Symbol obfuscation makes the life of an intruder more complicated since all of the meaningful names inside the protected application are converted into a set of random symbols making the regressive analysis of such code far more complex. If meaningful names are no longer used, keyword searches become impossible. For instance “SerialNumberCheck(unit licenseID, byte[] serialNumber)” in an obfuscated form will look like “abb(unit zxd, byte[] skf)”.
The technology of name reloading also used in the obfuscator allows for the assignment of one and the same name to a larger number of items inside the protected application, which complicates the regressive analysis even further.
One more element of protection implemented through obfuscation is the encryption of string constants using the dongle’s hardware algorithm. This mechanism allows the dongle to be addressed during the code execution process, while the scheme of working with each protected application will be unique, since the addressing of string constants occurs in various points within the obfuscated code.
Guardant’s obfuscator provides the following features for .NET application protection:
Obfuscation of executable files (*.exe) and dynamic libraries (*.dll)
Symbol name obfuscation (types, methods, fields, properties, events, method and generalization parameters)
Reloading of fields, methods (assigning one and the same name to objects with various signatures)
Support for multiple character sets (symbols, digits, symbols and digits, non-printable symbols)
Fine-tuning of obfuscation parameters using the configuration file
Saving into a file an image of the obfuscated names of original names
Saving obfuscation statistics (covering of original code by obfuscated code)
Encrypting of strings using the dongle
To ensure application protection the following files need to be placed in one folder:
File
Purpose
CodeObfuscator.exe
String utility for .NET application obfuscation
Guardant.Api32ru.dll
Guardant API .NET function library
NvCodes.dat
File with access codes
LexicalObfuscator.dll
Main components of obfuscator’s symbol interface
LexicalObfuscator.Kernel.dll
Mono.Cecil interaction layer, building intermediate representation
LexicalObfuscator.Types.dll
Intermediate representation types library
Mono.Cecil.dll
Mono.Cecil with some specific changes
NameGenerator.dll
Generators of non-recurrent names
Obfuscator.dll
Obfuscator library. Performs loading and recording of assemblies, processing errors and exceptional situations, calls to the symbol obfuscator and string encryptor
Obfuscator.Strings.dll
StringEncryption.dll
Main components for string encryption
Templates.dll
Logic templates for operating with the dongle for injection
Important information
If the NvCodes.dat file is missing, the applications will be protected by demo codes.
The NvCodes.dat file is required only for the automatic protection utility and programming of the dongle. The protected application files themselves do not need this file. DO NOT under any circumstances send this file to your clients!
The presence of the following files in one folder is required to ensure operation of the protected application:
File
Purpose
CodeStorage32.dll
Individual secured locations of encrypted string constants and MSIL-code as well as Guardant API functions for 32 and 64-bit Windows operating systems.
The file storage locations are created using the /INIT option and are unique for each protection project!
CodeObfuscator.exe and CodeProtect.exe use one and the same location within the framework of one project!
CodeStorage64.dll
Connect a dongle of the required type to the computer before initiating the protection process.
Indicate the required protection parameters at the command prompt and push [Enter]. The utility will proceed with protection, generating the required messages in the process.
Upon completion of protection, the utility will terminate its operation.
The protection process can be paused at any moment by pressing Esc.
Obfuscation options are divided into general and individual.
The actions of the general options are distributed to all protected .NET assemblies from one project. Such options include /SO, /OP, /INIT, /SE, etc.
There is, however, a range of options, which can be individual for each protected assembly of the project. These include the options of setting the dongle type, options for binding to the dongle’s parameters and network protection options. See the help menu for more details.
