Jump to content
Tuts 4 You

Request - Obfuscator

Lexity

By Lexity
in Software Security

Recommended Posts

3dsboy08

3dsboy08

Posted
Posted

Really depends on what you want.

First things first - "free" obfuscators for .NET don't do protection very well. At best they just rename the classes of your assembly, at worst they do absolutely nothing at all.

When it comes to paid obfuscators, here is your options - they are bound to change as protection schemes get cracked and patched.

Low End: .NETGuard is most likely your best option if you want low price protection. It does quite a nice job - when it actually works. It has a lot of issues with program compatibility & certain features not working on certain PCs, but the devs are still working on it. 
Medium End:  ILProtector is quite good to stop script kiddies from reversing your assemblies, but recent unpackers (such as my own) have made it less worthwhile. Babel.NET's obfuscator also looks quite promising for about the same price.
High End: Eazfuscator.NET is the obvious choice here. Its managed virtualization is the best on the market (as of now), and is quite difficult to deobfuscate. It also has extremely easy integration with VS and it works on almost any assembly. The only problem is that its control flow obfuscation is absolute shit and its string encryption has been broken by de4dot. I have also heard of an obfuscator named DNGuard HVM, which has a native VM obfuscation - but it is insanely expensive.

There is also a few obfuscators which I recommend for you to avoid - here is the list:

SmartAssembly - Its protection is complete crap (unpackable by de4dot) and is also more expensive then EAZ. Don't waste your money.
.NET Reactor - Latest version is fully broken by de4dot. The project does not seem all too active also.
Agile.NET - Another super expensive obfuscator that has been cracked by de4dot & is inactive. If you are going to be spending this amount of money, you are better off buying DNGuard.
CryptoObfuscator - Completely broken by de4dot & inactive. 
Appfuscator - As of now a unpacker exists for this, but it might change at some point. Right now I suggest you to avoid until they patch their protection. 

Of course, all of these schemes are bound to be cracked at some point. The best protection is always to make it yourself. Custom protection is always the hardest and annoying to crack, as a cracker has no idea how the scheme works and must figure that out at their own peril.

  • Like 5
Link to comment
Lexity

Lexity

Posted
  • Author
Posted
7 hours ago, 3dsboy08 said:

Really depends on what you want.

First things first - "free" obfuscators for .NET don't do protection very well. At best they just rename the classes of your assembly, at worst they do absolutely nothing at all.

When it comes to paid obfuscators, here is your options - they are bound to change as protection schemes get cracked and patched.

Low End: .NETGuard is most likely your best option if you want low price protection. It does quite a nice job - when it actually works. It has a lot of issues with program compatibility & certain features not working on certain PCs, but the devs are still working on it. 
Medium End:  ILProtector is quite good to stop script kiddies from reversing your assemblies, but recent unpackers (such as my own) have made it less worthwhile. Babel.NET's obfuscator also looks quite promising for about the same price.
High End: Eazfuscator.NET is the obvious choice here. Its managed virtualization is the best on the market (as of now), and is quite difficult to deobfuscate. It also has extremely easy integration with VS and it works on almost any assembly. The only problem is that its control flow obfuscation is absolute shit and its string encryption has been broken by de4dot. I have also heard of an obfuscator named DNGuard HVM, which has a native VM obfuscation - but it is insanely expensive.

There is also a few obfuscators which I recommend for you to avoid - here is the list:

SmartAssembly - Its protection is complete crap (unpackable by de4dot) and is also more expensive then EAZ. Don't waste your money.
.NET Reactor - Latest version is fully broken by de4dot. The project does not seem all too active also.
Agile.NET - Another super expensive obfuscator that has been cracked by de4dot & is inactive. If you are going to be spending this amount of money, you are better off buying DNGuard.
CryptoObfuscator - Completely broken by de4dot & inactive. 
Appfuscator - As of now a unpacker exists for this, but it might change at some point. Right now I suggest you to avoid until they patch their protection. 

Of course, all of these schemes are bound to be cracked at some point. The best protection is always to make it yourself. Custom protection is always the hardest and annoying to crack, as a cracker has no idea how the scheme works and must figure that out at their own peril.

Damn 3ds your responses are always good <3

Link to comment
3dsboy08

3dsboy08

Posted
Posted
3 hours ago, Perplex said:

Eazfuscator with all protections easily defeated, You can try it.

The difficult part is the virtualization - which I have not defeated yet. The other protections aren't the greatest though, but the compatibility is amazing.

Link to comment
MindSystem

MindSystem

Posted
Posted
26 minutes ago, 3dsboy08 said:

The difficult part is the virtualization - which I have not defeated yet. The other protections aren't the greatest though, but the compatibility is amazing.

Virtualization is getting me crazy. I'm trying to update an avaible tool but it seems to be more difficult that I thought 

Link to comment
Perplex

Perplex

Posted
Posted
12 hours ago, MindSystem said:

Virtualization is getting me crazy. I'm trying to update an avaible tool but it seems to be more difficult that I thought 

It's not hard to update, With a debug tracing all Opcodes handler can be found.

Link to comment
cawk

cawk

Posted
Posted
1 minute ago, Perplex said:

It's not hard to update, With a debug tracing all Opcodes handler can be found.

Yet it's not just opcode handlers that need updating.....

Link to comment
  • 3 months later...
cawk

cawk

Posted
Posted
On 2/8/2018 at 4:14 AM, JustinOOO said:

Thoughts on paid EazFuscator + paid Themida on top?
Figure that's better than what I'm currently using. (Cracked .NET Reactor + paid VMP)

eazfuscator vm is extremely good!

however putting a native packer ontop of it will deter people who do not know what they are doing but a simple dump with megadumper will remove the native packer

Link to comment
  • 1 month later...
JustinOOO

JustinOOO

Posted
Posted
On 2/14/2018 at 11:09 AM, cawk said:

eazfuscator vm is extremely good!

however putting a native packer ontop of it will deter people who do not know what they are doing but a simple dump with megadumper will remove the native packer

Yeah I did some testing and it's working fine.

Not using it for a paid program anyway, but the kids involved in the scene this software is related to are pretty clueless.

They haven't had much luck reversing anything I've packed either.

Link to comment
  • 2 months later...
ChaoticKMS

ChaoticKMS

Posted
Posted
On 3/27/2018 at 2:26 AM, JustinOOO said:

Yeah I did some testing and it's working fine.

Not using it for a paid program anyway, but the kids involved in the scene this software is related to are pretty clueless.

They haven't had much luck reversing anything I've packed either.

cs scene clueless?!?!?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...