Home - Forums-.NET - Spices.Net - Obfuscating and anonymizing only parts of code

Spices.Net

NET code security, tools to protect, obfuscate, tamper defense, code and data safety, recover, convert, optimize, explore, browse and analyze .Net software.

This forum related to following products: Spices.Net Suite, Spices.Net Obfuscator, Spices.Net Decompiler
Obfuscating and anonymizing only parts of code
Link Posted: 18-Mar-2008 04:52
labate avatar
labate
Total Posts:0
Joined:4/19/2024
Hello,

Could you suggest us a way to obfuscate and anonymize only parts of code.

What we would achieve is by default to:
   a) obfuscate all non public classes and methods
       (options: {Members=DefaultImproved}{Naming=AlphaNumericAndNonDisplayable})

Then in an explicit way in the code:
   b) obfuscate selected strings of private methods containing selected strings
   c) anonymize code for selected methods for which we would like to hide algorithm

My question is about the second part.

For b) we could use the NineRays.Obfuscator.ObfuscateAttribute attribute in code on top of the method to obfuscate. But how to say that we want to obfuscate the strings for this method with {StringEncryptionMode=Hide} option, combined with StringEncryption anonymization as recommended?

For c) as we only want to hide code for a small set of methods, how could we specify declaratively that a selected method must be code anonymized?
In the NineRays.ObfuscationAttributes.dll assembly there are lot of attributes to say "don't do this" or "don't do that", for example DontAnonymizeAttribute, but there are few attribute to say "do that". In that case there is no AnonymizeAttribute.

In fact, we don't want to obfuscate by default all strings and anonymize all methods if this is not necessary. We would like to only obfuscate and/or anonymize selected methods of our assemblies.

Thank you to suggest us a way to achieve as described.
Adriano
Link Posted: 18-Mar-2008 05:09
NineRays avatar
NineRays
Total Posts:0
Joined:4/19/2024
What we would achieve is by default to:
a) obfuscate all non public classes and methods
(options: {Members=DefaultImproved}{Naming=AlphaNumericAndNonDisplayable})


Don't forget to add antiILDASM and StringEncryption features to your obfuscation options.

Then in an explicit way in the code:
b) obfuscate selected strings of private methods containing selected strings

Please use NineRays.Obfuscator.DontEncryptStringsAttribute attribute provided by NineRays.ObfuscationAttributes.dll (you can find this assemblin in SDK\Obfuscation Attributes\ folder and add reference to this assembly to your project. It's not necessary to distribute this assembly with your assemblies, because attributes provided by that assembly are for marking purposes, they don't affect on code behavior. Or you can add source code of these attributes to your project and use attributes internally. Source code you can find in the same folder mentioned above).
Just mark by this attribute methods where you don't expect to use string encryption.

c) anonymize code for selected methods for which we would like to hide algorithm

In that case use NineRays.Obfuscator.DontAnonymizeAttribute attribute and mark by this attribute methods selected to avoid anonymization.
Link Posted: 18-Mar-2008 05:22
labate avatar
labate
Total Posts:0
Joined:4/19/2024
Thank you for your quick answer.

If I have well understood, you say that I have to set obfuscation and anonymization by default and then mark all excluded methods with either a DontEncryptStringsAttribute or DontAnonymizeAttribute.

I thought of this solution, but the problem I see is that in our assembly we could have more that a hundred methods. We also have maybe say 10 methods to string obfuscate and say 5 methods with sensitive code we would like to anonymize.
The result is that we have to mark quite 90% of methods with DontEncryptStringsAttribute or DontAnonymizeAttribute attributes.

This is because I asked if there isn't another less intrusive way, to explicitly say what to do instead of what we don't  have to.

Thanks.
Link Posted: 18-Mar-2008 05:47
NineRays avatar
NineRays
Total Posts:0
Joined:4/19/2024
If I have well understood, you say that I have to set obfuscation and anonymization by default and then mark all excluded methods with either a DontEncryptStringsAttribute or DontAnonymizeAttribute.

Yes.

This is because I asked if there isn't another less intrusive way, to explicitly say what to do instead of what we don't have to.


Currently you can use StringCryptExclusionPatterns or StringCryptInclusionPatterns collection to exclude or include certain strings, but unfortunately to exclude or include certain methods anonymization you should use attributes, because it is more complicated technology.
Share:

Company  |  Privacy  |  Legal Information

© 1999-2024 9Rays.Net. All rights reserved.