9Rays.Net - Forums - .NET - Spices.Net - Post#33904

Home - Forums-.NET - Spices.Net - Console Obfuscation

Spices.Net

NET code security, tools to protect, obfuscate, tamper defense, code and data safety, recover, convert, optimize, explore, browse and analyze .Net software.

This forum related to following products: Spices.Net Suite, Spices.Net Obfuscator, Spices.Net Decompiler

Console Obfuscation

Link Posted: 19-Sep-2011 16:59

matt

Total Posts:5

Joined:5/5/2010

I am currently using the console to obfuscate my code and have a few questions.

1. I noticed that variables local to a function are not obfuscated. Is this a bug or am I missing a command line argument?
2. Are there plans to expand the options that are available through the console command line arguments? If not, can you please add this as a feature request? I realized that you are create projects to get more options, but this makes my process much more difficult.
3. Spices obfuscator used to do a pretty good job of preventing decompilation when using Reflector. There are now a number of other program out there such as ILSpy and dotPeek that are better than Reflector at decompiling code obfuscated by spices. Are there plans to improve the obfuscation techniques to better protect against these programs?

Thanks for your help.

Link Posted: 21-Sep-2011 05:03

ninerays

Status:Moderator

Total Posts:189

Joined:11/26/2009

1. I noticed that variables local to a function are not obfuscated. Is this a bug or am I missing a command line argument?

Actually .Net metadata doesn't contain internal method variables, variable names stored in debug information files (.PDB), so if you break connection between your assembly and .pdb file (with StripDebugInfo option) or compile your assembly without including debug information, you'll exclude access to variable names.

2. Are there plans to expand the options that are available through the console command line arguments? If not, can you please add this as a feature request? I realized that you are create projects to get more options, but this makes my process much more difficult.

You can expand the options by using Spices.project for obfuscation (you can find the editor of Spices.Project in the \Bin folder - OptionGUI.exe). But you can make a feture request here, we'll try include your request to the nearest update of Spices.Net.

3. Spices obfuscator used to do a pretty good job of preventing decompilation when using Reflector. There are now a number of other program out there such as ILSpy and dotPeek that are better than Reflector at decompiling code obfuscated by spices. Are there plans to improve the obfuscation techniques to better protect against these programs?

Of course we've plans to prevent decompilation from most of known decompilers and analyze all of them, we're constantly working on this task.

Link Posted: 05-Oct-2011 19:22

matt

Total Posts:5

Joined:5/5/2010

Thanks for the information, but there is still something that I don't understand. When I look at my obfuscated assembly, I can see the names of some of the variables that are local to a method. I have copied the assembly to a computer that does not have the pdb files and the assembly is built as release. Looking at the assembly attributes, I see [assembly: Debuggable(DebuggableAttribute.DebuggingModes.IgnoreSymbolStoreSequencePoints)], which appears to be the default for the release configuration. What am I missing?

Thanks,,
Matt

Link Posted: 06-Oct-2011 04:38

ninerays

Status:Moderator

Total Posts:189

Joined:11/26/2009

Could you provide me with some piece of code demonstrating this problem?
Yes, types of variables are stored in method body and decompiler generates names for these variables using naming conventions of decompilation language(like int i; for example).

Link Posted: 08-Oct-2011 18:31

matt

Total Posts:5

Joined:5/5/2010

OK, here is a small snippet of code as an example.

Source code

public PowerSaveSettings ReadPowerSaveSettings()
{
    if (this.powerSaveSettings == null)
    {
        ELMPowerSaveSettings elmSettings = null;
        STNPowerSaveSettings stnSettings = null;

        // Do something...
    }

    // Do Something
}

Decompiled code that was obfuscated

public PowerSaveSettings ReadPowerSaveSettings()
{
    if (this. == null)
    {
        ELMPowerSaveSettings elmSettings = null;
        STNPowerSaveSettings stnSettings = null;

        // Do something...
    }

    // Do Something
}

The elmSettings and stnSettings are local variables that are used in this method. I cannot show the implementation the rest of this method, but the idea is that the variable names are not obfuscated.

Link Posted: 10-Oct-2011 04:47

ninerays

Status:Moderator

Total Posts:189

Joined:11/26/2009

Hmm, seems debug information is embedded into this assembly.
Could you send us this assembly for analysis? That help us to get detailed information about this case and probably - improve our obfuscation engine.
Please zip your assembly and change .zip extension to .zap or .txt before attaching to e-mail message.

Link Posted: 10-Oct-2011 17:39

matt

Total Posts:5

Joined:5/5/2010

I sent you an email with the assembly. Thanks for your help.

Matt

Home
Products
- .NET Developer Tools
- Spices.Net Suite
- Spices.Net Obfuscator
- Spices.Net Decompiler
- ASP.NET
- FlyTreeView for ASP.NET
- WinForms
- FlyGrid.Net
- Security and Cryptography
- CryptoSharp
Downloads
Purchase
Support
Forums
Contact
Company