Comments on: {smartassembly} reviewed

By: Dan

Dan — Sun, 22 Jun 2008 18:31:53 +0000

Can you be more specific?

By: Mahmoud Al-Qudsi

Mahmoud Al-Qudsi — Sun, 22 Jun 2008 18:16:22 +0000

I just took a look at it, and, sorry, it’s terrible.

By: Dan

Dan — Sun, 22 Jun 2008 16:50:26 +0000

CliSecure is not an obfuscator, it’s a code protection tool. It leaves class & method names intact but at the same time secures your .NET code not allowing it to be reflected by standard .NET tools such as reflector.

By: Dan

Dan — Sun, 22 Jun 2008 16:24:17 +0000

The main issue with obfuscation tools is that they often break your code. I had many issues with obfuscation and therefore decided to evaluate some .NET code protection tools. CliSecure, in particulr, worked very well for me. It’s very easy to use, just feed it with assemblies and let it secure your code. It doesn’t require any modification or adjustements like most obfuscation tools require.

Dan.

By: Mahmoud Al-Qudsi

Mahmoud Al-Qudsi — Sun, 22 Jun 2008 16:23:01 +0000

Does it support cross-compilation? Because that’s the big thing that {smartassembly} is missing and no one else seems to do right.

By: Dan

Dan — Sun, 22 Jun 2008 16:19:49 +0000

I had many issues implementing obfuscation. The main problem was that obfuscation breaks your code. As a result I’ve tried .NET code protection tools, CliSecure in particular worked very well for me. It’s very easy to use, just feed it with your assemblies and run it, and it doesn’t require any modifications or adjustements to your code like most obfuscation tool required.

By: Mahmoud Al-Qudsi

Mahmoud Al-Qudsi — Tue, 08 Apr 2008 15:25:18 +0000

I fully agree with you. At the time when this article was written, we neglected to try {smartassembly} on anything larger than a single exe with multiple library dependencies.

However, we’ve recently tried to obfuscate/optimize a much larger project with multiple executable files and share libraries between them all, and it was not a fun experience.

If you obfuscate a library, it breaks the dependencies in the exe files. For each file you need optimized, you need a seperate project (one file is obfuscated per project).

Hopefully future versions of {smartassembly} will feature improvements in the cross-obfuscation realm……..

By: GV

GV — Tue, 08 Apr 2008 13:42:13 +0000

I’m a customer of SA….and i think that SA is a good solution…in terms of moneyprotection…
ok someone may say not the most unexploitable….
but i think that his protection is enough for many software companies that don’t have a world-wide distribution, but a simple and more realistic pool of customers.
many of us don’t have hackes that try to steal our super-formulas, in the worst case we can have people that try to duplicate the installation on another machine…without even know what they are doing…and for the “little-selfmade-pro-hacker-wannabe” that our software may ancounter SA seems really enough…(considering his price remember)

The thing that SA REALLY NEED is cross-obfuscation!!!!! all the other things can go fine…
Projects are very large and it is impossible to embed all in a single exe….what about upgrades???? what about maintenance in general??? if i want to change a single function in a library i need to REBUILD all the solution ?????

SA is a good choice but REALLY cross-obfuscation is a thing that we can no longer ignore when writing reviews on obfuscators!!!!! reviews are for all not only for personal-use, single-little-exe’s programmers….the most part of customers of an obfuscator are software companies not peoples in their house!!!

By: Computer Guru

Computer Guru — Fri, 14 Dec 2007 06:36:25 +0000

Well, in my experience most of the small obfuscation companies (basically all but Preemptive and Salamander) will gladly allow you to send a program that won’t obfuscate, and send you a patched version of their product that works with it.

As a sidenote: in {smartassembly} 2.2, the problem we experienced with 30-minute obfuscation times was fixed.

By: Khatib

Khatib — Thu, 13 Dec 2007 23:30:28 +0000

Unfortunately, all obfuscation companies are loosing some serious customers, simply because they do not release a simple document of guidelines for writing code that works with obfuscation. I had to go through all the pain of changing my code to make it obfuscatable. I wish i could have some time to write these guidelines myself one day. I know people who already shifted from .NET to other technologies like delphi and c++ just because of the missing the right connection between .NET and obfuscation.

By: .net obfuscator {smartassembly}, .net obfuscation, Protection and Improvement

.net obfuscator {smartassembly}, .net obfuscation, Protection and Improvement — Sun, 16 Sep 2007 07:55:23 +0000

[...] : {smartassembly} 2.2 has been released. 05/02/2007 : {smartassembly} 2.1 gets a great review at the NeoSmart Files. {smartassembly} isn’t just the best obfuscator we’ve tested *, but also an all-in-one [...]

By: .net obfuscator {smartassembly}, .net obfuscation, Protection and Improvement

.net obfuscator {smartassembly}, .net obfuscation, Protection and Improvement — Fri, 10 Aug 2007 19:21:51 +0000

By: Harley

Harley — Fri, 25 May 2007 19:39:00 +0000

Hm, but I’ve briefly compared SA with Spices.Obfuscator - assembly after SA is still easy to decompile (ILDASM, Spices.Decompiler, Reflector), many of members iare leaved from obfuscation (some internal and private members not obfuscated, these are usual classes don’t excluded from obfuscation in single exe). Anyone can disassemble this app, make changes and assemble with ILASM with my own code - in other words, make workable copy of protected program, program is still has roundtrip vulnerabilty. You can be happy with SA, you can have no time to contact commercial vendors to take recommendations from experts/professional to REALLY protect your code, until hackers start to distribute your code. In other words - you happy because SA doesn’t ruined your app, isn’t it?

I’ve tried a lot of obfuscators - dotfuscator, xenocode, SA, salamander, Spices.Obfuscator, native protection - Codeveil. They have their own advantages and disadvantages. It’s need to understand results of obfuscation, reasons of incorrect work of program after obfuscation (the main problem - serialization/reflection), what members should be obfuscated and excluded from obfuscaton, analyze results of obfuscation to understand real protection.

BTW, I’ve tried EasyBCD - on startup this program shows AV exception, but continue to work, and after some clicks - View Settings (shows AV), Configure Boot - shows SA exception and crashes. Are you sure that SA doesn’t ruined your app?

By: Computer Guru

Computer Guru — Fri, 25 May 2007 03:53:43 +0000

SA does have an option to obfuscate additional assemblies, at least in the version we tested.

Spices ruined our app as well, it would hang before the Window was even created. I don’t have time to contact commercial vendors whose apps don’t work as advertised, that’s why I’m happy we chose {smartassembly} where we didn’t need to: it just worked.

By: Harley

Harley — Fri, 25 May 2007 01:58:21 +0000

Hm, seems SA is only for single assemblies. How about several assemblies, cross-obfuscation, tamper-proofing solutions (very urgent feature for us)? I love Spices.Obfuscator with Anonymizer and antiTampering (these thhigs really work for us), cross-obfuscation (I’ve 15 assemblies in project), that tool is really smarter than smart-assembly and offer real solution to protect big things.

2 Judah: don’t afraid to contact to vendors to solve your problem. I had runned into some problems with spices obfuscator and received some useful recommendations relating to my assemblies protection that solved all my problems.