Wednesday, August 12, 2009

Tutorial: Visual Studio 2008 Obfuscating with Dotfuscator

Tutorial: Visual Studio 2008 Obfuscating with Dotfuscator

In this
tutorial I'll teach you what Obfuscating is, why you should use it for your .NET products and how to do it with Dotfuscator. Dotfuscator comes with Visual Studio 2008 Professional Edition, if you don't have it you can still buy it as a standalone. Lets start by looking at what obfuscating is.

What is Obfuscating?
Obfuscated code is code intentionally (mostly) created hard to read, however, poor programming skills and/or little knowledge of standards can cause a programmer to create obfuscated code without even knowing it. There are some languages more prone to obfuscated code than others such as C and C++.

Example:
Code:
double h[2]; int main(_, v) char *v; int _; { int a = 0; char f[32]; h[2%2] =

21914441197069634153456391018824026170709523170177760997320759459436800394073
07212501870429040900672146338833938303659439237740635160500855813030357492372
682887858054616489605441589829740433065995076650229152079883597110973562880.0 00000; h[4%3] =

1867980801.569119; switch (_) { case 0: break; default: main(0,(char *)h); break; } }
Why Obfuscate?
Obfuscating can make code very difficult to understand or even reverse engineer. Programs written in .NET or Java are easy to decompile to full source code as though the cracker is looking at the original code you wrote in your IDE. These reverse engineering programs are freely available on the internet making it easy for anyone to see your entire source code. While still readable, obfuscating makes the code harder to read creating some security for your applications.

Getting Started
In this tutorial we will be obfuscating a the Visual Studio 2008 C# program we created in this tutorial: http://forum.codecall.net/c-tutorial...-tutorial.html, however you can use whatever project you desire. We will use the debug build here.

Step 1
Load Visual Studio 2008 (Start/Microsoft Visual Studio 2008/Microsoft Visual Studio 2008). You don't have to select a project but VS2008 must be loaded before you can launch dotfuscator.

Step 2
Load dofuscator (Start/Microsoft Visual Studio 2008/Visual Studio Tools/Dotfuscator Community Edition). If you do not have VS2008 loaded you will see an error:



Step 3
You may be asked to Register. Click "No, I don't want to Register" or "Yes, Register Now", your option but this tutorial will not cover that. At the next screen, "Select Project Type", click "Create New Project" and press "OK".



Step 4
Click "Browse and add assembly to list" icon (below Input Assemblies: - the open folder icon). Click Browse. Navigate to your project executable file. Using the C# Hello World project you will find it located in "My Documents/Visual Studio 2008/Projects/HelloWorld/HelloWorld/bin/debug/HelloWorld.exe". Click "OK".

This image has been resized. Click this bar to view the full image. The original image is sized 600x430.


Step 5
Goto "File/Build or press Ctrl+B. You will be asked to save your project, press "Yes". Enter "HelloWorldC#" or a suitable name for your project. You should see:



Step 6
Your project has now been obfuscated. You can find the executable in "My Documents/Dotfuscated/HelloWorld.exe". This is the executable you want to package in the installation file, however, you will want to use a build release instead of a debug release. Click on "Output" tab to see what was obfuscated:

This image has been resized. Click this bar to view the full image. The original image is sized 600x430.

Quote:
Originally Posted by afkhami View Post
so how do you package your software protected with Dotfuscator?
The Enhanced Community Edition will integrate with Visual Studio, letting you use the Dotfuscated project output for your Setup project's input.

No comments: