method variables not obfuscated

dan.lee.RIdan.lee.RI Posts: 15
edited July 15, 2016 11:34AM in SmartAssembly
I have .dll assembly that I am trying to obfuscate. Most of the file gets obfuscated. However, some sensitive variable names are not mangled.

For instance our code will look like this
namespace my.dll
{
    public class myClass
    {
        public class User
        {
            public string username {get; set}
            public string password {get; set}
        }

        public void DoSomeAction(SqlConnection cnn, string parameter1, string parameter2, string parameter3)
        {
            //doing some action
         }

         private void DoSomeAction2(SqlConnection cnn, string parameter1, string parameter2, string parameter3)
        {
            //doing a different action
         }
    }
}

The file compiles and I use Smart Assembly 6.2 to obfuscate the file. However, when I examine the obfuscated file, using Jet Brains DotPeek, both the public and private methods show the real names and not obfuscated names as I would expect.

In the saproj file I have the following:
* I use strong name signing
* I only obfuscated this one .dll file. There are no other dependencies that are merged or embedded.
* I set the obfuscation to the highest level, using advanced renaming
* I select Control Flow Obfuscation and set it to the highest level for this .dll file
* I select to encode all the strings in my software and select the check box to use encoding with improved protection
* I opened the saproj file in notepad and added the 'ExcludePublicMembers="0"' to the assembly obfuscation element.

Is there anything I can do to ensure that variable names are obfuscated. I see that I can add attributes to prevent obfuscation for variable names, but not to make sure that they are obfuscated.
Daniel Lee
Release Engineer
Amazing Charts,Inc

Comments

  • Jessica RJessica R Posts: 1,257 Rose Gold 4
    Hi and thanks for your post!

    Just a few notes on this that I hope will help:

    - Local variable names are stored in pdb files, so they will actually only appear when decompiling the DLL if the pdb file is available in the same location alongside the DLL. (So to keep these hidden from users, you'll just need to make sure not to distribute your pdb file along with the dll.)

    - In order to hide method parameters and properties, you'll actually need to use the pruning option. Can you kindly try enabling this?

    - SmartAssembly automatically excludes public methods of DLLs from obfuscation, else other assemblies cannot call on it. I'm afraid there's no way around this aside from refactoring code (the ExcludePublicMembers option only applies to .EXE files).

    - However, private methods should be obfuscated (unless they are decorated with System.Reflection.DefaultMemberAttribute). If in case there are names that are still visible after obfuscation and pruning that aren't due to them being public methods of the DLL, they may still be getting excluded automatically. The [log file](https://documentation.red-gate.com/disp ... rtAssembly) should give more detail on why they are excluded.

    I do hope this helps explain some things! Please let us know how you get on.

    Jessica Ramos | Product Support Engineer | Redgate Software

    Have you visited our Help Center?


  • Jessica,

    Thank you for the reply. While this did a better job, it did not do the job completely enough.
    Our public method were still exposed using graywolf to view the assembly.
    We tried using Agile.NET and this is accomplishing what we need.
    Daniel Lee
    Release Engineer
    Amazing Charts,Inc
  • Jessica RJessica R Posts: 1,257 Rose Gold 4
    Hi Daniel,

    Ah okay, thanks for the update and so sorry to hear that things didn't work out with SmartAssembly! I'm glad you've found a tool that fits your needs though, and if you ever decide to give SmartAssembly another try down the line, please get back in touch if you need any assistance.

    Jessica Ramos | Product Support Engineer | Redgate Software

    Have you visited our Help Center?


Sign In or Register to comment.