With a little effort you can “SEMI”-protect your C# assemblies with obfuscation.

Posted by mbcrump on Geeks with Blogs See other posts from Geeks with Blogs or by mbcrump
Published on Sun, 16 May 2010 12:43:05 GMT Indexed on 2010/05/16 20:01 UTC
Read the original article Hit count: 264

Filed under:

This method will not protect your assemblies from a experienced hacker. Everyday we see new keygens, cracks, serials being released that contain ways around copy protection from small companies. This is a simple process that will make a lot of hackers quit because so many others use nothing. If you were a thief would you pick the house that has security signs and an alarm or one that has nothing?

To so begin:

Obfuscation is the concealment of meaning in communication, making it confusing and harder to interpret. Lets begin by looking at the cartoon below:

 

image

 

You are probably familiar with the term and probably ignored this like most programmers ignore user security. Today, I’m going to show you reflection and a way to obfuscate it. Please understand that I am aware of ways around this, but I believe some security is better than no security. 

In this sample program below, the code appears exactly as it does in Visual Studio. When the program runs, you get either a true or false in a console window.

Sample Program.
  1. using System;
  2. using System.Diagnostics;
  3. using System.Linq;
  4.  
  5. namespace ObfuscateMe
  6. {
  7.     class Program
  8.     {
  9.       
  10.         static void Main(string[] args)
  11.         {
  12.  
  13.             Console.WriteLine(IsProcessOpen("notepad")); //Returns a True or False depending if you have notepad running.
  14.             Console.ReadLine();
  15.         }
  16.  
  17.  
  18.         public static bool IsProcessOpen(string name)
  19.         {
  20.             return Process.GetProcesses().Any(clsProcess => clsProcess.ProcessName.Contains(name));
  21.         }
  22.     }
  23. }

 

Pretend, that this is a commercial application. The hacker will only have the executable and maybe a few config files, etc. After reviewing the executable, he can determine if it was produced in .NET by examing the file in ILDASM or Redgate’s Reflector.

We are going to examine the file using RedGate’s Reflector. Upon launch, we simply drag/drop the exe over to the application. We have the following for the Main method:

 

image

and for the IsProcessOpen method:

 

image

 

Without any other knowledge as to how this works, the hacker could export the exe and get vs project build or copy this code in and our application would run.

Using Reflector output.
  1. using System;
  2. using System.Diagnostics;
  3. using System.Linq;
  4.  
  5. namespace ObfuscateMe
  6. {
  7.     class Program
  8.     {
  9.       
  10.         static void Main(string[] args)
  11.         {
  12.  
  13.             Console.WriteLine(IsProcessOpen("notepad"));
  14.             Console.ReadLine();
  15.         }
  16.  
  17.  
  18.         public static bool IsProcessOpen(string name)
  19.         {
  20.             return Process.GetProcesses().Any<Process>(delegate(Process clsProcess)
  21.             {
  22.                 return clsProcess.ProcessName.Contains(name);
  23.             });
  24.         }
  25.  
  26.     }
  27. }

The code is not identical, but returns the same value. At this point, with a little bit of effort you could prevent the hacker from reverse engineering your code so quickly by using Eazfuscator.NET. Eazfuscator.NET is just one of many programs built for this. Visual Studio ships with a community version of Dotfoscutor.

So download and load Eazfuscator.NET and drag/drop your exectuable/project into the window. It will work for a few minutes depending if you have a quad-core or not.

image image

After it finishes, open the executable in RedGate Reflector and you will get the following:

Main After Obfuscation

image

IsProcessOpen Method after obfuscation:

image

As you can see with the jumbled characters, it is not as easy as the first example. I am aware of methods around this, but it takes more effort and unless the hacker is up for the challenge, they will just pick another program. This is also helpful if you are a consultant and make clients pay a yearly license fee. This would prevent the average software developer from jumping into your security routine after you have left. I hope this article helped someone. If you have any feedback, please leave it in the comments below.

© Geeks with Blogs or respective owner