SA 6.5 insecure ? DE4DOT recovered full source code

[lestersat]

Hello guys, I wanted to evaluate your product because I need a robust obfuscator with exception reporting, but the first attempt to deobfuscate a simple assembly with de4dot (https://github.com/0xd4d/de4dot) succeded and recovered my source code.

In the current state the obfuscator is totally useless, do you plan to improve it ?


Thanks

Lester

[dom.smith]

Hi Lester,

Thanks for the info.

Obviously, no .NET obfuscator can be completely robust, because at the end of the day, the CLR still has to be able to interpret your code. As a general rule, however, the more complex your application, the less likely it is that de-obfuscators like de4dot will be able to recover your code.

We'd be really interested in having a general idea of the complexity of your application and the features in SmartAssembly that de4dot was able to reverse.

To answer your question, though, the good news is yes. In the next few weeks, we hope to be releasing a new version of SmartAssembly, which contains a beta version of a new type of obfuscation. I can't say more at the moment, but keep watching this forum for details of when it is released.

Thanks,

Dom.
_________________
Dominic Smith,
ANTS Performance Profiler Project Manager,
.NET Division, Red Gate Software.

[lestersat]

My app was a very simple one, I agree that a complex application will be more difficult to understand.

The thing that "alarmed" me is that the deobfuscator recovered all the encrypted strings; I will probably add another layer of encryption to my sensitive strings in the program.

Good that you are working on this, I really want to use your product because the exception reporting is very well done and it will be a great value for our application.

Regards
Lester