How good is Dotfuscator Community Edition? What is "good enough obfuscator"? [closed]

.net obfuscation piracy-prevention piracy dotfuscator

In a nutshell, the main difference between Dotfuscator Community Edition and the other "professional" editions is that Community Edition will only really obfuscate and change your namespaces, method names, and other "public" accessible aspects of your classes. It won't delve into the functions themselves and obfuscate the "private" code within the function.

Also, the Community Edition doesn't do anything to obfuscate such things as control flow within your application, nor will it "combine" code from multiple assemblies into one assembly. These are features that are available within the "professional" paid-for versions.

The best comparison between the Community Edition (the "free" version that comes with Visual Studio) and the "professional", paid-for editions can be found by looking at the following two links:

Preemptive Dotfuscator Editions Comparison

Dotfuscator Community Edition 3.0 on MSDN

The MSDN link is slightly out of date, however, gives a much better explanation of the actual features that are available within the various editions of Dotfuscator.

EDIT:

Commercial obfuscators do cost a lot of money, and as to wether they are worth the money? Well, that's a judgement call that really only you can make. Personally, I would say that it isn't worth it in your scenario. Firstly, because you're only wanting to protect one application ("I plan to release one small, low priced utility.") and secondly, you say that you're not overly concerned with the application being "cracked" ("I'm not very afraid of my application being cracked.").

I understand how it can bug you that compiled .NET applications, without any obfuscation, can be easily reverse engineered to their original source code, and that someone may make use of this to steal your software and sell it as their own, however, the fact remains that software piracy does exist and you will probably never stop it.

Trying to stop software piracy has been debated ad-nausem both on here (Stack Overflow) and all over the internet.

The general consensus seems to be that you need to focus your time and energies more on making your product as great as it can be rather than using this same time trying to protect something that, given enough time/money, an "attacker" can "crack"/steal your software anyway, despite your best efforts to prevent him from doing so.

Does this happens a lot?

I would say that it probably happens a lot less than you think it does. Sure, software gets cracked, but I don't think too many people actually steal other's source code and completely re-brand it to sell as their own. I'm not saying it doesn't, or hasn't happened, but it's certainly not a common occurrence.

To summarise, I'd say that your best bet would be to focus on making your utility as great as it can be and use the free Dotfuscator obfuscator, since it requires very little investment of time/money, to obfuscate your code from the most obvious prying eyes, but don't lose any sleep over the fact that if someone wants to crack/steal your product/code badly enough, they will do.


I think Dotfuscator Community Edition shipped with Visual Studio is quite a naive solution. It provides only symbol renaming and does not obfuscate control flow at all. And if someone decides to stole your code it will only need to refactor back all names, which is quite easy with small amount of classes.

Also you can rely on not so perfect decompilation provided by Reflector (it usually messes switch blocks, makes lots of gotos, mismatch if-else blocks, etc.).

But I suggest you try Eziriz .NET Reactor. It costs only $179 (AFAIK best price/features ratio). It provides standard obfuscation techniques such as symbol renaming, string encryption, control flow obfuscation. As a good bonus it creates native launcher for you app, which will contain your main assembly and all third party references encrypted and loaded on demand. Plus it provides some licensing capabilities.

Anyway reversing .NET application is not so hard, I did it for fun and can say that it's only matter of time and money (and of course common sense) how fast your application will be cracked or reversed.

Related

Is there a jQuery stand-alone Ajax module?
How is the performance of Groovy compared with Java?
HTML5 Boilerplate vs Twitter Bootstrap with JQuery and JQueryUI [closed]
Get username field in Facebook Graph API 2.0
What's a react.js-friendly way to animate a list-reordering?
Pandas: Modify a particular level of Multiindex
What's the difference between GNU99 and C99 (Clang)?
PostgreSQL server wouldn't shutdown on Lion (Mac OS 10.7)
If an Exception happens within a using statement does the object still get disposed?
Defining JavaScript variables inside if-statements
Could not find a version that satisfies the requirement pytz
How to forcibly keep a Node.js process from terminating?