Jump to content


Photo

Best and worst obfuscators of 2011


11 replies to this topic

#1 0xd4d

0xd4d

    Greatest Member

  • VIP
  • PipPipPipPipPip
  • 555 posts
  • Gender:Not Telling
  • Team:-

Posted 30 December 2011 - 09:07 AM

Let's list the best and worst .NET obfuscators of 2011 in this thread.

There's maybe 20+ .NET obfuscators that are still developed and only a few of those are used by anyone other than the creator of that obfuscator.

I'll only list the ones I know enough about. There are others I haven't tried that may or may not be better than the ones listed below.

The top 10 list of the best .NET obfuscators of 2011, according to me:

1. .NET Reactor 4.4
It has decent protection against unpacking and source code stealing. I'll give it 3/10 points.

2. SmartAssembly 6.5
I think this one is the most popular .NET obfuscator. It's easy to use and comes with the absolute minimum standard obfuscation features. I'll give it 2/10 points.

I'll stop here. It was a short top 10 list. :)

Worth mentioning:
- Best string encryptor: Eazfuscator.NET

And the winner of the absolute, without a doubt, the worst obfuscator of 2011 is:

Dotfuscator

It'll set you back $2,000-$4,000 (US dollars). All it does is rename symbols, simple string encryption, and simple control flow obfuscation. YAY! You bought it? You're a fucking idiot.
  • 3

#2 Kurapica

Kurapica

    Experience Member

  • B@S Team
  • PipPipPipPipPipPip
  • 2,608 posts
  • Gender:Male
  • Location:Archives
  • Team:Black Storm

Posted 30 December 2011 - 10:27 AM

I also agree that Dotfuscator is the worst when it comes to features and value.

the best 2 players at the moment are as you mentioned, SmartAssembly and .NET Reactor, they were enough to

keep most lamers away in the past but not any more :D

I also find Themida.NET somehow good when it comes to anti-dumping but there is no Obfuscation applied.

I'm kinda interested in seeing this protection sometime : http://www.arxan.com...ardIt/index.php

still no samples !

The biggest loser is CodeVeil of course, slow, incompatible and sometimes detected as a virus ! also damn expensive.
  • 0

#3 0xd4d

0xd4d

    Greatest Member

  • VIP
  • PipPipPipPipPip
  • 555 posts
  • Gender:Not Telling
  • Team:-

Posted 30 December 2011 - 11:54 AM

Never heard of Arxan GuardIT before. :) No price mentioned, so it's most certainly very expensive. Seems like it only offers simple obfuscation like Dotfuscator, though.

I tried CodeVeil once (the 4.x demo version) but found no option to enable control flow obfuscation. :) Apparently it doesn't support it.

In my opinion, the obfuscators I've tested (see de4dot supported obfuscators) are useless. They protect almost nothing. de4dot is proof of how easy it is to revert back almost everything. They'll have to come up with something really clever to stop deobfuscation. It'll be hard due to the rich .NET metadata.

And speaking of slow obfuscators, Goliath .NET has a feature to turn some methods into some byte code and execute it in a VM. But nobody uses that obfuscator. :)

Edited by 0xd4d, 30 December 2011 - 12:00 PM.

  • 0

#4 Kurapica

Kurapica

    Experience Member

  • B@S Team
  • PipPipPipPipPipPip
  • 2,608 posts
  • Gender:Male
  • Location:Archives
  • Team:Black Storm

Posted 30 December 2011 - 12:25 PM

In my opinion, the obfuscators I've tested (see de4dot supported obfuscators) are useless


you are really a smart guy :lol:

that's what we have trying to convince developers of for years now but why is it so hard to see that :lol:

open source FTW ;)
  • 0

#5 0xd4d

0xd4d

    Greatest Member

  • VIP
  • PipPipPipPipPip
  • 555 posts
  • Gender:Not Telling
  • Team:-

Posted 30 December 2011 - 01:18 PM

What I meant was even without de4dot, they offer no real protection. de4dot is proof of that. For a pure .NET obfuscator, it'll take me about 2 days to add complete unpacking and deobfuscation to de4dot. The only thing stopping me from doing it is that it's so boring. They all use pretty much the same tricks. In fact I did it two days ago, but I won't release it since no-one will have a use for it.
  • 0

