Tutorial: Visual Studio 2008 Obfuscating with Dotfuscator

[Jordan]

In this tutorial I'll teach you what Obfuscating is, why you should use it for your .NET products and how to do it with Dotfuscator. Dotfuscator comes with Visual Studio 2008 Professional Edition, if you don't have it you can still buy it as a standalone. Lets start by looking at what obfuscating is.

What is Obfuscating?
Obfuscated code is code intentionally (mostly) created hard to read, however, poor programming skills and/or little knowledge of standards can cause a programmer to create obfuscated code without even knowing it. There are some languages more prone to obfuscated code than others such as C and C++.

Example:

Code:

double h[2]; int main(_, v) char *v; int _; { int a = 0; char f[32]; h[2%2] =
 21914441197069634153456391018824026170709523170177760997320759459436800394073 
07212501870429040900672146338833938303659439237740635160500855813030357492372 
682887858054616489605441589829740433065995076650229152079883597110973562880.0 00000; h[4%3] = 
1867980801.569119; switch (_) { case 0: break; default: main(0,(char *)h); break; } }

Why Obfuscate?
Obfuscating can make code very difficult to understand or even reverse engineer. Programs written in .NET or Java are easy to decompile to full source code as though the cracker is looking at the original code you wrote in your IDE. These reverse engineering programs are freely available on the internet making it easy for anyone to see your entire source code. While still readable, obfuscating makes the code harder to read creating some security for your applications.

Getting Started
In this tutorial we will be obfuscating a the Visual Studio 2008 C# program we created in this tutorial: http://forum.codecall.net/c-tutorial...-tutorial.html, however you can use whatever project you desire. We will use the debug build here.

Step 1
Load Visual Studio 2008 (Start/Microsoft Visual Studio 2008/Microsoft Visual Studio 2008). You don't have to select a project but VS2008 must be loaded before you can launch dotfuscator.

Step 2
Load dofuscator (Start/Microsoft Visual Studio 2008/Visual Studio Tools/Dotfuscator Community Edition). If you do not have VS2008 loaded you will see an error:



Step 3
You may be asked to Register. Click "No, I don't want to Register" or "Yes, Register Now", your option but this tutorial will not cover that. At the next screen, "Select Project Type", click "Create New Project" and press "OK".



Step 4
Click "Browse and add assembly to list" icon (below Input Assemblies: - the open folder icon). Click Browse. Navigate to your project executable file. Using the C# Hello World project you will find it located in "My Documents/Visual Studio 2008/Projects/HelloWorld/HelloWorld/bin/debug/HelloWorld.exe". Click "OK".



Step 5
Goto "File/Build or press Ctrl+B. You will be asked to save your project, press "Yes". Enter "HelloWorldC#" or a suitable name for your project. You should see:



Step 6
Your project has now been obfuscated. You can find the executable in "My Documents/Dotfuscated/HelloWorld.exe". This is the executable you want to package in the installation file, however, you will want to use a build release instead of a debug release. Click on "Output" tab to see what was obfuscated:



Questions/Comments?
Feel free to ask questions or give more input in this thread.

[afkhami]

hi there
thank you for the post on using Dotfuscator with VS.NEt. my question is how to use it while packaging? because if I have a setup project added to my solution, when I press build Setup project, it will first compile the main project which causes owerriting obfuscated file.

Thanks
- Alireza

[Jordan]

I am not sure you can do this. If you find a way let us know.

[afkhami]

so how do you package your software protected with Dotfuscator?

[Jordan]

I use the Exe from step 6 above.

[goodamr]

Thanks alot for this tutorial!

[InteXX]

so how do you package your software protected with Dotfuscator?

The Enhanced Community Edition will integrate with Visual Studio, letting you use the Dotfuscated project output for your Setup project's input.

[nicckk]

Good tutorial, +rep...If I could find the button.

[ketelhuis]

Hi,

Thx for the clear post.

I wanted to use DotFuscate to obfuscate strings in my VB.Net app. I tried several thing, but DotFuscate didn't obfuscate any.

An example of the exe opened with notepad

"PADPz-Ý Ñ P a s s w o r d
This is the Password �R "

(I used a resource string)

Any ideas how to do this?

thx,

Arnout

[diedo]

is this applies for C# only or .NET Applications only ?

Because packing .NET isn't' hard These Days Specially when exnocode do nice job
packing your apps to protect it for being reversed or whatever

Thanks For your Tutorial