Obfuscation: It's not just for Java anymore

• By Jack Vaughan
• November 18, 2002

[PROGRAMMERS REPORT, November 19, 2002] -- Obfuscation found a place in many development toolkits with the advent of Java. Java's use of interpretive methods and virtual machines made it much easier for outsiders to inspect, and even alter, Java code -- so obfuscators came into being with the main purpose of obscuring code and stopping trespassers.

Now a leading Java obfuscation house is extending its work into the .NET realm. Cleveland-based PreEmptive Solutions Inc., along with Microsoft Corp., has announced the integration of PreEmptive's Dotfuscator Community Edition into the next version of Microsoft's Visual Studio .NET, code-named ''Everett.'' The integration will provide developers writing code to run on the .NET Framework with an extra layer of protection against reverse engineering or decompilation.

''The problem came up with Java, and the same problem occurs with .NET. With modern environments you have intermediate languages that let decompilers reengineer your source code verbatim,'' said Gabriel Torok, president, PreEmptive. ''The only thing the decompiler doesn't get is comments and local variable names.''

Decompilers could be used maliciously before Java, but it was a more complicated undertaking. ''It used to be more difficult,'' said Torok. ''They compiled down to, for example, 8086 native code.'' The results of such decompilation were much more cryptic.

The basic obfuscator supported in Everett can be upgraded to PreEmptive's Dotfuscator Professional Edition, noted Torok. That version supports Control Flow Obfuscation, Pruning, String Encryption, Enhanced Overload Induction and Incremental Obfuscation.

Links:
For other Programmer Report articles, please go to http://www.adtmag.com/article.asp?id=6265