Dotfuscator 社区版有多好?什么是“足够好的混淆器”?

发布于 2024-08-17 03:05:13 字数 1432 浏览 5 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

瑾兮 2024-08-24 03:05:13

简而言之,Dotfuscator 社区版和其他“专业”版本之间的主要区别在于,社区版只会真正混淆和更改您的名称空间、方法名称和类的其他“公共”可访问方面。它不会深入研究函数本身并混淆函数内的“私有”代码。

此外,社区版不会做任何事情来混淆应用程序中的控制流等内容,也不会将多个程序集中的代码“组合”到一个程序集中。这些是“专业”付费版本中提供的功能。

社区版(Visual Studio 附带的“免费”版本)和“专业”付费版本之间的最佳比较可以通过查看以下两个链接找到:

抢占式 Dotfuscator 版本比较

MSDN 上的 Dotfuscator Community Edition 3.0

MSDN 链接有点过时,但是,对各种可用的实际功能提供了更好的解释Dotfuscator 的版本。

编辑:

商业混淆器确实要花很多钱,至于它们是否物有所值?嗯,这确实是只有你才能做出的判断。就我个人而言,我会说在您的情况下这是不值得的。首先,因为您只想保护一个应用程序(“我计划发布一个小型、低价的实用程序。”),其次,您说您并不太担心该应用程序被“破解”(“我”我不太担心我的应用程序被破解。”)。

我理解编译 .NET 应用程序时如何让您感到困扰,无需任何混淆,可以轻松地对其原始源代码进行逆向工程,并且有人可能会利用它来窃取您的软件并将其作为自己的软件出售,但是,事实上,软件盗版确实存在,而且你可能永远无法阻止它。

试图阻止软件盗版已经在这里(Stack Overflow)和整个互联网上引起了令人作呕的争论。

普遍的共识似乎是,您需要将时间和精力更多地集中在使您的产品尽可能出色上,而不是利用这段时间试图保护一些东西,只要有足够的时间/金钱,“攻击者”就可以“无论如何破解”/窃取你的软件,尽管你尽了最大努力阻止他这样做。

这种情况经常发生吗?

我想说的是,这种情况发生的次数可能比你想象的要少得多。当然,软件会被破解,但我不认为有太多人实际上窃取了他人的源代码并完全重新命名以作为自己的代码出售。我并不是说这种情况没有发生,或者没有发生过,但这肯定不是常见的情况。

总而言之,我想说,你最好的选择是专注于使你的实用程序尽可能强大,并使用免费的 Dotfuscator 混淆器,因为它只需要很少的时间/金钱投入,就可以从最大程度上混淆你的代码。明显的窥探,但不要因为以下事实而失眠:如果有人非常想破解/窃取您的产品/代码,他们就会这么做。

In a nutshell, the main difference between Dotfuscator Community Edition and the other "professional" editions is that Community Edition will only really obfuscate and change your namespaces, method names, and other "public" accessible aspects of your classes. It won't delve into the functions themselves and obfuscate the "private" code within the function.

Also, the Community Edition doesn't do anything to obfuscate such things as control flow within your application, nor will it "combine" code from multiple assemblies into one assembly. These are features that are available within the "professional" paid-for versions.

The best comparison between the Community Edition (the "free" version that comes with Visual Studio) and the "professional", paid-for editions can be found by looking at the following two links:

Preemptive Dotfuscator Editions Comparison

Dotfuscator Community Edition 3.0 on MSDN

The MSDN link is slightly out of date, however, gives a much better explanation of the actual features that are available within the various editions of Dotfuscator.

EDIT:

Commercial obfuscators do cost a lot of money, and as to wether they are worth the money? Well, that's a judgement call that really only you can make. Personally, I would say that it isn't worth it in your scenario. Firstly, because you're only wanting to protect one application ("I plan to release one small, low priced utility.") and secondly, you say that you're not overly concerned with the application being "cracked" ("I'm not very afraid of my application being cracked.").

I understand how it can bug you that compiled .NET applications, without any obfuscation, can be easily reverse engineered to their original source code, and that someone may make use of this to steal your software and sell it as their own, however, the fact remains that software piracy does exist and you will probably never stop it.

Trying to stop software piracy has been debated ad-nausem both on here (Stack Overflow) and all over the internet.

The general consensus seems to be that you need to focus your time and energies more on making your product as great as it can be rather than using this same time trying to protect something that, given enough time/money, an "attacker" can "crack"/steal your software anyway, despite your best efforts to prevent him from doing so.

Does this happens a lot?

I would say that it probably happens a lot less than you think it does. Sure, software gets cracked, but I don't think too many people actually steal other's source code and completely re-brand it to sell as their own. I'm not saying it doesn't, or hasn't happened, but it's certainly not a common occurrence.

