Jump to content
0xd4d

Best and worst obfuscators of 2011

Recommended Posts

Let's list the best and worst .NET obfuscators of 2011 in this thread.

 

There's maybe 20+ .NET obfuscators that are still developed and only a few of those are used by anyone other than the creator of that obfuscator.

 

I'll only list the ones I know enough about. There are others I haven't tried that may or may not be better than the ones listed below.

 

The top 10 list of the best .NET obfuscators of 2011, according to me:

 

1. .NET Reactor 4.4

It has decent protection against unpacking and source code stealing. I'll give it 3/10 points.

 

2. SmartAssembly 6.5

I think this one is the most popular .NET obfuscator. It's easy to use and comes with the absolute minimum standard obfuscation features. I'll give it 2/10 points.

 

I'll stop here. It was a short top 10 list. :)

 

Worth mentioning:

- Best string encryptor: Eazfuscator.NET

 

And the winner of the absolute, without a doubt, the worst obfuscator of 2011 is:

 

Dotfuscator

 

It'll set you back $2,000-$4,000 (US dollars). All it does is rename symbols, simple string encryption, and simple control flow obfuscation. YAY! You bought it? You're a fucking idiot.

  • Upvote 3

Share this post


Link to post

I also agree that Dotfuscator is the worst when it comes to features and value.

 

the best 2 players at the moment are as you mentioned, SmartAssembly and .NET Reactor, they were enough to

 

keep most lamers away in the past but not any more :D

 

I also find Themida.NET somehow good when it comes to anti-dumping but there is no Obfuscation applied.

 

I'm kinda interested in seeing this protection sometime : http://www.arxan.com/software-protection-products/microsoft-NET-GuardIt/index.php

 

still no samples !

 

The biggest loser is CodeVeil of course, slow, incompatible and sometimes detected as a virus ! also damn expensive.

Share this post


Link to post

Never heard of Arxan GuardIT before. :) No price mentioned, so it's most certainly very expensive. Seems like it only offers simple obfuscation like Dotfuscator, though.

 

I tried CodeVeil once (the 4.x demo version) but found no option to enable control flow obfuscation. :) Apparently it doesn't support it.

 

In my opinion, the obfuscators I've tested (see de4dot supported obfuscators) are useless. They protect almost nothing. de4dot is proof of how easy it is to revert back almost everything. They'll have to come up with something really clever to stop deobfuscation. It'll be hard due to the rich .NET metadata.

 

And speaking of slow obfuscators, Goliath .NET has a feature to turn some methods into some byte code and execute it in a VM. But nobody uses that obfuscator. :)

Edited by 0xd4d

Share this post


Link to post
In my opinion, the obfuscators I've tested (see de4dot supported obfuscators) are useless

 

you are really a smart guy :lol:

 

that's what we have trying to convince developers of for years now but why is it so hard to see that :lol:

 

open source FTW ;)

Share this post


Link to post

What I meant was even without de4dot, they offer no real protection. de4dot is proof of that. For a pure .NET obfuscator, it'll take me about 2 days to add complete unpacking and deobfuscation to de4dot. The only thing stopping me from doing it is that it's so boring. They all use pretty much the same tricks. In fact I did it two days ago, but I won't release it since no-one will have a use for it.

Share this post


Link to post

you remind me of an old good friend :)

Share this post


Link to post

Usefull post for me, and what about free/open source obfuscators? I usually use confuser into my little C# projects because it stops the average newbie, but not sure if Eazfuscator.NET is better.

Share this post


Link to post

Eazfuscator.NET's only strength is its string encryptor since it stops dynamic decryption (using a delegate to call the decryptor). But de4dot can still decrypt the strings.

 

If you want to protect your code, don't write it in any .NET language. :D

Edited by 0xd4d

Share this post


Link to post

I would say .Net Reactor is nice. But de4dot actually f**ked it badly and i don't use any more because public deobsfucator is available. I tried to use Confuser but the extra methods where it provides a little security is the Max presets extra features. Even the aggresive preset can be easily dumbed.

I still use Confuser with max preset for some appz.

 

Also, i would like to point out Rummage. I tried its trial version and string encryption was quite good: http://www.aldaray.com/Rummage Its also not much expensive.

Share this post


Link to post

I disagree. :) Rummage creates one class per string. Each class has one field where the string is stored. The string decrypter doesn't even protect against dynamic decryption. It has the best renamer, though. It's hard to tell which names are real and which ones are renamed. You're forced to rename everything or you'll get confused.

Edited by 0xd4d

Share this post


Link to post

Hehehe......

As a obfuscator author, I will said, "CONFUSER IS THE BEST!!!!!!' wink.gif

As a reverser, I will said:

 

Every obfuscator has its weakness,

.NET Reactor is quite good if packed with native, but once unpacked, it is easy to deobfuscate.

SmartAssembly is quite good...in marketing :P. As a result...too famous, too many people interested in it

Eazfuscator: Best in the field of free obfuscator, still, the same protection techniques...

Rummage: I LOVE their renaming -.-

Dotfuscator: Totally agree. No use at all. Well, the only good is it's stable and shipped with VS.

 

The most important common problem is, most of the techniques are the same.

Renaming, Control Flow, Resource/String Encrypt, Reference Proxy, or even JIT hooking, .NET internal exploit.......

If the they want to be a true obfuscator, they must work hard...on developing new protection.smile.gif

Share this post


Link to post

From what iv'e seen and tried: DNGuard HVM is pretty tough for me anyway.

 

You really can't find any of the latest versions cracked out there.

 

Everything can be cracked, but this ranks pretty high. Not talking about the trial version, but the full version.

 

Also from what I have seen de4dot cannot Deobfusicate and DNGuard EXE's. Correct me if I am wrong.

Edited by Future

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...