Using the free Babel Obfuscator in Silverlight projects

by APIJunkie 4. February 2010 05:24

One of the problems with Silverlight managed code is that it can easily be reverse engineered using standard .NET reflection tools.

Although no method can completely prevent reverse engineering your code there are ways to slow down and even deter all but the most persistent hackers.

Most of the tools I found that can be used to obfuscate Silverlight code are not free. But the Babel obfuscator by Alberto Ferrazzoli is an open source .NET obfuscator that can be used in Silverlight based projects.

Babel is a command line tool and it can be integrated into your build process. One way to do that is to add it to your post build events.

When you run babel on a target dll (assembly) it will generate an obfuscated version of the dll in the directory “.\BabelOut” relative to your dll output directory.

Usage Example:

"D:\Program Files \Babel\babel.exe" $(TargetPath) --noildasm --nomsil --noinvalidopcodes

Some caveats that apply to current babel version 2.0.0.1:

1.       The current version does not support obfuscating xap files directly but you can unzip the files first or integrate the babel tool into your build process.

 

2.       Not all command line parameters/options are supported in Silverlight projects. The following options work:

       --noildasm --nomsil –noinvalidopcodes

 

3.       Some assemblies (dll’s) that contain resources do not seem to obfuscate correctly (Its very easily detected they are not usable after obfuscation). If you have this problem you can always move all the sensitive code into a separate Silverlight code library and obfuscate only the code library.

Example:

Let’s assume you have one monolithic project called: “MySilverlightApp” that contains all the code and resources (xaml, images etc.) that will not obfuscate. To solve the problem:

1.       Add a new project to the solution called “MySilverlightAppCode” of type “Silverlight Class Library”.

2.       Add a reference to the new Silverlight library from the “MySilverlightApp” project.

3.       Move all the sensitive code files into the new Silverlight code library (“MySilverlightAppCode”).

4.       Obfuscate only the “MySilverlightAppCode” assembly (MySilverlightAppCode.dll).

 

Tags:

Silverlight | How To

About the author

Name of author

I was first wounded by x86 assembly, recovered and moved on to C. Following a long addiction to C++ and a short stint at rehab I decided to switch to a healthier addiction so I am now happily sniffing .NET and getting hooked on Silverlight.

I am mainly here to ramble about coding, various API’s, Junkies(me especially) and everything else that happens between coders and their significant other.

  James Bacon