To summarise, I'd say that your best bet would be to focus on making your utility as great as it can be and use the free Dotfuscator obfuscator, since it requires very little investment of time/money, to obfuscate your code from the most obvious prying eyes, but don't lose any sleep over the fact that if someone wants to crack/steal your product/code badly enough, they will do.

暗喜 2024-08-24 03:05:13

我认为 Visual Studio 附带的 Dotfuscator Community Edition 是一个相当幼稚的解决方案。它仅提供符号重命名,并且根本不会混淆控制流。如果有人决定窃取您的代码,只需要重构所有名称,这对于少量的类来说非常容易。

您还可以依赖 Reflector 提供的不太完美的反编译(它通常会弄乱 switch 块、产生大量 goto、不匹配 if-else 块等)。

但我建议您尝试 Eziriz .NET Reactor。它的成本仅为 179 美元(AFAIK 最佳性价比)。它提供了标准的混淆技术,例如符号重命名、字符串加密、控制流混淆。作为一个很好的奖励,它为您的应用程序创建本机启动器,其中将包含您的主程序集和所有加密的第三方引用并按需加载。另外它还提供一些许可功能。

无论如何,逆向 .NET 应用程序并不是那么难,我这样做是为了好玩,并且可以说,你的应用程序被破解或逆向的速度只是时间和金钱(当然还有常识)的问题。

I think Dotfuscator Community Edition shipped with Visual Studio is quite a naive solution. It provides only symbol renaming and does not obfuscate control flow at all. And if someone decides to stole your code it will only need to refactor back all names, which is quite easy with small amount of classes.

Also you can rely on not so perfect decompilation provided by Reflector (it usually messes switch blocks, makes lots of gotos, mismatch if-else blocks, etc.).

But I suggest you try Eziriz .NET Reactor. It costs only $179 (AFAIK best price/features ratio). It provides standard obfuscation techniques such as symbol renaming, string encryption, control flow obfuscation. As a good bonus it creates native launcher for you app, which will contain your main assembly and all third party references encrypted and loaded on demand. Plus it provides some licensing capabilities.

Anyway reversing .NET application is not so hard, I did it for fun and can say that it's only matter of time and money (and of course common sense) how fast your application will be cracked or reversed.

挽你眉间 2024-08-24 03:05:13

混淆器至少应具有:

  1. 字符串加密
  2. 符号重命名
  3. 控制流混淆

最好具有以下功能:

  1. 资源保护
  2. 程序集合并/嵌入
  3. 外部方法调用隐藏
  4. 能够自动签署混淆的程序集
  5. 支持附属程序集
  6. 死代码消除
  7. 元数据还原
  8. 反反编译器(Reflector)
  9. 防篡改
  10. 反调试

看看我们的加密混淆器< /a> 支持所有这些的产品。

At a minimum, an obfuscator should have:

  1. String encryption
  2. Symbol renaming
  3. Control flow obfuscation

Good to have features are:

  1. Resource protection
  2. Assembly merging/embedding
  3. External method call hiding
  4. Ability to auto-sign obfuscated assemblies
  5. Support for satellite assemblies
  6. Dead-code elimination
  7. Meta-data reduction
  8. Anti-decompiler (Reflector)
  9. Anti-tamper
  10. Anti-Debugging

Take a look at our Crypto Obfuscator product which supports all of these.

天煞孤星 2024-08-24 03:05:13

绕过逆向工程代码的另一种方法是,如果您无法真正负担得起添加支持的混淆器,则可以将 dll 放置在何处。在部署之前在程序集中告诉编译器在哪里寻找它们,这是阻碍逆向工程的旧做法。
但就像已经说过的那样,主要集中于开发优秀的产品和良好的编码实践,那么您将来将能够负担得起一个不错的混淆器应用程序。
另外,尽量不要太担心其他人破解您的代码,因为大多数黑客破解代码只是找到一种无需付费即可使用该产品的方法,而不是窃取代码或向初学者学习。是的,我希望 JIT 只支持 c# 和 vb.net,这确实会减少逆向工程,但由于 .net 确实是语言友好的,所以 jit 可以读取很多内容,这就是价格。
因此,继续编码并赚一些钱,购买一些额外的证券。

Another way to get around reverse engineering code is where you place your dll's if you cannot really afford obfuscators which do add support. And in your assembies before deployment tell the compiler where to look for them which was an old practice to hinder reverse engineering.
But like it was already said, concentrate mostly on developing an excellent product and good coding practices, then you will be able to afford a nice obfuscator application in the future.
Also, try not to worry to much about others cracking your code because most hackers crack code just find a way to use the product without paying for it and not to steal code or to learn from for beginning programmer. Yeah, I wish JIT only supported c# and vb.net which would have really cut down on reverse engineering but since jit can read many due to .net being really language friendly that is the price.
So code away and make some money, buy some additional securities.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文