#6 Kurapica

Kurapica

    Experience Member

  • B@S Team
  • PipPipPipPipPipPip
  • 2,608 posts
  • Gender:Male
  • Location:Archives
  • Team:Black Storm

Posted 30 December 2011 - 04:01 PM

you remind me of an old good friend :)
  • 0

#7 Zeokat

Zeokat

    Member

  • Members
  • PipPip
  • 49 posts
  • Gender:Male
  • Location:Rotating Blue Ship
  • Interests:Your girlfriend
  • Team:None

Posted 30 December 2011 - 10:18 PM

Usefull post for me, and what about free/open source obfuscators? I usually use confuser into my little C# projects because it stops the average newbie, but not sure if Eazfuscator.NET is better.
  • 0

#8 0xd4d

0xd4d

    Greatest Member

  • VIP
  • PipPipPipPipPip
  • 555 posts
  • Gender:Not Telling
  • Team:-

Posted 31 December 2011 - 03:05 AM

Eazfuscator.NET's only strength is its string encryptor since it stops dynamic decryption (using a delegate to call the decryptor). But de4dot can still decrypt the strings.

If you want to protect your code, don't write it in any .NET language. :D

Edited by 0xd4d, 31 December 2011 - 03:08 AM.

  • 0

#9 Soft2050

Soft2050

    Junior

  • Junior
  • Pip
  • 1 posts
  • Team:-----------------------

Posted 31 December 2011 - 09:36 AM

I would say .Net Reactor is nice. But de4dot actually f**ked it badly and i don't use any more because public deobsfucator is available. I tried to use Confuser but the extra methods where it provides a little security is the Max presets extra features. Even the aggresive preset can be easily dumbed.
I still use Confuser with max preset for some appz.

Also, i would like to point out Rummage. I tried its trial version and string encryption was quite good: http://www.aldaray.com/Rummage Its also not much expensive.
  • 0

#10 0xd4d

0xd4d

    Greatest Member

  • VIP
  • PipPipPipPipPip
  • 555 posts
  • Gender:Not Telling
  • Team:-

Posted 31 December 2011 - 12:21 PM

I disagree. :) Rummage creates one class per string. Each class has one field where the string is stored. The string decrypter doesn't even protect against dynamic decryption. It has the best renamer, though. It's hard to tell which names are real and which ones are renamed. You're forced to rename everything or you'll get confused.

Edited by 0xd4d, 31 December 2011 - 12:24 PM.

  • 0

#11 yck1509

yck1509

    Fish

  • B@S Team
  • PipPipPipPip
  • 274 posts
  • Gender:Male
  • Location:There
  • Team:This

Posted 01 January 2012 - 10:37 AM

Hehehe......
As a obfuscator author, I will said, "CONFUSER IS THE BEST!!!!!!' Posted Image
As a reverser, I will said:

Every obfuscator has its weakness,
.NET Reactor is quite good if packed with native, but once unpacked, it is easy to deobfuscate.
SmartAssembly is quite good...in marketing :P. As a result...too famous, too many people interested in it
Eazfuscator: Best in the field of free obfuscator, still, the same protection techniques...
Rummage: I LOVE their renaming -.-
Dotfuscator: Totally agree. No use at all. Well, the only good is it's stable and shipped with VS.

The most important common problem is, most of the techniques are the same.
Renaming, Control Flow, Resource/String Encrypt, Reference Proxy, or even JIT hooking, .NET internal exploit.......
If the they want to be a true obfuscator, they must work hard...on developing new protection.Posted Image
  • 0

#12 Future

Future

    Junior

  • Junior
  • Pip
  • 1 posts
  • Team:Team Bionic

Posted 03 January 2012 - 12:04 PM

From what iv'e seen and tried: DNGuard HVM is pretty tough for me anyway.

You really can't find any of the latest versions cracked out there.

Everything can be cracked, but this ranks pretty high. Not talking about the trial version, but the full version.

Also from what I have seen de4dot cannot Deobfusicate and DNGuard EXE's. Correct me if I am wrong.

Edited by Future, 03 January 2012 - 12:07 PM.

  • 0



Reply to this topic



  


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users