Community

Positive experience of obfuscating add-in (VB.Net), anybody?

Positive experience of obfuscating add-in (VB.Net), anybody?

Maxim-CADman77
Advisor Advisor
1,166 Views
11 Replies
Message 1 of 12

Positive experience of obfuscating add-in (VB.Net), anybody?

Maxim-CADman77
Advisor
Advisor
‎06-12-2023 08:46 AM

Before publish an install pack of my new Inventor Add-in I'd like to "protect" if a bit.
AFAIK easiest way to protect DLL from beginner-reverse-engineers is obfuscation.

I've tried to obfuscate my job with one of open-source Confuser mods/forks (a free but not easy to decompile solution) but it then fails to load to Inventor.
I wonder If there anybody willing to share his positive add-in obfuscation experience (if any).
... or let me know via PM ...

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Accepted solutions (2)
Solution 1
Solution 2
1,167 Views
11 Replies
Replies (11)
Message 2 of 12

Frederick_Law
Mentor
Mentor
‎06-12-2023 09:32 AM

I've never used any.

A quick Google on Confuser:

https://mkaring.github.io/ConfuserEx/

 

obfuscating "randomize" all human readable names.

Make sure it doesn't obfuscate IV calls or any public names in your program.

0 Likes
Like
Report
Message 3 of 12

Maxim-CADman77
Advisor
Advisor
in reply to Frederick_Law
‎06-12-2023 09:36 AM

Thank for your interest to the thread.
Any ideas on how can I check IV calls?

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Message 4 of 12

Frederick_Law
Mentor
Mentor
‎06-12-2023 09:48 AM

No idea.

ConfuserEx got rules to setup.

Took a quick look but no idea how to set them.

0 Likes
Like
Report
Message 5 of 12

Maxim-CADman77
Advisor
Advisor
in reply to Frederick_Law
‎06-12-2023 10:02 AM
Accepted solution

Here are some details on start using Confuser - https://stackoverflow.com/questions/24154502/how-to-use-confuserex
There are two ways: GUI and CLI (as beginner I'm using GUI).

Not sure to understand all correctly but:

Firstly I tried all four presets (Minimal, Normal, Aggressive, Maximal) .
I do see difference* yet none of four DLL-versions loaded to Inventor.
Later I generated 13 more DLL-variants by adding each of 13 rules to None preset ... with same negative result.

 

*

I study result with JustDecompile by Telerik (DotPeak by JetBrains fails because of cached)

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Message 6 of 12

Michael.Navara
Advisor
Advisor
‎06-13-2023 12:24 AM
Accepted solution

My experiences with obfuscation.

I have used ConfuserEx for many years and I have been satisfied with them. It requires some testing with configuration and you need to find a balance between protection level and issues caused by obfuscation. For example anti-debug causes issue for a developers who has loaded your add-in and want to debug his own.

 

Another point of view is why you want to protect your code. I have worked as a developer over 15 years and my opinion is when someone can decompile DLL he can write the code by himself. Most of my code uses public API, open-source libraries and core of code is mostly publicly described on forums.

I have used obfuscation only for sensitive parts of code. For example license check because this is mostly required by licensing system vendor. 

At least 99% of users don't know that the DLL file can be decompiled and this is sufficient protection in my opinion.

 

And finally. Against real hackers there is no defense, because on the internet you can find a lot of de-obfuscators for all common obfuscators. If you really want protect your code, use C++ and compile them to native code. This is really hard to decompile.

 

I hope it helps.

VBA Object Browser for Inventor | iLogic for VisualStudio | Inventor AddIn Debugger
Report
Message 7 of 12

Maxim-CADman77
Advisor
Advisor
in reply to Michael.Navara
‎06-13-2023 12:32 AM

Wow!
Thank you @Michael.Navara 
You are right - I'm playing with obfuscation mostly because I want to introduce some minimal protection to the add-in's licensing check.
...but it is a part of my Add-In dll ... should it be a separate dll?

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Message 8 of 12

LukeDavenport
Collaborator
Collaborator
in reply to Maxim-CADman77
‎06-13-2023 01:06 AM

Hi @Maxim-CADman77 - I don't have @Michael.Navara 's knowledge about it, but I have been developing, selling and supporting Inventor addins (on the app store and directly) for a while now. I was initially concerned about copy protection and obfuscation etc, but then I realised I was spending too much time on that instead of actually developing the products. And I realised that the class of Inventor user with the knowledge/desire to spend time decompiling/hacking even a basic licencing or activation method are never the kind of user who would pay a subscription for your app anyway, if you managed to 'fortify' it enough :-). The other class of user (the vast majority, as @Michael.Navara says), have different priorities. Normally their priorities are 1) quick and efficient support. 2) a good product that gets their job done. 3) good documentation. And they know they won't get priority number 1 if they've somehow got hold of a hacked copy. So they're not interested in it. My advice would be to focus your energies on those 3 things and don't worry about the tiny minority who expect everything for free :-).

0 Likes
Like
Report
Message 9 of 12

Maxim-CADman77
Advisor
Advisor
in reply to LukeDavenport
‎06-13-2023 01:34 AM

@LukeDavenport, thank for your opinion.
I've already spend about a year to make core functionality and documentation and I feel more-or-less satisfied with the result but I don't want to share non-obfuscated install pack.
I just want to make the cost of reverse-engineer to be obviously higher then purchase.
I don't bother about feelings of those who don't purchase anything. I wouldn't mind them to develop own analog but prefer they do this "from the scratch".
Nobody can protect his/her car from a gone when leaving it in some public place but it is considered a common practice to lock it, right?
Anyway, let us not discuss here why to protect results of your efforts (especially something you developed for commercial purposes) but HOW to do this and issues on that way.
Thank you in advance.

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Message 10 of 12

CattabianiI
Collaborator
Collaborator
in reply to Michael.Navara
‎06-13-2023 01:36 AM

Thanks for sharing. Did you use it in vb.net or c#?
Not an expert of obfuscation and I don't know if the late binding I used a lot in vb.net when using Inventor API, could be a problem.

 www.qsinformatica.it
0 Likes
Like
Report
Message 11 of 12

Maxim-CADman77
Advisor
Advisor
‎06-13-2023 05:38 AM

Ok.
I've tried to obfuscate (using 'Minimum' preset) AttributeHelper.DLL (add-in sample from SDK-UserTools) and got modified DLL, which is loadable and seems to be functional.
Just in case: comparison from inside view:
AttributeHelper-Before-and-After-Confuser.png
... thus it is possible ... and ...

I need to modify my Add-In code somehow (? replace some 'Friend' modifiers with 'Public' one ?) 

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Message 12 of 12

Maxim-CADman77
Advisor
Advisor
‎06-14-2023 12:06 AM

It was discovered that my initial problem is not related to obfuscation at all.
It is some kind of "Release - Only bug".

My Add-in works as expected with Debug-DLL while fails to load with Release-DLL.
... this is first time in my not so long practice, and I don't understand where to move with this yet 😞

PS:
Even so I don't have a solution for my problem I'll mark this thread as solved (with message containing link to minor Confuser instruction  ... in order to simplify the way for those who want to start using it).

Please vote for Inventor-Idea Text Search within Option Names

0 Likes
Like
Report
Report a website issue