[ACCEPTED]-How good is Dotfuscator Community Edition? What is "good enough obfuscator"?-piracy-prevention

Accepted answer
Score: 51

In a nutshell, the main difference between 68 Dotfuscator Community Edition and the other 67 "professional" editions is that 66 Community Edition will only really obfuscate 65 and change your namespaces, method names, and 64 other "public" accessible aspects 63 of your classes. It won't delve into the 62 functions themselves and obfuscate the "private" code 61 within the function.

Also, the Community 60 Edition doesn't do anything to obfuscate 59 such things as control flow within your 58 application, nor will it "combine" code 57 from multiple assemblies into one assembly. These 56 are features that are available within the 55 "professional" paid-for versions.

The 54 best comparison between the Community Edition 53 (the "free" version that comes 52 with Visual Studio) and the "professional", paid-for 51 editions can be found by looking at the 50 following two links:

Preemptive Dotfuscator Editions Comparison

Dotfuscator Community Edition 3.0 on MSDN

The MSDN link is slightly 49 out of date, however, gives a much better 48 explanation of the actual features that 47 are available within the various editions 46 of Dotfuscator.


Commercial obfuscators do 45 cost a lot of money, and as to wether they 44 are worth the money? Well, that's a judgement 43 call that really only you can make. Personally, I 42 would say that it isn't worth it in your 41 scenario. Firstly, because you're only 40 wanting to protect one application ("I 39 plan to release one small, low priced utility.") and 38 secondly, you say that you're not overly 37 concerned with the application being "cracked" ("I'm 36 not very afraid of my application being 35 cracked.").

I understand how it can 34 bug you that compiled .NET applications, without 33 any obfuscation, can be easily reverse engineered 32 to their original source code, and that 31 someone may make use of this to steal your 30 software and sell it as their own, however, the 29 fact remains that software piracy does exist 28 and you will probably never stop it.

Trying 27 to stop software piracy has been debated 26 ad-nausem both on here (Stack Overflow) and 25 all over the internet.

The general consensus 24 seems to be that you need to focus your 23 time and energies more on making your product 22 as great as it can be rather than using 21 this same time trying to protect something 20 that, given enough time/money, an "attacker" can 19 "crack"/steal your software anyway, despite 18 your best efforts to prevent him from doing 17 so.

Does this happens a lot?

I would say that 16 it probably happens a lot less than you 15 think it does. Sure, software gets cracked, but 14 I don't think too many people actually steal 13 other's source code and completely re-brand 12 it to sell as their own. I'm not saying 11 it doesn't, or hasn't happened, but it's 10 certainly not a common occurrence.

To summarise, I'd 9 say that your best bet would be to focus 8 on making your utility as great as it can 7 be and use the free Dotfuscator obfuscator, since 6 it requires very little investment of time/money, to 5 obfuscate your code from the most obvious 4 prying eyes, but don't lose any sleep over 3 the fact that if someone wants to crack/steal 2 your product/code badly enough, they will 1 do.

Score: 13

I think Dotfuscator Community Edition shipped 24 with Visual Studio is quite a naive solution. It 23 provides only symbol renaming and does not 22 obfuscate control flow at all. And if someone 21 decides to stole your code it will only 20 need to refactor back all names, which is 19 quite easy with small amount of classes.

Also 18 you can rely on not so perfect decompilation 17 provided by Reflector (it usually messes 16 switch blocks, makes lots of gotos, mismatch 15 if-else blocks, etc.).

But I suggest you 14 try Eziriz .NET Reactor. It costs only $179 (AFAIK best price/features 13 ratio). It provides standard obfuscation 12 techniques such as symbol renaming, string 11 encryption, control flow obfuscation. As 10 a good bonus it creates native launcher 9 for you app, which will contain your main 8 assembly and all third party references 7 encrypted and loaded on demand. Plus it 6 provides some licensing capabilities.

Anyway 5 reversing .NET application is not so hard, I 4 did it for fun and can say that it's only 3 matter of time and money (and of course 2 common sense) how fast your application 1 will be cracked or reversed.

Score: 8

At a minimum, an obfuscator should have:

  1. String encryption
  2. Symbol renaming
  3. Control flow obfuscation

Good 2 to have features are:

  1. Resource protection
  2. Assembly merging/embedding
  3. External method call hiding
  4. Ability to auto-sign obfuscated assemblies
  5. Support for satellite assemblies
  6. Dead-code elimination
  7. Meta-data reduction
  8. Anti-decompiler (Reflector)
  9. Anti-tamper
  10. Anti-Debugging

Take a look at our 1 Crypto Obfuscator product which supports all of these.

Score: 5

Another way to get around reverse engineering 21 code is where you place your dll's if you 20 cannot really afford obfuscators which do 19 add support. And in your assembies before 18 deployment tell the compiler where to look 17 for them which was an old practice to hinder 16 reverse engineering. But like it was already 15 said, concentrate mostly on developing an 14 excellent product and good coding practices, then 13 you will be able to afford a nice obfuscator 12 application in the future. Also, try not 11 to worry to much about others cracking your 10 code because most hackers crack code just 9 find a way to use the product without paying 8 for it and not to steal code or to learn 7 from for beginning programmer. Yeah, I wish 6 JIT only supported c# and vb.net which would 5 have really cut down on reverse engineering 4 but since jit can read many due to .net 3 being really language friendly that is the 2 price. So code away and make some money, buy 1 some additional securities.

More Related questions