.NET Obfuscator protects your .NET software from hackers, competitors, and prying eyes by preventing unauthorized use, code tampering and reverse engineering.

Spices .Net Obfuscator

Protect your .NET software from hackers, competitors, and prying eyes by preventing unauthorized use, code tampering and reverse engineering.
 

Don't give competitors and hackers a chance: protect your code and data!

Spices.Net Obfuscator is a product of well known Spices.Net products family.

Spices.Net Obfuscator is a .Net code obfuscation, protection and optimization tool that offers the wide range of technologies to completely protect your .Net code and secure your data. Spices.Net Obfuscator rebuilds your .Net assemblies to the new format that is impossible to disassemble, decompile, impossible to understand.
.Net Obfuscator is a part of Spices.Net and offered as Visual Studio Integrated package (Spices.VSIP.Obfuscator), standalone GUI program and as console edition.
You can use Spices.Net Obfuscator as freeware for non-commercial use, all features of Spices.Net Obfuscator in Free Evaluation version are presented and work without limitations.

Why your .Net code and data need protection?

One of the key features of Microsoft .NET is that all its languages (c#, VB.Net, managed c++, J#) generate assemblies containing CPU-independent instructions, or so called Microsoft Intermediate Language instructions. .NET assemblies also include metadata that describe types, members, and code references from other assemblies. At program runtime, these instructions are converted to CPU-specific language by the just-in-time compiler.

This architecture provides developers for several benefits: it makes possible easy interoperability for code written in differing languages, and simplifies assemblies usage. However, there is one major code security disadvantage as well: the data contained in assemblies provide enough information to recover the original code. This makes it difficult to protect the intellectual property in an application, which source code can be read by anyone. Developers who have spent months or years working on complex algorithms or workarounds for bugs, often prefer to have their methods remain secret from others.

This is where obfuscation can help. Its purpose is to transform a .NET assembly without affecting its functionality, so that it becomes difficult or impossible to be decomplied. Code obfuscation of .NET assemblies with .NET Obfuscator helps achieve four main goals:

  • Complicate reverse engineering with industry leading obfuscation

    Obfuscation significantly complicates reverse engineering and decreases its efficiency.
    Spices.Net Obfuscator prevents ILDASM/ILASM (MSIL disassembler and MSIL assembler/linker) roundtrip techniques.

  • Tamper Defenсe - produce tamper resistant assemblies (U.S. Patent #8,200,983)

    The risk with tampering is that .Net executables can be altered or cracked by hackers or malicious users.
    Our patented technology provides tamper defense. Assemblies generated by Spices.Net Obfuscator are tamper resistant. Producing assemblies protected from a recently emerged spoofing technique: ILDASM/ILASM roundtrip (with code behavoir altering) and modifying or removing strong-names.
    The protected assembly won't work after altering even if the new strong-name is recognized by .net loader as a valid one.
    Hackers have learned to crack strong-names. Having modified the assembly, a hacker (either leaves it unsigned, or) re-signs it with his or her own strong-name key. With the our tamper defense technology, the assembly won't work neither if not signed at all, nor if signed by a strong-name key which differs from the assembly originator's one. If your assembly does not contain any string information, you can check the assembly validity by performing an easy testing procedure for any of the use strings. Tamper-proof technology encrypts string and binary resources (user strings, binary arrays used in the code) to protect and secure resources from prying eyes and provide tamper resistant mechanisms that prevent assembly from unauthorized copying, modifications, tampering, spoofing, and malicious code injection.

  • Secure your data

    Spices.Net Obfuscator removes all string data from your code to hidden and safe place and makes impossible to extract any string info from protected assembly.

  • Optimize code size and performance

    Obfuscation speed of load and initialization, breaks down structures that make programs modular, surprisingly reducing program code size in many cases. For example, reducing metadata size and optimizing the symbol tables.

  • Resource Protection

    Resource Protection protects managed resources by encrypted resource names so that they can't be determined if the assembly is altered.

