C# Programming > Reading

Protect C# Code
Obfuscation

What is Code Obfuscation?

C# Code obfuscation means scrambling an application's source code while maintaining the original functionally of the program. The goal of obfuscation is to prevent people from stealing your program's source code. It is a way to protect the source code of C#.

Unfortunately C# programs (same with other .NET languages) can be very easily decompiled. There are many hobby and professional .NET decompilers on the internet. The worst part is they retrieve your entire program's source code, including variable, class, function names and structure. The only thing that hackers don't get are the comments!

How does Obfuscation Protect Source Code?

Luckily there are also many .NET obfuscators that help protect your C# source code. Most obfuscators take a compiled C# program and scramble the source code, eliminating method and variable names, without compromising performance, stability, or usability.

If you want to purchase a professional obfuscator, there are several key features to look for.

String Encryption

A feature now commonly found in obfuscators is string encryption. An obfuscator that not only changes variable and function names, but also encrypts literal strings can make a cracker's life a lot harder. Literal strings can give away the whole function of a section of code. Consider strings like "Activation Complete", "Thank you for Registering", etc. Making these strings obscure can increase the difficulty of cracking your software.

Control Flow

A control flow algorithm reworks the structure of your C# source code. By inserting redundancy calls, a cracker attempting to read your source code will find it difficult to understand the mixed bits and pieces of code. A good obfuscator can usually accomplish this with very small performance impact and minimal increase in filesize.

Extra Features

Those cover the essential features of a decent obfuscator. The following are additionally features that are very useful but are extra to the concept of obfuscation

Resource Encryption

Some commercial obfuscators not only give the option of protecting source code, but also protect internal resources. Files such as icons and images can be encrypted and used at runtime as normal. The performance impact is usually minimal unless resources are really something big.

Similarly look for an obfuscator that allows you to establish parts of the code to exclude. For example, Dotfuscator has trouble obfuscating applications with image resource files. However it gives the option to exclude the Resources section of source code from obfuscation, allowing even those .Net applications to be protected.

Linking

Linking is a feature that varies in different obfuscators. The most basic function is the ability to bind .NET exe and dll files together. Merging executable files with dependent libraries makes redistribution easier for small-scale applications and can help optimize source code.

However advanced obfuscators, like Xenocode PostBuild and Remotesoft Salamander can take linking farther, linking C# applications with dependent files from the .NET Framework. Thus C# applications can theoretically run on systems that do not have the .NET Framework installed.

A benefit of linking built-in .NET namespaces with a C# application is it allows for a deeper level of obfuscating. Instead of obfuscating only classes and variables written by you, it can also obfuscate .Net Framework classes.

Conclusion

Among the solutions that exist to protect C#.NET source code, obfuscation offers one of the simplest, most light-weight ways to do so. C# code obfuscation allows applications to run directly like they were meant to, decreases the chances of unforeseeable errors, and protects source code from prying eyes.

Back to C# Article List