Skater .NET Obfuscator protects your .NET 7 projects

.NET 7.0 is the next major release of .NET (used to be .NET Core) following 6.0. .NET 7 is the main implementation of .NET going forward and .NET Framework 4.x is still supported. .NET 7 assemblies are also need to be protected to hide source code from spying eyes.

The .NET 7 SDK includes support for the known .NET technologies such as Windows Forms desktop applications, WPF, Azure service apps, console apps, and now .NET 7 received more updates compared to full .NET Framework.

There is Windows Forms .NET 7 UI framework for building Windows desktop applications in the .NET 7 presented.

WinForms is a User Interface framework for developing Windows desktop applications. It is a .NET wrapper over Windows UI DLLs, such as User32, GDI+, and so on. It also includes visual controls and other similar functions that are unique to WinForms desktop apps.

To test how Skater obfuscator helps to protect .NET 7 Windows Forms application, first we need to create new .NET 7 Windows Forms desktop project in Visual Studio.

To test how Skater Obfuscator protects WinForms .NET 7 assemblies open Visual Studio 2022 (or later) and create new Windows Forms .NET project. To run and create such projects your Visual Studio must be version 17.0.1 or later.

Let’s name the project as WindowsFormsApp. You can get the attached project’s source code.

To further test Skater obfuscator functionality, we have added some dummy classes, methods, and properties into the Form1.cs.

Just to remind you:?the main .NET 7.0 idea is to compile a Windows Forms app and then run it under any system. Not Windows only.

?The .NET 7 actual application is a dll library. Its .NET source code as any other .NET framework code is compiled into CIL/MSIL. .NET 7 dll assembly contains code which the Common Language Runtime (CLR) executes. It can be disassembled (read ‘hacked’:) by anybody else. We still need to protect that kind of .NET assemblies by obfuscating them.

Skater supports .NET 7 projects where the publish output is a DLL file (Framework-dependent deployment). When the publish output is an EXE file that calls .NET 7.0 DLL (Self-contained deployment) the final DLL has to be obfuscated as well. There are two types of .NET 7.0 apps can be built:

?Framework-dependent deployment.?As the name implies, framework-dependent deployment (FDD) relies on the presence of a shared system-wide version of .NET 7 on the target system. Because .NET 7 is already present, your app is also portable between installations of .NET 7. Your app contains only its own code and any third-party dependencies that are outside of the .NET 7.0 libraries. FDDs contain .dll files that can be launched by using the dotnet utility from the command line. For example, dotnet app.dll runs an application named app.

?Self-contained deployment.?Unlike FDD, a self-contained deployment (SCD) doesn't rely on the presence of shared components on the target system. All components, including both the .NET 7 libraries and the .NET 7 runtime, are included with the application and are isolated from other .NET 7 applications. SCDs include an executable (such as app.exe on Windows platforms for an application named app), which is a renamed version of the platform-specific .NET 7 host, and a .dll file (such as app.dll), which is the actual application.

?The .NET 7 WinForms app development is following the?Self-Contained Deployment?(SCD) concept.

Let’s take a look at what the final binaries were compiled in the output folder of the?WindowsFormsApp?project.

You can see two main assemblies presented inside the output folder:

WindowsFormsApp.exe

WindowsFormsApp.dll

This pair of files represents the .NET 7?Self-Contained Deployment?(SCD) concept.

The final output for that Windows Forms app includes the?WindowsFormsApp.exe?executable, which is a renamed version of the platform-specific .NET 7 host, and the?WindowsFormsApp.dll?library file, which is the actual application. So, the?WindowsFormsApp.exe?executable is the app’s starter with necessary predefined .NET 7 utilities compiled inside the exe. Ideally the exe file is cross-platform executable. The executable is binary file compiled in machine codes. This file is cannot be decompiled and do not need to be obfuscated.

Finally, let’s concentrate on?WindowsFormsApp.dll?assembly protection.

Take a look what we got after the?WindowsFormsApp.dll?.NET 7 app decompilation:

We can see the non-obfuscated "Hello .NET 7!" string in the decompiler's interface. Decompilation tools can decompile a .NET assembly directly back to a high-level language like C#, VB .NET, or C++. We are ready now to obfuscate the sample?WindowsFormsApp.dll?.NET 7 app by using Skater .NET Obfuscator. In Skater .NET Obfuscator open?WindowsFormsApp?app.

Skater immediately identifies the?WindowsFormsApp.dll?is .NET 7 assembly:

Now you can adjust?WindowsFormsApp.dll?app obfuscation settings and run its protection process. After all, you need to check what the output of the Skater obfuscation and how?WindowsFormsApp.dll?app is protected. When you run the obfuscated app (run the?WindowsFormsApp.exe) it produces the same result. Take a look what changed inside the simple program. We need to run the decompiler again against the new obfuscated dll and it will give us the following decompilation result:

The "Hello .NET 7!" string has been allocated by Skater into a public variable then it was encrypted. We can pretty easily spot the encrypted string inside that decompiled script. Should this make it pretty obvious that our code is protected? Is it not simply too easy to decrypt the safe .NET 7 source code? Almost. An absolute hacker still can choose a password for the encrypted string and decompile it.

Learn about Skater .NET Obfuscator

Conclusion

No matter what we do, if our code is placed at the end-user's PC/Mac/Phone, it is not safe. As long as the code is placed at the end-user, all we can do is to make it as cumbersome as possible to get to the original source code, with any luck avoiding most hacker's deciphering attempts.