  • Software watermarking

    Software watermarking can be used to an additional hidden identification or marking a given application with specific information, such as its buyer and copyright. This information can help reveal a forgery of an application and identify its owner, the distribution region, the OEM distributor and the serial number. A watermark is incorporated into an assembly in such a way that it disappears with the application after decompilation and disassembly.

How does .NET Obfuscation Work?

During obfuscation a .NET assembly is transformed into an equivalent .NET assembly that is more difficult to understand when decompiled. Some obfuscators use ILDASM to disassmble the assembly and then transform the original MSIL, and then use ILASM to reassemble the result. Wide variety of different techniques is applied to the assemlies to make the disassembled source code more difficult to understand. Below given the brief outline of the most effective of them.

  • Entity Renaming

    The most essential method of obfuscation. Entities are all the named objects in the .NET assembly: namespaces, classes, methods, properties, fields, and enums. As everybody knows, it's a good practice to give the entities meaningful names and so make the code easier to read and debug. When you build a .NET assembly, the entity names from your source code are preserved in the assembly's metadata, and so provide clues for those trying to understand the code. During the process of entity renaming, all the entities are renamed to short, meaningless, or incomprehensible names, so making code very hard to read, but still operational. Overloaded renaming, in addition, takes advantage of .NET specifics, giving same names to more than one entity as long as this is allowed by .NET overloading rules. Method return type can also be overloaded on MSIL level, making the assembly code absolutely impossible to decompile.

  • Declarative Obfuscation

    This technique lets developer decide what exactly should be obfuscated and supports for repeatable obfuscation that is well-documented directly in the source code.

  • Control Flow Obfuscation and CodeAnonymization (U.S. patent #7,937,693)

    This method modifies source code so that it becomes logically harder to understand, while remaining logically equivalent.

  • Stub Untouched Methods

    This method replaces bodies of untouched methods with anonymized stubs.

  • Unused Members Removal

    When this approach is used, the entire source code is evaluated to determine whether there are any methods that are actually unused, and if so, such members are removed from the assembly. This approach also lets optimize application size.

  • String Encryption

    String constants and literal strings in your .NET source code appear unchanged in your compiled .NET assemblies. At the obfuscation stage, they are encrypted and decryption routine is added into the assembly to be then called at runtime to return the original string values.

  • ILDASM Breaks

    ILDASM is the MSIL disassembler that comes with.NET Framework SDK. The breaking technique is based on injecting a piece of code into assembly that leads ILDASM to crash and inability to handle the assembly.

 

Product compare matrix:

Feature/Product Spices.VSIP.Obfuscator Spices.Net Obfuscator Spices.Net Obfuscator Console
Include Console (command line) X X X
Standalone Spices.Net X X  
Deep MS Visual Studio Integration (2003, 2005, 2008, 2010, 2012) X    
MSBuild integration X    
NAnt integration X X  
Code Anonymizer (U.S. Patent #7,937,693) X X X
Tamper defence: produces tamper resistant assemblies (U.S. Patent #8,200,983) X X X
Spices.Optimizer X X X
Strings encryption X X X
Single Assembly obfuscation X X X
Automation X    
Spices.Project support X X X
Spices.Solution support X X X
Obfuscation Events X X X1
One year of technical support and updates/fixes, discounted renewal prices to the next year X X X
1 Supported in case of Spices.Project or Spices.Solution obfuscation.

 

Difference between licenses:

 

License Description
Single Allows to use product on a single machine, or on desktop/laptop, work/home configutations (you can install and use product on your desktop and laptop or at work and home).
It doesn't allows to use product on a build machine/server.
Team Pack Allows to use product on up to 5 developer machines and/or 1 build machine/server.
Enterprise Allows to use on unlimited number of developer machines and build machines/servers in one physical enterprise.

 

Try a Free Evaluation Now

If you would like to try the Spices.Net Obfuscator you can try a free evaluation copy. We would love to hear your feedback.

Got Questions?

Perhaps after reading this topic you have some questions that didn't get answered. Spices.NET has a great FAQ doc that answers a lot of the commonly asked questions about Spices.NET products.