We help IT Professionals succeed at work.

How to Obfuscate a .NET Dll using Obfuscate Attribute

M THIAM
M THIAM used Ask the Experts™
on
Hi all, i am looking for an example of use of the .NET ObfuscationAttribute to Protect a deployed DLL from reverse enginering with tool like Reflector
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Éric MoreauSenior .Net Consultant
Top Expert 2016

Commented:
Do you know that obfuscation is not 100% safe? Have a look at https://blogs.msdn.microsoft.com/clrsecurity/2005/05/26/obfuscation/

Also, features like Reflection won't work anymore on obfuscated code.
Éric MoreauSenior .Net Consultant
Top Expert 2016

Commented:
David FavorFractional CTO
Distinguished Expert 2018
Commented:
100% obfuscation that works is to create an API system callable by clients, to completely hide all code details while preserving functionality.

As Eric mentioned, other approaches all have problems.
M THIAMDEVELOPPER

Author

Commented:
Hi guys, thanks for your answer. Your answer help me.
I fact i have a WPF Solution which is deployed by ClickOnce an ftp secure disk. the app is used by several stores of our company and i want to be sure if someone get the files installed he can't acces to information by decompiling the dll library
Senior .Net Consultant
Top Expert 2016
Commented:
obfuscating will just scramble your IL code to make it harder to read, not 100% unreadable. Have you read the second link I provided?
M THIAMDEVELOPPER

Author

Commented:
Thanks to all of you to help take a good decision to propose to my boss.

So i propose to keep the first approach using a wpf client and a web API in the first time
And after if possible a complete migration to a web FrontEnd.

Regards
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You're welcome!

The other big wins working with an API system include...

1) Any OS can use HTTPS calls, so any client on any OS can call your API.

2) API implementation is completely decoupled from API code. In other words, if you find .NET is slow or overly costly to maintain, you can just switch to running a PHP based API, which can easily sustain 100K-1M calls/minute... with no Microsoft license fees + super easy to understand for any PHP developer.

3) API speed is the big win, as you can change API caching approaches on your server side with complete abstraction of any changes to all clients/consumers, which is a massive win if your product scales quickly which require a new caching mechanism.

Caution: Once you start writing API code, you may be hooked for life. :-)