关于C＃混淆的几个问题（SmartAssembly，内部函数） [英] Several questions on C# obfuscation (SmartAssembly, internal functions)

问题描述

您好！我们正在与几个混淆器进行关心实验。我们希望保护我们的源代码不再与其他人一起使用。我们的主要任务是进行exe（或dll）分析，以使原始源代码结构尽可能复杂。换句话说，使用从exe（或dll）恢复的源代码，自己开发应用程序必须更容易。目前我们正在测试SmartAssembly 6.我们使用de4dot对结果exe和dll进行反混淆处理。结果在Reflector中进行评估。因此我们有几个问题（暗示分析的exe（或dll）被SmartAssembly混淆了。）



问题：

1.是否有任何方法（反混淆，进程转储，调试等）来恢复内部和私有函数的源（不是从公共函数调用）而没有大量的长期工作？如果可能 - 请指定方法。

2.关于内部和私有函数参数名称和局部变量的相同问题。

3.哪个混淆器（保护器等）您认为我们应该使用而不是SmartAssembly来实现我们的目标（许可证成本不低于200美元）？



我们的实验中的一些观察结果：

1.在SmartAssembly之后，De4dot不会恢复本地var名称（只需基于var类型重命名以便于分析http://prntscr.com/78puxr）。但公共功能代码结构和参数名称恢复得相当不错。

2.在De4dot恢复文件http://prntscr.com/78pvh4中找不到Reflector的内部和私有函数。此外，即使从中调用公共函数也无法找到它们的来源（我的意思是来自内部或私人函数源）http://prntscr.com/78pxcf。

3.但是如果私有函数是公开调用，可以找到它的结构很容易识别http://prntscr.com/78q5pm

Hello! We are caring experiments with several obfuscators. We want to protect our source code from using once more with somebody else. Our main task is to make exe (or dll) analysis for getting original source code structure as complicated as possible. In other words it must be easier to develop application on your own, than to use our sources restored from exe (or dll). At the moment we are testing SmartAssembly 6. We deobfuscate result exe and dll with de4dot. The result is evaluated in Reflector. Thereby we have several questions (It is implicated that analyzed exe (or dll) was obfuscated with SmartAssembly).

Questions:
1. Is there any method (deobfuscation, process dumping, debugging etc) to recover sources of internal and private functions (which are not called from public functions) without extensive and long work? If it is possible - please specify the method.
2. The same questions about internal and private function parameter names and local variables.
3. Which obfuscator (protector etc) you think we should use instead of SmartAssembly to achieve our goals (with license cost not less than 200$)?

Several observations from our experiments:
1. De4dot does not recover local var names after SmartAssembly (just renames basing on var types to facilitate the analysis http://prntscr.com/78puxr ). But public function code structure and parameter names are recovered pretty good.
2. internal and private functions was not found with Reflector in De4dot recovered file http://prntscr.com/78pvh4 . Besides, their source cannot be found even if public functions is called from it (I mean from internal or private function source) http://prntscr.com/78pxcf .
3. However if private function is called by public one, it can be found and its structure is easily recognized http://prntscr.com/78q5pm

推荐答案

）？



我们的实验中的一些观察结果：

1.在SmartAssembly之后，De4dot不会恢复本地var名称（只需基于var类型重命名以方便分析http://prntscr.com/78puxr）。但公共功能代码结构和参数名称恢复得相当不错。

2.在De4dot恢复文件http://prntscr.com/78pvh4中找不到Reflector的内部和私有函数。此外，即使从中调用公共函数也无法找到它们的来源（我的意思是来自内部或私人函数源）http://prntscr.com/78pxcf。

3.但是如果私有函数是公开调用它，它可以被发现并且它的结构很容易识别http://prntscr.com/78q5pm

)?

Several observations from our experiments:
1. De4dot does not recover local var names after SmartAssembly (just renames basing on var types to facilitate the analysis http://prntscr.com/78puxr ). But public function code structure and parameter names are recovered pretty good.
2. internal and private functions was not found with Reflector in De4dot recovered file http://prntscr.com/78pvh4 . Besides, their source cannot be found even if public functions is called from it (I mean from internal or private function source) http://prntscr.com/78pxcf .
3. However if private function is called by public one, it can be found and its structure is easily recognized http://prntscr.com/78q5pm

我认真地认为混淆是不值得的。



首先，批评性思考：您的产品真的值得偷窃吗？是的，对于那些只想快速改进代码但不是熟练的代码破解者的人来说，你的混淆会严重延迟逆向工程。但他们真的需要被阻止吗？你会从中获得什么？



与此同时，那些真正想要窃取你的代码的人是非法的并且会威胁你的业务赢得了'把你的混淆视为任何严重的障碍。如果他们决定对您的产品进行逆向工程并将其用于此类目的，您可以确定：他们肯定会这么做，并且非常快。



现在有是商业产品，它们可能相当昂贵，并提供比混淆更强大的逆向工程保护，它们怎么样？我从逆向工程专家那里听说：如果这种保护软件是众所周知的，它会使破解变得更加容易，因为这些专家已经在研究这些项目的运作方面投入了大量的精力。只有一些未知但高度复杂的保护软件才有机会抵御破解。好吧，至少有一段时间...



因此，这是我的友好建议：不要浪费你的时间进行混淆。但是，你决定。

-SA

I seriously think that obfuscation does not worth the effort.

First of all, think critically: does your product really worth stealing? Yes, your obfuscation will seriously delay the reverse engineering for those who just want to get a quick improvement of your code but are not the skilled code crackers. But do they really need to be stopped? What would you gain from that?

At the same time, people who really want to steal your code for the purpose which are both illegal and would threaten your business won't see your obfuscation as any serious obstacle. If they are determined to reverse-engineer your product and use it for such purposes, you can be sure: they will certainly do it, and very quickly.

Now there are commercial products which can be quite expensive and provide much stronger protection against reverse engineering than the obfuscation, how about them? I heard from the reverse engineer specialist: if such protection software is well-known, it makes the cracking even easier, because such specialists already invested a lot of work in studying the operation of such projects. Only some unknown but highly sophisticated protection software get some chance to withstand cracking. Well, at least for a while…

Therefore, here is my friendly advice: don't waste your time for obfuscation. However, you decide.

—SA

这篇关于关于C＃混淆的几个问题（SmartAssembly，内部函数）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！