Red Gate forums :: View topic - SA 6.5 insecure ? DE4DOT recovered full source code
Return to www.red-gate.com RSS Feed Available

Search  | Usergroups |  Profile |  Messages |  Log in  Register 
Go to product documentation
SmartAssembly 6
SmartAssembly 6 forum

SA 6.5 insecure ? DE4DOT recovered full source code

Search in SmartAssembly 6 forum
Post new topic   Reply to topic
Jump to:  
Author Message
lestersat



Joined: 09 Dec 2011
Posts: 2

PostPosted: Sat Dec 10, 2011 12:02 am    Post subject: SA 6.5 insecure ? DE4DOT recovered full source code Reply with quote

Hello guys, I wanted to evaluate your product because I need a robust obfuscator with exception reporting, but the first attempt to deobfuscate a simple assembly with de4dot (https://github.com/0xd4d/de4dot) succeded and recovered my source code.

In the current state the obfuscator is totally useless, do you plan to improve it ?


Thanks

Lester
Back to top
View user's profile Send private message
dom.smith



Joined: 03 Jun 2010
Posts: 94
Location: Cambridge, UK

PostPosted: Mon Dec 12, 2011 10:10 am    Post subject: Reply with quote

Hi Lester,

Thanks for the info.

Obviously, no .NET obfuscator can be completely robust, because at the end of the day, the CLR still has to be able to interpret your code. As a general rule, however, the more complex your application, the less likely it is that de-obfuscators like de4dot will be able to recover your code.

We'd be really interested in having a general idea of the complexity of your application and the features in SmartAssembly that de4dot was able to reverse.

To answer your question, though, the good news is yes. In the next few weeks, we hope to be releasing a new version of SmartAssembly, which contains a beta version of a new type of obfuscation. I can't say more at the moment, but keep watching this forum for details of when it is released.

Thanks,

Dom.
_________________
Dominic Smith,
Project Manager,
Red Gate Software.
Back to top
View user's profile Send private message
lestersat



Joined: 09 Dec 2011
Posts: 2

PostPosted: Mon Dec 12, 2011 11:52 am    Post subject: Re: Reply with quote

My app was a very simple one, I agree that a complex application will be more difficult to understand.

The thing that "alarmed" me is that the deobfuscator recovered all the encrypted strings; I will probably add another layer of encryption to my sensitive strings in the program.

Good that you are working on this, I really want to use your product because the exception reporting is very well done and it will be a great value for our application.

Regards
Lester
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic All times are GMT + 1 Hour
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group