them on
the fly without producing files on disk. This is not absolutely save
(someone smart could find a way to dump the memory and take it from there)
but any attack would not be easy. The good part of this approach is that
your app, although from the outside no longer a .NET assembly, remains
unchanged an the IL that ultimately gets fed to the CLR will be your
original code (or so it should be, in theory, it crashed nontheless claiming
something went wrong in the default app domain and there's no way to debug
it). You original code being fed to the CLR is important, here's why.
After coming to the point that I would not trust the wrapper-type approach,
I continued with Dotfuscator which appeared to be no good either. I wrote
this magnificent framework that persists objects to XML and back. Each of
these classes has a constructor that takes an XmlElement which is used to
initialize the object. On the other end, it produces XmlElement objects when
the objects is about to be inserted in a DOM, using the class name for an
element name. The framework supports writing any common simple type
including enumerated types to XML attrubutes. To do that, it uses
reflection. Nothing fancy, just "Class.ToString()" and GetType().Name.
Now, do you already see what sucks here? Obfuscation can break your code.
Checking validity of XML input by comparing element names to class names is
not much good after your obfuscator just renamed "Configuration" to "dd".
Even writing enumerated type names will fail. Say I have
enum Colors { Red, Green, Blue }
and I start my app. My smart framework will complain that "Red" is not valid
attribute value, that valid names would be "aa", ac" or "d". Don't you love
it?
Now, you can exclude namespaces from obfuscation (which defeats its purpose
entirely) but the enumerations do not come from the configuration namespace
exlusively. I am only describing what I found so far, after I fix this (and
I'm not sure I will continue to try), who knows what the next bang will be
and I will never be sure I nailed down all the issues that may occur in
runtime.
What I want is some sort of public-private key protection that encrypts my
assembly and a platform I can trust. I can't wat to get the DRM stuff that
all those idiots claim to hate so much, it seems the only way to keep your
stuff safe in more than just the anti-hacking way.
Regards, Martin.
