Post

Obfuscar: Why NCloak Does Not Work

This post talks about why NCloak does not work.

Mono.Cecil is an important library which enables very easy MSIL/CIL manipulation. Upon it several projects are built, both commercial and open source. In obfuscator land, Obfuscar is such a typical example, but it is obviously not the only one.

NCloak is another MIT licensed obfuscator based on Mono.Cecil and it introduces a few interesting features,

  • Full obfuscation of all members (already in Obfuscar)
  • String encryption (already in Obfuscar)
  • Simplification and Optimization of code
  • Anti-reflection and anti-ildasm methods
  • Basic tamper proofing solution (resource based)

Is it possible to reuse some of the code in Obfuscar? I just finished a few experiments.

  • Sadly its code simplification code cannot be used, as .NET CLR (at least 4.0) does not recognize the generated assembly.
  • For the same reason, anti-reflection is also broken.
  • Basic tamper proofing seems to be experimental, so I did not touch it.
  • Anti-ildasm is almost useless.

Thus, the last useful bit is code optimization. As a result, a new option is now added, named OptimizeMethods.

There are other open source obfuscators, but their licenses are too restrictive, and I could not reuse their code at this moment.

© Lex Li. All rights reserved. The code included is licensed under CC BY 4.0 unless otherwise noted.
Advertisement