Last Updated on 2013-05-08.
UPDATE: Please have a look at the additional notes at the bottom!
With Dotfuscator, coming with Visual Studio Professional, you can protect your code against reverse-engineering (i.e. at least make it very hard to read).
But, if you are using Visual Studio Setup project to publish your application, it does not make sense to obfuscate the end Setup.exe or .msi file – you have to do it before creating the setup file.
To achieve this, follow the steps of this blog or use my summary:
Register at the Dotfuscator website and download the command-line update for Dotfuscator.
For every project in your solution, go to properties -> build events and add this code as “post build event”:
“C:Program Files (x86)Microsoft Visual Studio 10.0PreEmptive SolutionsDotfuscator Community EditiondotfuscatorCLI.exe” /in:$(TargetFileName)
copy /y “$(TargetDir)Dotfuscated$(TargetFileName)” “$(TargetDir)$(TargetFileName)”
Then build your project and you get your obfuscated solution as Setup file.
The same tutorial should work for Visual Studio 2012 too.
Delete the post build code after processing. Otherwise you will have problems with debugging your application in the future. You can also use the code below, the code is only obfuscated when running Release mode.
Alternative code:
if $(ConfigurationName)==Release (
cd “$(ProjectDir)$(IntermediateOutputPath)”
For /f “tokens=*” %%a in (‘dir /b *.exe *.dll’) do “C:Program Files (x86)Microsoft Visual Studio 10.0PreEmptive SolutionsDotfuscator Community EditiondotfuscatorCLI.exe” /in:%%a
del Dotfuscatedmap*.xml
copy /y Dotfuscated*.*
rmdir /s /q Dotfuscated
) else (
echo “do something”
)
IMPORTANT UPDATE: Use alternatives
Testing the obfuscated files with this free Obfuscation Checker, you will see the generated Dotfuscator code has very few differences to the original code, i.e. it does not make much sense to obfuscate your code with the Dotfuscator Community Edition.
After testing some other free obfuscation tools, I can recommend these ones:
Confuser: You can configure your settings via GUI, save them and execute them via command-line (and also via Visual Studio Post Build event):
if $(ConfigurationName)==Release (
cd “$(TargetDir)”
“c:path_to_confuser Releaseconfuser.console.exe” “$(SolutionDir)confuserSettings.crproj”
copy /y Confused*.*
rmdir /s /q Confused
) else (
echo “not in release mode, not obfuscating”
)
It makes string variable content etc. fully unreadable.
Eazfuscator.Net: Installable via Nuget Package Manager for Visual Studio. The download site and this common Nuget tutorial show how it works.
If it is not activated automatically, you can either manually start the application by running the executable file in [your-project-dir]packageseazfuscator….tools. Or put this code in your project post-build:
if /I “$(ConfigurationName)” == “Release” Eazfuscator.NET.exe “$(TargetPath)” –msbuild-project-path “$(ProjectPath)” –msbuild-project-configuration “$(ConfigurationName)” –msbuild-project-platform “$(PlatformName)” –msbuild-solution-path “$(SolutionPath)” -n –newline-flush -v 3.3
I would also recommend to use strong names in your application, which is quite simple – this tutorial shows it.
Hi,I’ve tried your code for confuserEx in VS 2013/2012:
If $(ConfigurationName)==Release (
cd $(TargetDir)
c:\Confuser\Confuser.CLI.exe $(ProjectDir)confuserSettings.crproj
copy /y Confused\*.*
rmdir /s /q Confused
)
but these 2 lines
copy /y Confused\*.*
rmdir /s /q Confused
create an error:
An unhandled exception of type ‘System.ExecutionEngineException’ occurred in WindowsApplication1
without them,no error and I can found confused folder and obfuscated file inside,but vs doesn’t use it
any fix?
thanks