Friday, June 29, 2012

A New Stunning Feature: Code Virtualization

Consider yourself in a situation when you are working on a security-sensitive part of your application’s code. Here is one of your methods:

    private static byte[] ComputeLicenseHash(int y)
    {
         int v = _mySalt ^ y;
         var h = new System.Security.Cryptography.MD5CryptoServiceProvider();

         var hash = h.ComputeHash(BitConverter.GetBytes(v));

         return hash;
    }

Most of .NET obfuscators available today offer you many techniques to protect your code: symbol renaming, strings encoding, and many more stuff that is not so easy to understand. Still, if you open the protected assembly with a popular decompiler you will see your method being something like this:

In this particular case, not much of obfuscation, right?
Then, what do we do? Decryptable method encryption? Native modules? Tricky native PE packing? Getting too complex and incompatible?
Behold:

Eazfuscator.NET Code Virtualization

So, what does the new version of the Eazfuscator.NET offer you? Let’s really protect our method:

    [Obfuscation(Feature = "virtualization", Exclude = false)]
    private static byte[] ComputeLicenseHash(int y)
    {
        int v = _mySalt ^ y;
        var h = new System.Security.Cryptography.MD5CryptoServiceProvider();

        var hash = h.ComputeHash(BitConverter.GetBytes(v));

        return hash;
    }

And the result:

That’s different.

But you will ask: where has all of my code gone? Let’s look at the assembly resources. Here it is:

To an intruder, this is a nearly random byte sequence. And it will be different each time you obfuscate your code. We have taken care for this to be non-decryptable.

Looks right. But what is actually happening here? The short answer is we have developed a custom virtual machine for you, which works atop of the .NET virtual machine, using a different instruction set each time you obfuscate your assembly. You simply switch this machine on by applying an attribute to your method, class or assembly.

Now you can write your code and be sure that no one will see anything. Still, you should remember that double virtualization has an obvious disadvantage of execution speed degradation, because it takes processor time to translate two sets of virtual instructions instead of one. So, be aware that it is worth to use this feature for a selected methods or classes, those ones that you want to hide by any means possible.

Eazfuscator.NET Goes Commercial

With this world-changing feature, Eazfuscator.NET goes into commercial mode. We really appreciate your commitment, so here go fair upgrade bonuses:

  • All existing customers will get 30% off
  • People who made donations to Eazfuscator.NET will get 80% off
  • People who made donations larger than $49 will get Single Developer License for free

If you interested in immediate quote then just drop us a mail.

It was a great journey to give Eazfuscator.NET for free during the last 4 years. We change the world, so it is even more adventurous to deliver the paid product.

Get Eazfuscator.NET now and try Code Virtualization yourself!

7 comments:

  1. Good luck! And without a non-virtualization free version, Eazfuscator is no longer an option for me as a student. Hello Confuser... :-/

    ReplyDelete
    Replies
    1. Dear Anonymous,
      First of all, we provide discounts for students.
      Secondly, Confuser is not even close to Eazfuscator.NET in terms of production quality. Confuser is not even close in terms of obfuscation intelligence and run-time performance. And of course it is out of the boat when it comes to support.
      I am sure you will immediately feel the difference from the day #1.

      Delete
  2. I agree to what the previous anonymous poster have mentioned here.
    Eazfuscator would still have a free limited version,
    even with less features than the old free one.
    Given the usefulness and reliability that the free version have proved in the past, even a limited one will have user attention, and thus not lead poor people into saying this and that about this great software in any other way.
    A free version is still useful to you because people with high demand will have no use for it, but the little guys will use it instead of the other free products, just because the fact that they were happy with it in the past.
    It's nothing to loose for you, but you give something to the little guy. Also, you are not wrong if you say that the software that does not need advanced protection might not have the value to even need a protection in the first place. And you are right.
    Fortunately for us, the little ones, we can just not use it. But again the question rises, why the freak show we even start this in the first place, why we used this app, why you start to build it in the first place. Your first idea was not to sell it. The same way MY first idea is not to sell my software. So, how can I play with obfuscation in the mean while? While I'm not selling anything. Eazfuscator says that I should stop playing. For me that is somehow rude, given the love that I have for it. Think about it, it's just like you like a girl is funny appealing, and then suddenly she makes more money than you, she finds new friends, and she is not even looking at you anymore, she avoids looking. I mean she could just look right? For the old time sake, so I wont feel like a looser :) All the good wishes. The anonymous.

    ReplyDelete
    Replies
    1. Dear Anonymous,

      - The free Eazfuscator.NET versions have no time bombs.
      - Everybody who have installed free Eazfuscator.NET still can use it.
      - All customers of free versions are eligible for a discount if they decide to upgrade

      So nobody feels like an ex-boo, we have taken care of it.

      I understand you, other alternatives to Eazfuscator.NET may look pitifully. I appreciate you can feel this difference. Thank you.

      Every girlfriend needs a good care to stay classy. So, join the revolution and become our customer! Don't be aside.

      Delete
  3. Looks great =) however, will this work with "Windows Store App" / WinRT ?

    It appears that WinRT's (System.Reflection) has no "Obfuscation" attribute.
    http://msdn.microsoft.com/en-us/library/windows/apps/hh441595.aspx

    Any suggestions? would love to use this. Thanks in advance.

    ReplyDelete
    Replies
    1. Alexander,

      WinRT has no "Obfuscation" attibute but it can be added from a file ObfuscationAttributes.cs which is located at "C:\Program Files (x86)\Eazfuscator.NET\Code Snippets\C#\ObfuscationAttributes.cs".

      Unfortunately the code virtualization currently can not be applied to WinRT applications. WinRT API is too restricted for this.

      Delete
  4. Oh... I'm new in .NET, searching a free product to protect my app and the wild takes me to your site. Finally I found out that I can't distribute my app after use your product by the line "you can't distribute your app..."

    Good. I think I'll buy somethings from you when I have money :))
    Anyway, this's a good product.
    Good luck, Oleksiy

    ah... sorry for my poor English :)

    ReplyDelete