Anyone distributing any .NET applications using obfuscation or native linking?

[JCB]

I have been researching various tools like XenoCode, Wise Owl, 9Rays.net spices.net, and most of the others that come up with a Google search. Some seem promising like Xenocode which has a pro edition for 399.00 which appears to have some pretty good protection for .NET applications. It seems the best is the ones that have native code generation like Salamander .NET Linker but all are somewhat expensive for a hobby project (for now). Hopefully one day it may progress into more than a side project.

My .NET application is tied to a specific piece of external hardware so it is of little use to anyone without the hardware so I am not too worried about it going all over the internet. I am mainly concerned with my IP that is tied to the hardware. I have a good bit of confidential information that I used to communicate with the hardware and as it is now anyone with a simple decompiler can see the code logic almost 100% intact. I am mainly interested in just making it difficult for someone with a .NET reflection tool/decompiler.

My other option is to re-write the sensitive portions in C++ and call them from VB.NET and use some of the native x86 protection tools on the DLL. This would be my least favorite method as the product is very close to being ready to ship.

We had evaluated various obfuscators and we settled on XenoCode -- good integration, highly adjustable obfuscation levels (those with more limited levels will simply throw exceptions if set to a "high" level), and good program flow/string literal obfuscation.

Best way is to judge for yourself using multiple obfuscators using the highest possible level, and then compare the obfuscated outputs using reflector or something similar.

I have to disagree, at least for XenoCode 2005.
I've tried to do obfuscating or protecting or anything, and none of this worked.
If you increase "strength" power, then compression screws.If you change something else, then something else stops to work.And i didn't managed to link the .net framework in the app, so it can be redistributed without the .Net Framework, as they claim Xenocode does.I don't know if it's a DEMO limitation, but they say that the demo is full functional, but some nag screens appear.
Besides that, if you want simple obfuscation, use tool that ships with VS 2005.
It's a commercial programm, but the shipped version is it's "Community Edition".

Salamander is one of the best, but as you said is expensive, even if your project is not a hobby project..

[JCB]

I have been toying with Xenocode and I am with you on the fact that it breaks the EXE. I turned off any ANTI-ILDASM so reflection would work correctly and basically turned every option off or way down like control flow obfuscation and it did finally make a working exe. I could never get the .NET runtime to link with the assembly so that I wouldn't have to make users download it if they didn't want to. If I ran my app it would come up with a debugger error and ask me which development tool to open it up in. I can't even get the merge multiple modules to work correctly. I am tinkering with Microsoft's ILMERGE utility as they keep updating it every few months now.

9Rays.NET Spices obfuscator has a 199.00 console version which he says has the identical obfuscation features of their GUI and VSIP edition. They protect their own tools with it they say so it may be worth trying as it has a good bit of features that Dotfuscator doesn't and the demo version didn't break my EXE lol.

Now you have me wondering if they improved the Dotfuscator community edition for VS.NET 2005 ? I have it installed on another partition for testing and I imagine they updated it to handle the .NET 2.0 framework but I assume it still has the same limitations as the older one (No string encryption, flow control, etc...)

As far as i know, in VS 2005 the Community edition was greatly improved not only to support .Net 2.0 but to add some missing features too.
I have to admit that i never tested it (the new version) but i'm going to do it within the next days and let you know.

About Salamander .Net..I got a trial version from the author and tried to play a little withit.It's serious limitation for the time is that it doesn't support .Net 2.0.Also the native linking of the .net framework is kind of "tricky" to work correct, but the good thing is it works!Well, not all of the times, but most of them.About their protector is good, as it's mixing managed with native code and make it somehow "harder" to crack.

I'm on a search for the "best" .Net protectors/linkers..Maybe i'll make a list and post it here with their pros and dis listed/described also.

[SystemeD]

Hi rumor,
I don't know if it could be useful to your search for the "best" protector but I can list all the .NET packer/protector that I know. Here it is:

hxxp://www.junglecreatures.com/
hxxp://www.preemptive.com/products/dotfuscator/index.html
hxxp://www.remotesoft.com/salamander/obfuscator.html
hxxp://www.semdesigns.com/products/obfuscators/csharpobfuscator.html
hxxp://www.9rays.net/cgi-bin/components.cgi?act=1&cid=108
hxxp://www.wiseowl.com/products/products.aspx
hxxp://www.xenocode.com/
hxxp://thinstall.com/dotnet/
hxxp://www.lesser-software.com/en/content/products/LSW%20DotNet-Tools/LSW_DotNet_IL-Obfuscator.htm
hxxp://dotnetprotector.pvlog.com/Home.aspx

Thank you very much you saved me a heck of time!

I'm testing all of them.. as for the time, none linker has worked correctly..i'm starting to wonder if all of these linkers are just "jokes" to play with our nerves. All of them just produce broken exe's.