Best Obfuscation Tips

Feb 1, 2020

Babel Obfuscator is a great protection tool and can make a good obfuscation job just right of the box. Knowing all the nitty-gritty is a good thing, but it may take a long time. So we have prepared several tips that will help you to get the best possible obfuscation result without too much effort.

Consider to declare as many types as possible internal or Friend if you use VB

Public types and methods that are externally visible will not be renamed because they can be consumed by other assemblies. Internal (or Friends for VB) types are private and are not visible to external assemblies so they can be safely renamed.

Merge dependencies whenever possible

Babel Obfuscator can merge referenced assemblies into the target assembly. This will allow you to internalize all merged types increasing the number of renamed symbols. 

Use hash algorithm when encrypting strings

The hash string encryption algorithm offers good protection and at the same can reduce the size on disk of the obfuscated assembly. 

babel.exe myapp.exe --string hash

Enable Control Flow Obfuscation

Control Flow Obfuscation can make if statements more complex to read, insert a number of irrelevant branches, add multiple switch instructions without changing the behavior of the method so that is very difficult to analyze after decompilation. To obtain the best code scramble we suggest enabling the following algorithms: gotoifswitchcasecall.

babel.exe myapp.exe --controlflow goto=on --controlflow if=on --controlflow switch=on --controlflow case=on --controlflow call=on ...

Encrypt code that expose sensitive data

Code encryption is a powerful protection feature. But with great power, comes great responsibility… (Perhaps you’ve already heard before). Definitely code encryption is good but can slow down a bit your application. So take care of what to encrypt. Generally, methods that handle sensitive data are good candidates like methods that check license keys for instance. 

[Obfuscation (Feature = "msil encryption" , Exclude = false )]
private void CheckLicenseKey()
{
     XmlLicense license = LicenseManager .Validate(typeof (Program), this) as XmlLicense; 

Encrypt Managed Resources

Resource encryption can hide all the embedded resources into your assembly compressing at the same time all your assets. Also, this feature like code encryption can lead to a performance hit, so use it carefully.

Enable Dead Code Removal

This will allow Babel Obfuscator to remove unused code, included types, properties, fields, and events reducing the disk size and optimizing the load time. 

Use Dynamic Proxy Generation to hide calls to external methods

Dynamic Proxies can hide the calls to external and internal methods. Most of the time enabling dynamic proxies generation for external calls is enough to get a good obfuscation result. 

Enable Anti Tampering protection

Anti-tampering protection will detect if your assembly has been tampered with and will give you the choice of what action to take like stopping the execution or reporting an error to the user. We suggest taking silently actions that will make your application to stop after a while the check occurred or produce incorrect results. In this way, it will be more difficult for an attacker to find and skip the anti-tampering protection.

Finally remember to test the obfuscated application

Obfuscation might break your code (sometimes). To avoid any unexpected behavior at runtime, remember to perform all the necessary tests on the obfuscated assemblies.

These few obfuscation tips will allow you to use Babel Obfuscator more effectively. If you want to get the best from the tool we suggest reading the Babel Obfuscator user’s guide.

Pin It on Pinterest

Share This