.NET/WPF Obfuscators

We have recently purchased PreEmptive Solutions Dotfuscator (which sounded like a good idea when we were making decision about it), but to be honest I am not very happy about it: it cannot properly handle WPF projects and you have to perform a lot of “voo-doo dances” to get at least some protection there (and all that while costing s|-|1t-load of money). This pushed me to do a new round of evaluations of competing products, and I have found few that are really interesting:

  • .NET Reactor (about 150€) is a really powerful tool with lots of features (code and resource protection, code encryption, support for .NET 1.1, 2.0, 3.0, 3.5, CF 1.0 and 2.0, ASP.NET, Mono, can merge assemblies, remove IL code, generate native executables, etc., etc., etc.). Additionaly there is a licensing system, but I have not tried it yet. Despite it claims supporting .NET 3.5 I did not manage to protect our WPF assemblies with it, but all other assemblies were protected like a charm.
  • DeepSea Obfuscator (about 200€). This obfuscator’s list of features is not much shorter, but few outstanding points are support for WPF assemblies, and declarative obfuscation, where the obfuscation process can be controlled by applying obfuscation-related attributes to your code. I managed to protect our WPF assembly with it, but resulting assembly is crashing when I’m entering one specific screen. I guess this crash can be eliminated by using attribute-based obfuscation and removing some properties/classes from the protection process (which is not that good, to be honest, as it means extra work, howewer small it is).
  • {smartassembly} (about 350€-650€, depending on version) looks really impressive as well. It was able to protect WPF assembly and, it seems that the abovementioned crash is not present here; well, it is with certain settings related to obfuscation, but it can be easily eliminated by tweaking settings. Control flow obfuscation seems to be much stronger than that of the DeepSea, and there are some additional protection settings that make lives of Reflector, ILDASM and others really miserable (e.g. invalid metadata streams).

It seems that to get decent level of protection we will have to use either {smartassembly}, or both .NET Reactor and {smartassembly} (in case {smartassembly} would be not able to provide the same protection level for “normal”=non-WPF assemblies as .NET Reactor does – remains to be seen).


One thought on “.NET/WPF Obfuscators

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s