Re: Security of Obfuscators

From: Mr. Mountain (mtnbikn_at_mediaone.net)
Date: 12/18/04 

Date: Sat, 18 Dec 2004 04:36:17 GMT

considering that obfuscation is but a small barrier to a good reverse
engineer, I would venture to say that having the source code for much of the
project would probably reduce the obfuscation to a trivial impediment for
determined people.

also keep in mind that a good reverse engineer, who uses SoftICE and the
other tools of the trade well, doesn't have much problem reverse engineering
native code (which is certain more obfuscated than dotnet code with
metadata) and can even accomplish his task when fairly strong encryption has
been applied.

I don't know if this tool is applicable to your situation or not, but I've
heard that Salamander is one of the best tools...
http://www.remotesoft.com/linker/

"Pete Davis" <pdavis68@NOSPAM.hotmail.com> wrote in message
news:goGdndYjOpvYMV7cRVn-hQ@giganews.com...
> This isn't directly a C# question, so I apologize for being somewhat off
> topic, but we have a project that is open source. When we release, the
> actual release builds will be obfuscated using string encryption. This is
> necessary because a non-open source component will include some encryption
> code.
>
> My question is, does anyone have any experience with obfuscators using
> string encryption, and more importantly, because this is open source,
people
> will actually have access to the rest of the source code in the project. I
> guess what I'm concerned about is, if you had on your left, the source
code
> and on your right, the obfuscated code, would it be fairly easy to match
> them up in such a way that you'd be able easily determine which section is
> the part that isn't open source?
>
> And furthermore, how secure is the string encryption in these obfuscators?
>
> Thanks.
>
> Pete
>
>

Relevant Pages

  • Re: Security of Obfuscators
    ... > serious limit to the amount of determination someone is going to put into ... >> considering that obfuscation is but a small barrier to a good reverse ... >> also keep in mind that a good reverse engineer, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Security of Obfuscators
    ... serious limit to the amount of determination someone is going to put into ... obfuscator with string encryption, but $1900 is quite a different story. ... > considering that obfuscation is but a small barrier to a good reverse ... but we have a project that is open source. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: obfuscation question
    ... Some obfuscators provide a "string encryption" feature, ... embedded "encryption" algorithm to change application string values. ... application source code is not a good idea. ... to other resources, such as articles about obfuscation, which you may find ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Security of Obfuscators
    ... Pete Davis wrote: ... > obfuscator with string encryption, but $1900 is quite a different ... Our obfuscation feature in our Decompiler.NET product includes string ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Security of Obfuscators
    ... Pete Davis wrote: ... > obfuscator with string encryption, but $1900 is quite a different ... Our obfuscation feature in our Decompiler.NET product includes string ...
    (microsoft.public.dotnet.languages.csharp)