4

Obfuscation Tips

posted by alberto

Babel Obfuscator is great protection tool and can make a good obfuscation job just right of the box. Knowing all the nitty gritties is a good thing, but it may takes long time. So we have prepared a number of tips that will help you to get the best possible obfuscation result without too much effort.

  1. Consider to declare as many types as possible internal or Friend if you use VB.NET.
    Public types and methods that are externally visible will not be renamed because they can be consumed by other assemblies. Internal (or Friends for VB) types are private and are not visible to external assemblies so they can be safely renamed.
  2. Merge dependencies whenever possible.
    Babel Obfuscator can merge referenced assemblies into the target assembly. This will allow you to internalize all merged types increasing the number of renamed symbols.



  3. Use hash algorithm when encrypting strings.
    The hash string encryption algorithm offers good protection and at the same can reduce the size on disk of the obfuscated assembly.
  4. Enable Control Flow Obfuscation.
    Control Flow Obfuscation can make if statements more complex to read, insert a number of irrelevant branches, add multiple switch instructions without changing the behavior of the method so that is very difficult to analyze after decompilation. To obtain the best code scramble we suggest to enable the following algorithms: goto, if, switch, case, call.



  5. Encrypt code that expose sensitive data.
    Code encryption is a powerful protection feature. But with great power, comes great responsibility... (Perhaps you've already heard before). Definitely code encryption is good but can slow down a bit your application. So take care what to encrypt. Generally methods that handle sensitive data are good candidates like methods that check license keys for instance.



    [Obfuscation (Feature = "msil encryption" , Exclude = false )]

    private void CheckLicenseKey()

    {

         XmlLicense license = LicenseManager .Validate(typeof (Program), this) as XmlLicense;

  6. Encrypt Managed Resources.
    Resource encryption can hide all the embedded resource into your assembly compressing at the same time all your assets. Also this feature like code encryption can lead to performance hit, so use it carefully.
  7. Enable Dead Code Removal.
    This will allow Babel Obfuscator to remove unused code, included types, properties, fields and events reducing the disk size and optimizing the load time.
  8. Use Dynamic Proxy Generation to Hide Calls to External Methods
    Dynamic Proxies can hide the calls to external and internal methods. Most of the times enabling dynamic proxies generation for external calls is enough to get a good obfuscation result.



  9. Sign with a strong name your assemblies.
    It is extremely important to sign the assembly with a strong name. Babel Obfuscator can use the strong name keys to generate hash codes during obfuscation improving tamper detection.
  10. Test the Obfuscated Application.
    Obfuscation might break your code (sometimes). To avoid any unexpected behavior at runtime, remember to perform all the necessary tests on the obfuscated assemblies.

I hope this few advices will help you to obtain the best obfuscation result with Babel Obfuscator.
May the obfuscation be with you!

Back to List