Tuesday, August 14, 2012

Assemblies Embedding And Obfuscation With Eazfuscator.NET

We could use ILMerge to merge our .Net assemblies. However, instead of merging, we could also "embed" our assemblies (reference). In fact, there are many obfuscation tools in the market which not only obfuscate, but also help to merge/embed assemblies in a single build process.

Eazfuscator.NET is one of them which is easy to use and is free. If what you need is some level of protection to prevent reverse engineering of your code, as well as assembly merging and embedding (it supports both), this is a handy tool to use.

Update: Eazfuscator.NET went commercial and is no longer free starting from version 3.4.71 (released on 2012-06-22).

The following steps show you how to embed and obfuscate your assemblies using Eazfuscator.NET:
  • Disclaimer: This is only a guideline based on my commonly used scenario, you may want to refer the Eazfuscator.NET Documentation for more options and functionality.

1. Download and install Eazfuscator.NET (Close all opening Visual Studio before install).

2. Open your project in Visual Studio. You will see "Eazfuscator.NET Assistant" under the Visual Studio's main menu > "Tools". You can also access this from the Windows "Start" menu.

3. Drag and drop your main (StartUp) project from the Solution Explorer to the "Green" box. Now this project is set for obfuscation.
  • Note: Drag and drop the project to the "Red" box to disable the obfuscation.

4. Add a new CS file named as "ObfuscationSettings.cs". Move this file into the "Properties" folder. Put the following contents into the file:
using System;
using System.Reflection;

[assembly: Obfuscation(Feature = "encrypt symbol names with password MyP@ssw0rd", Exclude = false)]
[assembly: Obfuscation(Feature = "code control flow obfuscation", Exclude = false)]
If Reflection is used within your project, you may add this line:
[assembly: Obfuscation(Feature = "Apply to * when public and class: renaming", Exclude = true)]
  • Replace MyP@ssw0rd with your password.
  • If all your projects use the same settings, you may put these into a commonly shared link file (e.g. CommonObfuscationSettings.cs) and add as link from your project.

5. In "ObfuscationSettings.cs", add attributes for each referenced .Net assembly you want to embed, for example:
[assembly: Obfuscation(Feature = "embed My.SupportAssembly1.dll", Exclude = false)]
[assembly: Obfuscation(Feature = "embed My.SupportAssembly2.dll", Exclude = false)]
[assembly: Obfuscation(Feature = "embed MySql.Data.dll", Exclude = false)]
  • The assembly file name is case-sensitive.
  • Mixed assembly (assembly which contains unmanaged code) is well supported.

6. Build the project. The main project's bin\Release will have the assembly which is obfuscated and can be deployed without the referenced assemblies.

Additional Resources:
Assemblies Merging With Post-build Event
Assemblies Merging With ILMerge and MSBuild

If you find this post helpful, would you buy me a coffee?

1 comment:

  1. Crypto Obfuscator also supports embedded dependency assemblies in the main assembly - it has a nice and easy UI through which to specify all settings.