Developing of RIA is always consist of deploying. You are uploading your XAP file to the server and adding the Silverlight object to your page mark-up. Other users always can see where is XAP-file placed. But don’t be afraid about your user code because now you can obfuscate it.
Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. There are a lot of obfuscators: for Java, for C#, J#, VB.NET and MC++. All of the transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanism. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit is modified to hide its functionality.
Lets look at the sample:
private void ResetLevel(); private void ShieldActive(bool isActive); private void ucExplosion1_Exploded(ucExplosion source); private void ucMainGame_KeyDown(object sender, KeyEventArgs e); private void ucMainGame_KeyUp(object sender, KeyEventArgs e);
After obfuscation:
private void ?(ucExplosion ?); private void ?(bool ?); private void ?(); private void ?(object ?, KeyEventArgs ?); private void ?(object ?, KeyEventArgs ?);
All names are hidden and the sequence of methods is changed also. This code is very hard to read.
At this state there are few obfuscators which can used for Silverlight platform:
- Babel.NET
- .NET Reactor
- DeepSea
- {smartassembly}
- Spices.Net
- Dotfuscator for .NET
- Crypto obfuscator
- Eazfuscator.NET
- CodeFort .NET & Silverlight Obfuscator
- ComponentOne XapOptimizer
We will try to discover the abilities of each one.Babel.NET
From the start, it was a free obfuscator but now it commercial. You can get free version, but will include only renaming and simple encryption. To work with Silverlight XAP-files they suggest to buy Professional version.
Price: 149$
Website: http://www.babelfor.net/
.NET Reactor
.NET Reactor is a powerful code protection and software licensing system for software written for the .NET Framework, and supports all languages that generate .NET assemblies. It offers you an easy and reliable way to: Secure your .NET applications and .NET libraries, Replace CIL code with native code, Perform additional layers of protection, including obfuscation,Merge assemblies, and Protect your revenue by enforcing trial version restrictions and full version licensing terms.
Silverlight supported versions: 2.0/3.0/4.0. It’s one of the best commercial obfuscators for .NET.
Price: 179$
Website: http://www.babelfor.net/
DeepSea Obfuscator
It’s one of the best also. In addition, it provides Windows Phone 7 support and anti-decompiler tool. DeepSea Obfuscator makes hacking your code a lot more difficult by renaming all type and member names found in the XAML stream. For the reasonable price. Price: 199$ Website: http://www.deepseaobfuscator.comSmartAssembly
SmartAssembly is a software protection and improvement tool designed to help .NET developers to produce better quality software. This all-round solution will obfuscate and protect your .NET code, optimize your .NET assemblies for better deployment, minimize distribution size, increase performance, and add powerful error-reporting and debugging capabilities to your application.
.NET obfuscator is part of Smart package. That’s why the price is so high. In addition, you will get Automated error reporting to see the most common bugs your end-users come across and improve the quality of your program. XAP-files are supported also.
Price: 795$
Website: http://www.red-gate.com/products/smartassembly/index.htm
Spices.Net
Spices.Net Obfuscator is a .Net code obfuscation, protection and optimization tool that offers the wide range of technologies to completely protect your .Net code and secure your data. Spices.Net Obfuscator rebuilds your .Net assemblies to the new format that is impossible to disassemble, decompile, impossible to understand.
Spices.Net Obfuscator is part of Spices.Net and offered as Visual Studio Integrated package (Spices.VSIP.Obfuscator), standalone GUI program and as console edition.
There is not enough information in official page but in forums there are some tips to use console for obfuscation.
Price: 399$
Website: http://www.9rays.net/Category/55-spicesnet-obfuscator.aspx
Dotfuscator for .NET
Dotfuscator is a .NET Obfuscator that helps protect programs against reverse engineering while making them smaller and more efficient. With XAML Obfuscation, developers can protect Intellectual Property and prevent tampering by renaming XAML resources, trim and compress Silverlight assemblies to optimize load time and performance, and automatically re-sign assemblies. Developers can fully obfuscate and instrument Silverlight XAP files resulting in a streamlined automated build process. Dotfuscator CE is a .NET obfuscator included with every Professional or higher version of Visual Studio since 2003.
Price: by request
Website: http://www.preemptive.com/products/dotfuscator/overview
Crypto obfuscator
Crypto Obfuscator uses advanced code protection and obfuscation techniques to prevent hackers, crackers or competitors from reverse-engineering, decompiling or disassembling your assemblies. Can integrate all dependant assemblies and any additional assemblies into a single main assembly. It can also encrypt and compress them to improve protection and reduce the size of your deployment.
You will have advanced overload renaming, method call hiding, string encryption, control flow obfuscation, ILDASM protection , Anti-Reflection Protection and many more. Silverlight support is provided in Professional version.
Price: 299$Eazfuscator.NET
Eazfuscator.NET is a free obfuscator for .NET platform. The main purpose of obfuscator is to protect intellectual property of the software. At last… First free obfuscator. Has simple functions and GUI. Supports Silverlight assemblies and XAP packages.
Website: http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspxCodeFort .NET & Silverlight Obfuscator
CodeFort is an advanced obfuscator and protection tool for Microsoft .NET and Silverlight applications. He has unique protection features that you won’t find in any other protection product. In the past, when obfuscating an application that relied on XAML code, you needed to manually exclude the members and types that were referenced by the XAML code.
Codefort introduces XAML and BAML obfuscation, which is able to rename references directly in the XAML and BAML code, thus increasing the percentage of members and types that can be obfuscated to nearly 100%. Free version provides only demo obfuscation. To use it fully you will need to buy a Professional version.
Price: 199$
Website: http://codefort.org/
ComponentOne XapOptimizer
Tool from the big ComponentOne company. Famous by its developers tools and controls. It provides simple obfuscation by choosing specific resource. Mainly it’s an optimizing solution, so the variety of obfuscating techniques isn’t big. Renaming of the fields and classes is all that you will get with this tool.
Price: 800$
Website: http://www.componentone.com/SuperProducts/XapOptimizer/
Before purchasing think about what kind of protection do you need in application. And don’t forget about the budget. High security for 2 classes isn’t worth it.