4

What do you think about renaming all my classes, properties, methods, etc to stuff like _, __ or ___? How close would this be to what a C# obfuscator (like Dotfuscator or Eazfuscator) would do to my app, and, what else could I manually do (on a reasonable amount of time) to make my code as obfuscated as possible? The reason why I want to do this is because an obfuscator will mess up my data binding and because they don't obfuscate apps published with ClickOnce (unless I do some expert stuff with manifests and other stuff that I don't know how to do and that nobody seems to really know for sure if it always work).

Improve this question
7
  • 1
    I think it seems like a heck of a lot of work. Commented Nov 24, 2010 at 4:34
  • 2
    There are quite a few obfuscators out there. Are you sure none of them meet your needs? Manually obfuscating is very error-prone... Commented Nov 24, 2010 at 4:34
  • 1
    I pity the dev that will be maintaining such a monstrosity. It will surely make a great article on theDailyWTF.com some time. Commented Nov 24, 2010 at 4:40
  • sounds like it'd be a very mean "going away present" from someone that just got fired :) Commented Nov 24, 2010 at 5:02
  • 1
    Fix it on the non obfuscated version and obfuscate again. I can probably make a macro for this. I don't publish (and obfuscate) my app that often. Commented Nov 24, 2010 at 5:17

5 Answers 5

Reset to default
2

You should obfuscate your application. To avoid any data binding errors a number of Obfuscators now provide silverlight / wpf obfuscation defaults that will help you avoid those errors. After obfuscation you can make a clickonce installer using mage.exe
http://msdn.microsoft.com/en-us/library/xc3tc5xx.aspx
Seriously DO NOT do the renaming. You are making your life more difficult. In fact as difficult as they guy you don't want stealing your code.
Its just one bat file to make the clickonce after a build.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

A simple setting to disable class / method name renaming would do the trick. The obfuscator will still: obfuscate the code inside the methods. There are also settings (e.g wrapping in a native Executable ) that will make your code not openable in reflector (which is the primary tool used by prying eyes).
I just want to call out that the commercial version of Dotfuscator will obfuscate your ClickOnce applications easily (and has for over a year). It integrates reading, parsing and rewriting the required ClickOnce manifests without requiring you to drop back to post build steps and mage. You can get a free trial and try it out for yourself.
Awesomeness. Did not know that. +1 for you :)
2

Here's an odd idea for you. I assume your development environment supports refactoring, and renaming variables is certainly a popular refactoring operation. See whether you can script that. If you can't, consider something like AutoIt. See where this is headed? Express your renaming in term of refactoring operations, script them and make this into a pre-compile step.

That way you can keep your sources unobfuscated, yet do all the obfuscation operations that you want, and that you know will work.

Improve this answer

1 Comment

Yea that's kinda what I had in mind. No need to freak out (@guys commenting on my question ;)). But my question really is not how to do it but how close to what a real obfuscator does would the result be.
2

The reason why I want to do this is because an obfuscator will mess up my data binding

I don't know how your data-binding works, but if you're hard-coding property names as string in your C# source-code then I'd replace the hard-coded strings with lamdas to identify the property. This is more refactoring friendly too.

Get property name inside setter

Improve this answer

Comments

1

Is it absolutely necessary to support ClickOnce? There are other ways to distribute an application. Consider compiling the code, using the obfuscator of your choice, and then building an installer using something like Inno Setup.

I strongly recommend you do not rename stuff in the code directly. If you must follow this path, try making a copy of the project (once in its final state), opening the copy in your IDE, and using refactoring tools to rename classes, variables, and methods. If you do not make a copy, your code will be very difficult to change later.

Improve this answer

Comments

0

The free version of Babel.NET worked pretty well for me, it obfuscated the internal code of the functions and renamed all the private and internal classes and members. We use reflection, serialization and data binding and it didn't mess with any of those.
It also supports integration with MSBuild which I believe would help to deal with the posterior ClickOnce generation.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.