I was recently asked to review Crypto Obfuscator 2010 from LogicNP Software. Since most of my development these days is with Microsoft’s Visual Studio product, I jumped at the chance. Software protection has always been a concern when coding in a language that compiles to any intermediate code.
The definition of obfuscate is to make something confusing or difficult to understand. That’s exactly what code obfuscators try to accomplish; take your existing code and make it as hard to reverse engineer and understand as possible. With the advent of languages that compile to intermediate code instead of machine code (Dot Net, Java, etc), obfuscation is more important than ever, as it’s very easy to decompile code back into the high level syntax.
One of the most popular tools for disassembly of Dot Net code is Lutz Roeder’s Reflector. This tool is now owned by redgate and can be downloaded for free here: Reflector
. I will be using this tool for this review to test how well Crypto Obfuscator works on my code. To keep the review focused, I won’t go over how to use Reflector in depth, but it’s very simple to use. Just drag Dot Net assemblies onto it and it will decompile for you.
To test Crypto Obfuscator, I created a very simple application with a main EXE and a dll. The Exe is a single form that multiplies two numbers together. The calculation is done in a referenced dll. I also added a public string property because I’m interested in seeing what Crypto Obfuscator will do with it. I’d like to make sure my password or other sensitive strings in my application will be fully protected.
The class that does the calculation looks like this:
public class Calculate
public string myString = “mystring”;
public int CalculateIntegers(int one, int two)
return one * two;
In the Reflector window, you’ll see the decompiled assembly:
And the decompiled code for the function:
As you can see, Dot Net code can be easily disassembled. This provides a hacker with your entire code base to use as they see fit in a matter of seconds. So what can we do about this? Enter Crypto Obfuscator.
One of the things I look for in software tools is ease of use. I don’t want my software tools to create another level of hassle in the already complex process of software development. One of the first things I noticed about Crypto Obfuscator is that it’s very easy to use. When I started the tool up, it told me to add assemblies. I selected my two assemblies from my project:
You’ll see in the above screen shot that Crypto Obfuscator has selected some basic options for me after it loaded my assemblies. For my first test, I left all the default options alone, assuming the tool would pick most of what I needed. I clicked the “Process” button and then tried to decompile the resulting product with Reflector again. Immediately I noticed Reflector couldn’t even open the files:
This is the best possible outcome for my assemblies. I wanted to see what Crypto Obfuscator does to some of the individual properties, so I ran it again and removed some of the protection options:
In the above screen shots, you’ll see that Crypto Obfuscator has changed all the names of my functions and internal code.
Here’s the same code, but with the cryptographic algorithm turned on for the naming convention:
This makes it even harder to understand and follow.
One of the other cool features I wanted to try out was the embedded assembly feature. This feature will embed all of the dependent assemblies into your main executable and encrypt them if you would like. This makes deployment easy; just a single EXE and it still gives you the obfuscation.
Here’s the resulting disassembly output all packed into one:
Overall, I found Crypto Obfuscator 2010 very powerful and easy to use. It does a very good job of obfuscating my code, doesn’t add any further complications to my development cycle and is very affordable. You can find all the features and more information about Crypto Obfuscator 2010 here .
Take a few minutes to check it out and save yourself a lot of time with lost development work in the future.