Further notes on SmartAssembly Obfuscation

Some further notes on things I’ve learnt using SmartAssembly on some of our products.

  • Constants do not get obfuscated. Use static readonly variables in their place if the constant contains sensitive information.
  • Run Reflector (or reflection tool of your choice) against your assembly after obfuscation, to check what is visible. Then go back and make the bits you accidentally left public internal or private.
  • Make as many classes and methods as you can Internal
  • Do read the instructions on the attributes you can apply to control obfuscation.
  • Do use Pruning if you want to remove parameter names for methods. That can leak a lot of information about what a class is doing.

 

 

Further notes on SmartAssembly Obfuscation

Obfuscation, Code Analysis, and Check-In policies

As mentioned before, we’ve started to use SmartAssembly to obfuscate some of our products. We also use Team Foundation Server (TFS) as source control and build server. Using obfuscation with code analysis caused some issues, which were compounded by our check-in policies. Continue reading “Obfuscation, Code Analysis, and Check-In policies”

Obfuscation, Code Analysis, and Check-In policies