Dotfuscator is a .NET Obfuscator & much more. It provides enterprise-grade app protection, greatly reducing the risk of piracy, intellectual property theft and tampering. Our layered obfuscation, encryption, watermarking, auto-expiry, anti-debug, anti-tampering and alerting and defense technology provides protection for hundreds of thousands of applications around the world.

How easy is it to Decompile .NET apps?
All .NET applications and libraries are compiled to Microsoft Intermediate Language (MSIL). MSIL maintains high-level information about your code including its structure and class, field, method, property and parameter names. With a free decompiler, it is very easy to recreate the source code. Obfuscation and related techniques can make it much more difficult for a hacker or competitor to reverse-engineer your application.

Why use a .NET Obfuscator?
By making a .NET application much more difficult to reverse-engineer, you can help protect against intellectual property (trade secret) theft, bypassing licensing or other access checks, and searching for vulnerabilities.

How does Obfuscation and Code Protection Work?
Various different techniques that complement each other are used to create a layered defense to make reverse engineering, tampering, debugging much more difficult. Some examples include:

Rename Obfuscation
String Encryption
Control Flow Obfuscation
Unused Code and Metadata Removal
Binary Linking/Merging
Dummy Code Insertion
Instruction Pattern Transformation
Opaque Predicate Insertion
Anti-Tamper Wrapping
Anti-Debug Wrapping
Root Check for Xamarin.Android
Watermarking
Security Alerts
Custom Response to Tamper or Debugging

Why should you protect your .NET code against debugging?
Whether a hacker is trying to steal your data, pirate your app, or modify the behavior of a critical piece of software as part of a larger crime – a production debugger is the hacker’s weapon of choice. You should not make it easy for them.

Why do you need to protect your Xamarin apps against rooted devices?
Rooted devices are an important security concern for Android apps. Users root their devices to change to the way the OS operates which in turn allows apps to break out of their normal security safeguards. Running on a rooted device can expose your apps to various dangers such as password stealing keyloggers and malware.

We’ve seen it all!
We protect and harden all .NET applications (mobile, server, desktop) while supporting highly-complex development and build environments.
We provide seamless integration with Visual Studio, as well as support for Xamarin and Universal Apps.
Incremental obfuscation facilitates releasing patches without redistribution of your entire application.
Cross-assembly obfuscation extends renaming and other advanced protection capabilities across multiple binaries and distributed development support.
Built-in “Smart” Obfuscation provides optimized support for XAML, BAML, XAP, mobile and ClickOnce scenarios.
Tried & True
Our .NET code protection is subjected to Microsoft regression tests, security audits, code reviews and quality gates as part of the Visual Studio development platform.
With an install-base estimated at over 1,000,000, you can be confident that almost every issue has been identified, diagnosed, and addressed.
We’ve been making sure your applications are protected for the last 20 years and we plan to be around for the next 100!
Support & Updates
Dotfuscator is continually being improved to keep ahead of malicious characters – we average six releases per year.
Our protection products are our main development focus and we are continually improving them based on our customers’ feedback.
We have a dedicated, experienced support team ready to help you.

Obfuscate and Harden your .NET Applications against Attacks
App Hardening includes obfuscation and application self-protection functionality. Only a layered approach can provide the protection you need. Review each section below to learn more.

Renaming • Control Flow • String Encryption • Watermarking • Pruning • Linking
• Tamper Detection & Defense • Debug Detection & Defense • Shelf Life • Root Check for Xamarin.Android

RENAMING
Renaming obfuscation alters the names of methods, variables, etc., making source code more difficult to understand. Dotfuscator uses a deeper form of obfuscation, developed for Dotfuscator and patented by PreEmptive Solutions, called Overload Induction™. Instead of substituting one new name for each old name, Overload Induction renames as many methods as possible to the same name. After this deep obfuscation, the logic, while not destroyed, is beyond comprehension.

CONTROL FLOW
Traditional control flow obfuscation introduces false conditional statements and other misleading constructs in order to confuse and break decompilers. This process synthesizes branching, conditional, and iterative constructs that produce valid forward (executable) logic, but yield non-deterministic semantic results when decompilation is attempted. Control Flow obfuscation produces spaghetti logic that can be very difficult for a cracker to analyze.

Dotfuscator employs advanced control flow obfuscation. In addition to adding code constructs, Dotfuscator works by destroying the code patterns that decompilers use to recreate source code. The end result is code that is semantically equivalent to the original but contains no clues as to how the code was originally written. Even if highly advanced decompilers are developed, their output will be guesswork.

STRING ENCRYPTION
Dotfuscator allows you to hide user strings that are present in your assembly. A common attacker technique is to locate critical code sections by looking for string references inside the binary. For example, if your application is time locked, it may display a message when the timeout expires. Attackers search for this message inside the disassembled or decompiled output and chances are when they find it, they will be very close to your sensitive time lock algorithm.

Dotfuscator addresses this problem by allowing you to encrypt strings in these sensitive parts of your application, providing an effective barrier against this type of attack.

Since string encryption incurs a slight runtime penalty no string encryption is performed except on the parts of the application that you specify.

WATERMARKING
Watermarking helps track unauthorized copies of your software back to the source by embedding data such as copyright information or unique identification numbers into a .NET application without impacting its runtime behavior. Dotfuscator’s watermarking algorithm does not increase the size of your application, nor does it introduce extra metadata that could break your application.

PRUNING - UNUSED METHOD REMOVAL
Small applications download faster, install faster, load faster and run faster. Dotfuscator's pruning feature statically analyzes your code to find the unused types, methods, and fields, and removes them. Dotfuscator also removes debug information and non-essential metadata from a MSIL file as it processes it, making the application smaller and reducing the data available to an attacker.

LINKING - ASSEMBLY MERGING
Dotfuscator can combine multiple input assemblies into one or more output assemblies. Assembly linking can be used to make your application even smaller, especially when used with renaming and pruning, and can simplify deployment scenarios.

For example, if you have input assemblies A, B, C, D, and E, you can link assemblies A, B, and C and name the result F. At the same time, you can also link D and E and name the result G. The only rule is that you can't link the same input assembly into multiple output assemblies.

DEBUG DETECTION & DEFENSE USING CHECKS
Checks are prebuilt validations Dotfuscator can inject into your .NET apps. Your apps will then be able to detect unauthorized use, like debugging or tampering. Despite the name, Checks do more than just detect these states; they can also react in pre-specified ways, such as by exiting the app. Checks can also call into application code, allowing for custom behavior based on the Check’s result. These reporting and response features are configurable per-Check, so all your apps can detect unauthorized uses in the same way, but each app can respond to that detection differently.

Shelf Life is an application inventory management function that allows you to embed expiration, or de-activation, and notification logic into an application. Dotfuscator injects code that reacts to application expiration by exiting the application and/or sending a message. This feature is particularly helpful with beta or evaluation applications. Users can schedule an application’s expiration/de-activation for a specific date and optionally issue warnings to users that the application will expire/de-activate in a specific number of days.

ROOT CHECK FOR XAMARIN.ANDROID
Rooted devices are an important security concern for your Android apps. Dotfuscator can detect when an app is running on a rooted device (offline or on a network) and users can abort the session, quarantine the app, and/or report the incident.

Only for V.I.P