Some further notes on things I’ve learnt using SmartAssembly on some of our products.
- Constants do not get obfuscated. Use static readonly variables in their place if the constant contains sensitive information.
- Run Reflector (or reflection tool of your choice) against your assembly after obfuscation, to check what is visible. Then go back and make the bits you accidentally left public internal or private.
- Make as many classes and methods as you can Internal
- Do read the instructions on the attributes you can apply to control obfuscation.
- Do use Pruning if you want to remove parameter names for methods. That can leak a lot of information about what a class is doing.