|
Eddy Vluggen wrote: When I'm looking at a third-party project without sources, I tend to use the assemblies the way they are. One doesn't need to deobfuscate them merely to use them.
Would those be libraries with a public API that just don't want you to see how they're implemented? In my case it's a full application being delivered that we want to make reverse engineering as painful as possible. When there's no API, and non-serialized (or etc) classes just look like class1.method1() , figuring out how to use parts of the whole isn't going to be easy.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
At a previous position, I used {SmartAssembly} for about 4 years. We used it in our build engine with NAnt. The command line was very easy to use along with the interface. It can get tricky if you use reflection, but its pretty easy to add exceptions. I used it before it became a RedGate tool, but I would give it a thumbs up!
Hogan
|
|
|
|
|
whos developer's support email having turned into a black hole?
I'm about to drop a bunch on a certain companies product but am nervous about their support.
Could you provide initials or pm me so as to keep me from making a mistake?
Thanks.
:Ron
|
|
|
|
|
company RS, product S. Since there're multiple RS -S tools, for addtional disambiguation the website has flyout menu's that only work in IE, and contact info includes a university alumni email address in addition to RS email addresses.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Obfuscators are easy to work around. De4dot, for example, is free, opensource, and will deobfuscate all the obfuscators mentioned here (along with many others). If someone has enough skill to do something with the original code, they probably have enough skill to use a deobfuscator.
|
|
|
|
|
I, my boss, and the customer the app is for are all aware that obfuscation is breakable. What they want is to make reverse engineering non-trivial, and want the difficulty to be closer to disassembling a native binary (what we'd've used if the paranoia requirement had came at the start instead of several years into the project) than pressing an easy button. The output of SmartAgent and de4dot as viewed in ILSpy or dotPeak is still vile enough to not be human intelligible without a lot of work. Reverse engineering the algorithms by feeding hundreds of test datasets to see what comes out would probably be less painful; and that's as much as we can hope for since the software is going on ordinary PCs not heavily tamper hardened boxes (and even there only a small number of wipe at first sign of trouble boxes would be likely to stop a sufficiently skilled adversary).
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
I've been using Reg-Gates database tools for years and recommend them highly, I have no experience with their other tools but I do believe their core skills are database.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
I've used SmartAssembly and Eazfuscator[^], and I've found both to do the job nicely.
One of the bonuses of using SmartAssembly is that it also does some extra non-obfuscation related things, like pruning unused classes, error reporting, and lots of other extras.
Eazfuscator does't provide that facility, and does provide features I could not get to work property in SmartAssembly, like fine grained control on name mangling.
I went with Eazfuscator in the end because it did everything I needed at a reduced price.
|
|
|
|
|
Roy Hodgson has picked his team for the 2014 World Cup in Brazil.
He has gone with Germany.
---------------------------------
Obscurum per obscurius.
Ad astra per alas porci.
Quidquid latine dictum sit, altum videtur .
|
|
|
|
|
So true. Apparently he was considering Germany & the Indian nation football team. I am still wondering why he choose Germany over India, any clues?
|
|
|
|
|
He doesn't have that many frequent flyer miles. Now, if you were to up and move India somewhere closer like, say France, he'd be well up for it.
|
|
|
|
|
Pete O'Hanlon wrote: He doesn't have that many frequent flyer miles.
I'm sure Julia Bradbury could help him there.
If there is one thing more dangerous than getting between a bear and her cubs it's getting between my wife and her chocolate.
|
|
|
|
|
Is it normal for developers to have to work on noisy office spaces? I've had a few different jobs as a developer over the past few years. The best one had an office. It was quiet and it was easy to focus on my work. I've had others with semi-queiet cubicles and one with a very noisy environment with people talking on their cell phones while walking around the developers' desks. How am I supposed to concentrate on work when the employer seems to discourage it by the environment?
Please tell me that this isn't normal. Are there employers out there that actually encourage productivity? How do I find these jobs? Lately I seem to be having bad luck. Maybe I live in the wrong part of the US?
|
|
|
|
|
we have to separate parts in our office. One for the QA and support team and the other for developers. The people from the QA call our rooms the 'monastery'...
I never see normal development places that where noisy. It seems to me too much...
I'm not questioning your powers of observation; I'm merely remarking upon the paradox of asking a masked man who he is (V).
|
|
|
|
|
I used to work in a noisy work environment: nobody talks - they just chat all day on IRC!!! I don't understand how people can face each other and not talk normally. Why do they have to go through IRC?
|
|
|
|
|
I currently have three people engaged in a semi-shouted Facetime conversation just over the partition wall. I might as well sit back and relax until they have stopped because of all the distraction it causes...
|
|
|
|
|
Last summer the office next to ours decided to renovate. For a month I worked from home, only came to important meetings a few times...
I'm not questioning your powers of observation; I'm merely remarking upon the paradox of asking a masked man who he is (V).
|
|
|
|
|
Unfortunately it IS normal (at least in my part of the world. I hate having to share office with the other developers, because they all have their irritating behaviours; tapping fingers, listening to music, talking on the phone, moaning and groaning (yes, I have a collegue like that ), irritating ring signals and signals signalling incoming email going off every 30 seconds.
Some people don't care, but I agree with you. I can't work in a noisy environment either. I would prefer a private office so I can surf pr0n work in peace. But in a company with a sizeable amount of developers, I guees that is too costly...
Anything that is unrelated to elephants is irrelephant Anonymous ----- Do not argue with an idiot. He will drag you down to his level and beat you with experience Greg King ----- I always wanted to be somebody, but now I realize I should have been more specific. Lily Tomlin, Actress
|
|
|
|
|
|
That explains your CP Username...
Anything that is unrelated to elephants is irrelephant Anonymous ----- Do not argue with an idiot. He will drag you down to his level and beat you with experience Greg King ----- I always wanted to be somebody, but now I realize I should have been more specific. Lily Tomlin, Actress
|
|
|
|
|
And swearing. Don't forget swearing.(You DO use Microsoft right?)
|
|
|
|
|
What the elephant are you on about sunshine? We don't elephanting swear in out elephanting company...
Nah, seriously, you're right! But strangely enough, the Mac saved saints also seem to swear about their Mac. (Personally, I don't understand why they use a Mac at all, because the job they're hired to do has with Microsoft products. But some people need to be OOOOH so special (thus complicating everything for themselves). No sympathy from me!
Anything that is unrelated to elephants is irrelephant Anonymous ----- Do not argue with an idiot. He will drag you down to his level and beat you with experience Greg King ----- I always wanted to be somebody, but now I realize I should have been more specific. Lily Tomlin, Actress
|
|
|
|
|
Are you referring to the Macmentarians?
I was talking to one last night. She couldn't understand why I built my home ent system out of bits of string and Linux for less than £150(now I have a 40" screen, 5.1 sound and Freeview on the same box. Also all my music and DVD's), then another £200 on an old, bomb-proof Elitebook, with a tb drive and core2duo processor(which I use for making and storing videos), when I could have spent 5-10 times as much on a Mac(which is still Intel)and been saved.
Yes. The ability to license all my tv and films and music for one, overpriced, sealed box, and pay over the odds for them, is sorely tempting.
Not.
|
|
|
|
|
In the end, it's all about the total time you save, including building and using. Much like this xkcd comic.
That's probably why I'm so keen on optimising programs...
|
|
|
|
|
I do it for fun. If it isn't fun, then it really isn't worth doing IMO.
|
|
|
|