Re: Security of Obfuscators

From: Mr. Mountain (mtnbikn_at_mediaone.net)
Date: 12/19/04 

Date: Sun, 19 Dec 2004 02:47:04 GMT

if you want ideas, try http://www.woodmann.com/crackz/
Maybe the author of this site will give you some good suggestions

"Pete Davis" <pdavis68@NOSPAM.hotmail.com> wrote in message
news:l5udnekiuONXp1ncRVn-sg@giganews.com...
> You have a good point. A really determined hacker will break it, and I'm
not
> too concerned about that. I mean, we're talkin about a game, not a bank
> account or a list of credit card numbers. So I think there's going to be a
> serious limit to the amount of determination someone is going to put into
> hacking it.
>
> I was reading about Salamander Protector on their site after I posted. It
> looks really excellent. It's also a bit over my price range. I mean, this
is
> an open source project. I was actually willing to spend the $500 for an
> obfuscator with string encryption, but $1900 is quite a different story.
>
> Still trying to think of clever ways of handling this, but I'm running out
> of ideas.
>
> Pete
>
>
> "Mr. Mountain" <mtnbikn@mediaone.net> wrote in message
> news:5tOwd.213322$V41.196794@attbi_s52...
> > considering that obfuscation is but a small barrier to a good reverse
> > engineer, I would venture to say that having the source code for much of
> the
> > project would probably reduce the obfuscation to a trivial impediment
for
> > determined people.
> >
> > also keep in mind that a good reverse engineer, who uses SoftICE and the
> > other tools of the trade well, doesn't have much problem reverse
> engineering
> > native code (which is certain more obfuscated than dotnet code with
> > metadata) and can even accomplish his task when fairly strong encryption
> has
> > been applied.
> >
> > I don't know if this tool is applicable to your situation or not, but
I've
> > heard that Salamander is one of the best tools...
> > http://www.remotesoft.com/linker/
> >
> >
> > "Pete Davis" <pdavis68@NOSPAM.hotmail.com> wrote in message
> > news:goGdndYjOpvYMV7cRVn-hQ@giganews.com...
> > > This isn't directly a C# question, so I apologize for being somewhat
off
> > > topic, but we have a project that is open source. When we release, the
> > > actual release builds will be obfuscated using string encryption. This
> is
> > > necessary because a non-open source component will include some
> encryption
> > > code.
> > >
> > > My question is, does anyone have any experience with obfuscators using
> > > string encryption, and more importantly, because this is open source,
> > people
> > > will actually have access to the rest of the source code in the
project.
> I
> > > guess what I'm concerned about is, if you had on your left, the source
> > code
> > > and on your right, the obfuscated code, would it be fairly easy to
match
> > > them up in such a way that you'd be able easily determine which
section
> is
> > > the part that isn't open source?
> > >
> > > And furthermore, how secure is the string encryption in these
> obfuscators?
> > >
> > > Thanks.
> > >
> > > Pete
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Security of Obfuscators
    ... considering that obfuscation is but a small barrier to a good reverse ... engineer, I would venture to say that having the source code for much of the ... also keep in mind that a good reverse engineer, ... > actual release builds will be obfuscated using string encryption. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Security of Obfuscators
    ... serious limit to the amount of determination someone is going to put into ... obfuscator with string encryption, but $1900 is quite a different story. ... > considering that obfuscation is but a small barrier to a good reverse ... but we have a project that is open source. ...
    (microsoft.public.dotnet.languages.csharp)