.NET programs are easy to reverse engineer. Since .NET applications compile to MSIL (Microsoft Intermediate Language), they contain method and variable names that decompilers can easily convert back into source code.
This exposure allows attackers to use freely available decompilers to view your application's source code. This exposes sensitive information like software licensing code, copy protection mechanisms, and proprietary business logic. Anyone can examine your software for security flaws to exploit, unique ideas to steal, or features to crack.
Fortunately, this isn't your only option. Obfuscation seamlessly renames symbols in assemblies and uses other tricks to foil decompilers. Properly applying obfuscation increases your protection against decompilation significantly while leaving your application intact.
When an obfuscator works on readable program instructions, it confuses human interpreters and breaks the decompilers they use. While your executable logic is preserved, the reverse semantics become non-deterministic. As a result, attempts to reverse-engineer the instructions fail because the translation is ambiguous. Deep obfuscation creates countless decompilation possibilities. Some of these possibilities produce incorrect logic if you try to recompile them. The decompiler can't determine which possibility has valid semantics. An obfuscator that confuses a decompiler poses an even greater deterrent to a human trying the same task.
You can add layers of protection beyond obfuscation. These include Checks, which actively detect possible attacks (such as tampering, debugging, or running on rooted devices). Checks can respond with predefined behaviors or with custom logic. All these protections work together to make your application extremely difficult to reverse-engineer or modify.
Post-Compile Protection
Dotfuscator is a "post-compile" tool. It protects the .NET assemblies (.dll and .exe files) you've already compiled. Your development environment and tools don't change to accommodate protection, and Dotfuscator never alters or even reads your source code.
Protected assemblies are functionally equivalent to traditional assemblies (except where you intentionally change them) and execute on the Common Language Runtime (CLR) with identical results.
The following illustration shows the flow of a typical build process with and without Dotfuscator:
Dotfuscator takes your compiled assemblies as input, performs protection based on your configuration settings, and generates protected versions of those assemblies as output.
Getting Started
To begin using Dotfuscator Professional, install it on your development machine.
The installation method depends on your operating system:
- For Windows, use the Windows Installer (
.msi). - For macOS and Linux, use the NuGet package.
Next, see Protect Your App.
Before Releasing the Protected App
Review the Release Checklist before releasing your protected app or library. This list gathers all the topics you should consider as part of releasing your protected software.