Options

SA 6.5 insecure ? DE4DOT recovered full source code

lestersatlestersat Posts: 3
edited December 12, 2011 5:52AM in SmartAssembly
Hello guys, I wanted to evaluate your product because I need a robust obfuscator with exception reporting, but the first attempt to deobfuscate a simple assembly with de4dot (https://github.com/0xd4d/de4dot) succeded and recovered my source code.

In the current state the obfuscator is totally useless, do you plan to improve it ?


Thanks

Lester
· Share on Twitter

Comments

  • Options
    dom.smithdom.smith Posts: 124
    Hi Lester,

    Thanks for the info.

    Obviously, no .NET obfuscator can be completely robust, because at the end of the day, the CLR still has to be able to interpret your code. As a general rule, however, the more complex your application, the less likely it is that de-obfuscators like de4dot will be able to recover your code.

    We'd be really interested in having a general idea of the complexity of your application and the features in SmartAssembly that de4dot was able to reverse.

    To answer your question, though, the good news is yes. In the next few weeks, we hope to be releasing a new version of SmartAssembly, which contains a beta version of a new type of obfuscation. I can't say more at the moment, but keep watching this forum for details of when it is released.

    Thanks,

    Dom.
    Dominic Smith,
    Project Manager,
    Redgate.
    · Share on Twitter
  • Options
    lestersatlestersat Posts: 3
    My app was a very simple one, I agree that a complex application will be more difficult to understand.

    The thing that "alarmed" me is that the deobfuscator recovered all the encrypted strings; I will probably add another layer of encryption to my sensitive strings in the program.

    Good that you are working on this, I really want to use your product because the exception reporting is very well done and it will be a great value for our application.

    Regards
    Lester
    · Share on Twitter
Sign In or Register to comment.