Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Databinding and code obfuscation

My employer uses Dotfuscator on all our .Net production software. Because of this, we are absolutely forbidden to use ANY built-in databinding or anything that reflects on property/function names - because dotfuscator changes them and therefore anything bound instantly and irredeemably breaks.

I keep rolling this logic over in my mind and it's starting to hurt. There must be a way of avoiding this deadlock, it's too wide-ranging and fundamental a problem to not have an obvious solution that has escaped us.

So, how does one do Reflection with Obfuscation? What's the trick? Presumably there must be commercial obfuscators which are intelligent enough to work around the problem. What are the options for our version?

like image 346
Tom W Avatar asked Sep 18 '10 10:09

Tom W


1 Answers

We have made a number of improvements to Dotfuscator that should help alleviate issues related to databinding. Smart Obfuscation functionality was added in the 4.3.100 version in March 2008 to statically analyze assemblies and automatically exclude items from renaming/removal that are known to cause runtime errors. We have consistently expanded and enhanced this functionality and today's Dotfuscator works around standard data binding scenarios with usually no to minimal extra configuration.

Even if Smart Obfuscation does not catch every one of your scenarios it is very easy to define custom rules to exclude properties of certain types or inheritance hierarchies by using custom exclusion rules (including matching types by RegEx patterns). You can also decorate items with the System.Reflection.ObfuscationAttribute attribute to ensure that they will be excluded from renaming or removal when run through Dotfuscator.

If you are binding from XAML markup to types in codebehind the last few releases have supported renaming the XAML/BAML to match the code behind. This improves overall hardening and also eliminates an entire range of issues when symbols in the markup do not match the code definitions.

I would recommend working up a few simple proof of concept applications using databinding similar to what you want to use in your applications and running those through Dotfuscator to see how well it handles them. If you find any scenarios where Smart Obfuscation is not automatically excluding targets of data binding send them on to [email protected] . We're always looking for well defined scenarios to improve the product.

like image 74
Joe Kuemerle Avatar answered Sep 26 '22 19:09

Joe Kuemerle