Using the free Babel Obfuscator in Silverlight projects

by APIJunkie 4. February 2010 05:24

One of the problems with Silverlight managed code is that it can easily be reverse engineered using standard .NET reflection tools.

Although no method can completely prevent reverse engineering your code there are ways to slow down and even deter all but the most persistent hackers.

Most of the tools I found that can be used to obfuscate Silverlight code are not free. But the Babel obfuscator by Alberto Ferrazzoli is an open source .NET obfuscator that can be used in Silverlight based projects.

Babel is a command line tool and it can be integrated into your build process. One way to do that is to add it to your post build events.

When you run babel on a target dll (assembly) it will generate an obfuscated version of the dll in the directory “.\BabelOut” relative to your dll output directory.

Usage Example:

"D:\Program Files \Babel\babel.exe" $(TargetPath) --noildasm --nomsil --noinvalidopcodes

Some caveats that apply to current babel version 2.0.0.1:

1.       The current version does not support obfuscating xap files directly but you can unzip the files first or integrate the babel tool into your build process.

 

2.       Not all command line parameters/options are supported in Silverlight projects. The following options work:

       --noildasm --nomsil –noinvalidopcodes

 

3.       Some assemblies (dll’s) that contain resources do not seem to obfuscate correctly (Its very easily detected they are not usable after obfuscation). If you have this problem you can always move all the sensitive code into a separate Silverlight code library and obfuscate only the code library.

Example:

Let’s assume you have one monolithic project called: “MySilverlightApp” that contains all the code and resources (xaml, images etc.) that will not obfuscate. To solve the problem:

1.       Add a new project to the solution called “MySilverlightAppCode” of type “Silverlight Class Library”.

2.       Add a reference to the new Silverlight library from the “MySilverlightApp” project.

3.       Move all the sensitive code files into the new Silverlight code library (“MySilverlightAppCode”).

4.       Obfuscate only the “MySilverlightAppCode” assembly (MySilverlightAppCode.dll).

 

Tags:

Silverlight | How To

Comments

2/4/2010 6:49:26 AM #

trackback

Trackback from DotNetKicks.com

Using the free Babel Obfuscator in Silverlight projects

DotNetKicks.com

2/5/2010 7:40:17 PM #

pingback

Pingback from silverlight-travel.com

Using the free Babel Obfuscator in Silverlight projects

silverlight-travel.com

5/24/2010 5:10:21 AM #

Christian

Hi APIJunkie,

Just wanted to point out that there's another free Silverlight obfuscator out there. It's called CodeFort, and it does not only operate natively on XAP packages - it includes support for renaming of identifiers in XAML code. When using other obfuscators, such as Babel, you have to manually exclude those types and members that you have referenced in the XAML code, or rely on the obfuscator's automatic rules (which typically exclude too much).

CodeFort is able to rename the identifiers inside the XAML files as well, which increases the amount of obfuscated names in applications to nearly 100%.

In the Free Edition, the XAML-referenced names automatically get parsed from the XAML & BAML files in both your main assembly and in third party assemblies. This way, even if you choose not to enable XAML renaming - CodeFort will automatically exclude exactly those types and members that are being referenced, still providing far better obfuscation than other obfuscators.

But, don't take my word for it - go check it out: www.codefort.org

Best Regards,
Christian

Christian Denmark

Comments are closed

About the author

Name of author

I was first wounded by x86 assembly, recovered and moved on to C. Following a long addiction to C++ and a short stint at rehab I decided to switch to a healthier addiction so I am now happily sniffing .NET and getting hooked on Silverlight.

I am mainly here to ramble about coding, various API’s, Junkies(me especially) and everything else that happens between coders and their significant other.

  James Bacon