.NET OBFUSCATION by ARVIND RAMAIYA

This is my take of Obfuscation in .NET as compared to Java.

 

The following links were used to research the process of Obfuscation, the tools available

 

http://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html

http://mini.net/tcl/728.html

http://www.gotdotnet.com/

 

 

An introduction to the .NET framework – some techie stuff

 

The .NET architecture is composed of the Common Language Runtime, the VM in .NET world which compiles code into Intermediate Language and IL into binaries. The .NET Framework 1.1 has been built on xml, assembly manifest information are stored in this format along with the assemblies themselves. This makes the above reverse engineering process trivial and makes distribution of .NET code an issue in the industry. There is a Common Language Runtime which has a number of engines including the metadata engine which generates metadata to be stored along with the assembly. The compiler generates the IL along with metadata, which is data about data. It tells the runtime more about the code, such as the definition of each type, signatures, type libraries, registry entries and other extra information.

 

 

               

Figure showing the basic compile process in Java or .NET

 

The problem with writing code in a language which sits behind a VM that interprets the code written into an abstract language, is the security hole it generates. Reverse engineering becomes easy from the abstract language to the source code as is shown in the figure below.

 

Obfuscation – the process

Obfuscation is the process of preventing re-engineering by converting the bytecodes in Java or IL .NET to Obfuscated code which is then interpreted into a binary, which cannot be reverse engineered.

Just like java programs are compiled using javac.exe before being executed using the java VM java.exe .NET programs are also interpreted twice.

Obfuscators – the tool

 

Obfuscators, which automatically transform a program by code obfuscation, are more and more available on the Internet by the increasing requirement. Various obfuscators provide different security levels to protect .NET programs or IL code. Some Java obfuscators change the compiled class to various names that, when decompiled, follow illegal syntax and as such can't be recompiled. Others simply change names. Many Java obfuscators remove extraneous symbolic information used to decompile the class.

Some of the most common and used .NET Obfuscators are LSW Dotnet IL Obfuscator, Demeanor for .NET, .NET IL-Obfuscator, Salamander .NET Obfuscator

 

Working Example

 

.NET framework provides you with 2 tools to assemble and disassemble; Intermediate Language Assembler and Intermediate Language Disassembler.

 

The tool used to demonstrate Obfuscation is the LSW .NET IL Obfuscator.

 

The two instances of the IL code are shown, and the process of using ILASM.exe to re-assemble IL into source code has been show

 

Before Obfuscation

 

 

C:\arvind>ilasm ReadingXml.il

 


Microsoft (R) .NET Framework IL Assembler.  Version 1.0.3705.0

Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

Assembling 'ReadingXml.il' , no listing file, to EXE --> 'ReadingXml.EXE'

Source file is UTF-8

Assembled method Form1::.ctor

Assembled method Form1::Dispose

Assembled method Form1::InitializeComponent

Assembled method Form1::Main

Assembled method Form1::btnReadXML_Click

Assembled method Form1::btnShowSchema_Click

Creating PE file

Emitting members:

Global

Class 1 Fields: 6;      Methods: 6;

Resolving member refs: 51 -> 51 defs, 0 refs

Writing PE file

Operation completed successfully

 

 

 

After Obfuscation

 

C:\arvind\rep>ilasm obfuscate.il

 


Microsoft (R) .NET Framework IL Assembler.  Version 1.0.3705.0

Copyright (C) Microsoft Corporation 1998-2001. All rights reserved.

Assembling 'obfuscate.il' , no listing file, to EXE --> 'obfuscate.EXE'

Source file is ANSI

 

obfuscate.il(3) : error : syntax error at token '´' in:  ´╗┐

 

 

***** FAILURE *****