Hello! We are caring experiments with several obfuscators. We want to protect our source code from using once more with somebody else. Our main task is to make exe (or dll) analysis for getting original source code structure as complicated as possible. In other words it must be easier to develop application on your own, than to use our sources restored from exe (or dll). At the moment we are testing SmartAssembly 6. We deobfuscate result exe and dll with de4dot. The result is evaluated in Reflector. Thereby we have several questions (It is implicated that analyzed exe (or dll) was obfuscated with SmartAssembly).
Questions:
Is there any method (deobfuscation, process dumping, debugging etc) to recover sources of internal and private functions (which are not called from public functions) without extensive and long work (I mean long time spent on recovering process)? If it is possible - please specify the method.
The same questions about internal and private function parameter names and local variable names.
Which obfuscator (protector etc) you think we should use instead of SmartAssembly to achieve our goals as best as possible (with license cost less than 200$)?
Several observations from our experiments:
De4dot does not recover local var names after SmartAssembly (just renames basing on var types to facilitate the analysis http://prntscr.com/78puxr ). But public function code structure and parameter names are recovered pretty good.
internal and private functions was not found with Reflector in De4dot recovered file http://prntscr.com/78pvh4 . Besides, their source cannot be found even if public functions is called from them (I mean from internal or private function source) http://prntscr.com/78pxcf .
However if private function is called by public one, it can be found with Reflector and its structure is easily recognized http://prntscr.com/78q5pm
I don’t have very much experience obfuscating code as I’ve never really needed to, but I recommend ConfuserEx.
Of course, as you should know there is no amount of protection that can stop even the most determined attacker for all .NET code, but this will stop the majority of “code peekers”.
However you choose make sure nobody can get an original unobfuscated code, if that happens it may kill a game (if it is a game)
For example there is a game called edgeworld…which was very successful initially however due to people modifying their units attributes via a hex editor by using an unobfuscated code from beta the game basically died and only has for lack of a better term hackers.
So do not share any code with any testers or anyone who does not require it.
Why would you need the games source to hex edit attributes? We do that for a lot of games without the code.
Every heard of Cheatengine for PC? You’re editing in-game values on the fly and we don’t have the source code. What do you think Horizon does?
I think you’re confused or leaving out major details in your story.
In order to mod this particular game called edgeworld one needed to download the current spacecon.swf file after every update
this file was obfuscated so it was difficult to know what to change but there where certain strings of code which would never be changed in the swf, so using the original unobfuscated swf you could see which parts of the code you would wish to edit and how they correspond to the parts which would never be changed.
for example
0A 0B 0A 0B A0 0B 0B
0A 0A 0A 0B 0B 0B 0B
If the first line in red never changes
and the second line in green is an attribut of say a tank (damage/hp etc)
we would open the new file and search for the line in red and edit the line below it to what would always be 9999999999999 of the particular stat we want maxxed.
we could never have searched for the line in green as it changes with each update but this allows us to find it as we where able to read from the original swf that the line below the line in green is the attribute we are looking for.
That .swf isn’t the games source code though. Also 99999999 should never be your max, depending on the type of integer it could put you in the negative. Either way the file has nothing to do with the games source code, you’re getting two different things confused my man.