Reputation: 756
Is there an obfuscation tool that can work well on the exe and pdb files that result from a dotnet core single file publish?
I am using dotnet core single file publish with the command: dotnet publish -r win-x64 -c Release /p:PublishSingleFile=true
. This works great in giving me just two neat files an exe and a pdb file, which I am able to give to a client to run my application.
However, I am still concerned about its ability to be decompiled.
I tried using ILSpy and JustCompile on both the files and they luckily could not be decompiled with these tools. Is it then that my files are safe, or it is that the tools have not yet caught up?
If the latter, what obfuscation tool can I use to protect these files? I attempted to use Obfuscar which did not work specifically on the single file publish outputs, the exe and pdb.
Any suggestions on the obfuscation tools to use for this?
Upvotes: 5
Views: 5039
Reputation: 21
As @john mentioned I use the Obfuscator from "obj" folder and it works:
First I install the Obfuscar.GlobalTool nuget with this command "dotnet tool install --global Obfuscar.GlobalTool --version 2.2.40
" in the Nuget Package Manager Console.
Then I configure my obsfuscar.xml
that we should add in the root of the project:
<?xml version="1.0" encoding="utf-8" ?>
<Obfuscator>
<Var name="InPath" value="obj\Release\net8.0-windows\win-x64\" />
<Var name="OutPath" value="obj\Release\net8.0-windows\win-x64\Obfuscated\"/>
<Var name="LogFile" value="$(OutPath)obfuscated-log.txt" />
<Var name="RenameProperties" value="true" />
<Var name="RenameEvents" value="true" />
<Var name="RenameFields" value="true" />
<Var name="KeepPublicApi" value="false" />
<Var name="HidePrivateApi" value="true" />
<Var name="UseUnicodeNames" value="true" />
<Var name="HideStrings" value="true" />
<Var name="OptimizeMethods" value="true" />
<Var name="SuppressIldasm" value="true" />
<!-- I add this because I have been troubles with that dependency -->
<AssemblySearchPath path="C:\Program Files\dotnet\packs\Microsoft.WindowsDesktop.App.Ref\8.0.2\ref\net8.0\" />
<!-- Add here all files that you want to obfuscate -->
<Module file="$(InPath)myApplication.dll"/>
</Obfuscator>
Then I configure and event in mi .csproj file:
<Project>
<!-- Your project configuration -->
<Target Name="PostBuild" AfterTargets="PostBuildEvent">
<Exec Command="obfuscar.console obfuscar.xml" />
<Delete Files="your-path\obj\Release\net8.0-windows\win-x64\DatabaseObjectMerger.dll" />
<Copy SourceFiles="your-path\obj\Release\net8.0-windows\win-x64\Obfuscated\DatabaseObjectMerger.dll" DestinationFolder="your-path\obj\Release\net8.0-windows\win-x64\"/>
</Target>
</Project>
An then I execute this command: "dotnet publish -c Release -r win-x64 --self-contained -p:PublishSingleFile=true
"
Upvotes: 0
Reputation: 21
You can use Obfuscar.
Use it in obj directory after target Compile and then copy obfuscated files to directory.(replace with original files)
Upvotes: 2
Reputation: 6610
Disclosure: I work for the Dotfuscator team at PreEmptive.
We have tested and verified that Dotfuscator Professional handles this scenario on both .NET Core 3 and .NET 5.
Specifically, you must use Dotfuscator Professional's MSBuild integration, which is now our recommended method of using Dotfuscator Professional for new projects. However, Dotfuscator will not update .pdb
files on .NET Core or .NET 5, so you will not be able to debug builds which use Dotfuscator (e.g., Release builds). You should not ship .pdb
files to untrusted users.
Upvotes: 5
Reputation: 16439
You can decompile .NET Core self-contained executables if you manually unpack them: Can .Net Core 3 self-contained single executable be decompiled?
You would have to run the obfuscator as part of the build process, before the individual assemblies are compressed into the single file. That's probably possible if you add a custom MSBuild target that executes the obfuscator, and use the BeforeTargets
attribute to integrate it at the correct point in the build process. But I haven't looked at the .NET core build system in detail.
Upvotes: 3