0

I have a web application I am trying to obfuscate portions of it, but use library mode so that all the public portions of the application should appear with names unchanged so it is accessible to the web. So I am trying to obfuscate some parts and not others. The sites I have visited appear to support it but I am getting an exception:
Click Here

Here is my Dotfuscator.xml file which is on the root of the project.

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE dotfuscator SYSTEM "http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v1.1.dtd">
<dotfuscator version="1.1">
  <propertylist>
    <property name="SourceDirectory" value="This Path Will Be Replaced By Visual Studio" />
    <property name="SourceFile" value="This Filename Will Be Replaced By Visual Studio" />
  </propertylist>
  <global>
    <!--set library option -->
    <option>library</option>
  </global>
  <trigger>
    <filelist>
      <file dir="${SourceDirectory}\" name="${SourceFile}" />
    </filelist>
  </trigger>
  <output>
    <file dir="${SourceDirectory}\Dotfuscator\" />
  </output>
</dotfuscator>

Here are my post build events:

"C:\Program Files (x86)\Microsoft Visual Studio 14.0\PreEmptive Solutions\Dotfuscator and Analytics Community Edition  \dotfuscatorCLI.exe" /q /p=SourceDirectory=$(TargetDir),SourceFile=$(TargetFileName) $(ProjectDir)Dotfuscator.xml
copy $(TargetDir)Dotfuscator\$(TargetFileName) $(TargetDir)$(TargetFileName)
rmdir /S /Q $(TargetDir)Dotfuscator

I get this error though, so there is something wrong with the obfuscation:

HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.
Most likely causes:
A default document is not configured for the requested URL, and directory browsing is not enabled on the server.

I believe this is due to the obfuscator obfuscating too much, eg public variables and methods getting obfuscated. This should be possible, it just isn't working for me. If anyone has a good procedure for obfuscating web code that doesn't break things that would be good.

2
Contributors
3
Replies
17
Views
2 Weeks
Discussion Span
Last Post by rproffitt
0

I have a question. You claim this is a web app. I looked over what https://www.preemptive.com/ offers and found no web obsfucation offering.

So let me guess your app runs on the server and not the web browser.

My question is then: How would the web user gain access to your executables?

By placing them on your server, they run there and are not exposed unless you left out some detail.

0

I was hoping to create retail software. The software developers who would end up recieving it would inevitably get free lunch if they got the software as is. All I wanted was a procedure, but it may not be possible. The library function would have worked in theory, but it does not appear to in reality.

0

@over. That clarifies this for me. And now my comment about investing too much in obfustication.

Let's start with this statement after reading https://en.wikipedia.org/wiki/Obfuscation

Obfustication does not secure applications from reverse engineering.

At best you only made it harder but didn't gain much. This is why I don't bother with obfuscation beyond a check box and let it do its thing.

Why do we do this at our shop? Simple reasons. Mostly to do with costs and being able to maintain the code or in some cases, getting the app delivered. If obfustication COSTS us anything, it is dismissed quickly. Remember it's not giving us much if any security which of course those that sell it will disagree.

So like "cake or death" my choice as to "deliver or not."

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.