Code Obfuscation: What it is and should You Use It?

Certain programming languages like .NET and Java can very easily be decompiled to readable sources. There are a lot of definitions about the code obfuscation, but to explain it better we the code obfuscation is the process that makes your application binaries slightly harder to read with a decompiler. It is a very important tool to protect the intellectual property of your business.

Why Obfuscate Code?

Some compiled languages get converted directly to bytecode, for example C++. If you want to reverse engineer, the only way to work is with a disassembler, which is a complicated and arduous process. Though, it is not impossible, inferring high level app logic from a stream of assembly language is quite difficult.

On the other side, languages like Java and C# are not compiled for any particular OS. They are more complied to an intermediary language, such as MSIL from .NET’s. This intermediary language is very similar to assembly, but it’s very easily converted back into the source code. So this does mean that in case you have a executable or public Dynamic-link library (DLL), anyone who possesses a copy of your executable are able to open it up in, let’s say dotPeek (.NET decompiler), and directly read your source code, and copy it as well.

Any .NET DLL can be plugged into a decompiler, so code obfuscation cannot prevent this process. But what obfuscation does is use a number of things in order to make the source code very annoying to read and debug.

Renaming is the simplest form of this entity. It is a very common practice to properly name all of the methods, variables, parameters and classes according to what function they do. But of course you don’t have to do that, so there is nothing that is really stopping you from naming them with lowercase L’s and I, or random similar combinations of unicode characters, just to make the code very hard to read and debug. For the computer it is all the same, but to a human is very difficult to distinguish. 

It could look something like this:



(neat, right?)

This process will be handled automatically by a basic obfuscator, taking the output from the build and then converting it to something that is really, really hard to read. By doing this there is no performance decrease to non-obfuscated code.

There are types of advanced obfuscators that can make it possible to change the structure of the source code. This means it can replace control structures with identical syntax but it looks more complicated. 

It can also embed a code that doesn’t do anything, but it would make it harder to read for the decompiler. This means the source would look like ‘spaghetti code’ – which means it would annoy anyone who tries to read the code. 

Hiding strings – is one of the common things. In this way, string obfuscation can replace strings with encoded messages – which are also decrypted, and it makes it difficult to search for them from a decompiler.

There are lots of options for obfuscators, it depends on the language the obfuscators are using. For example, Obfuscar, ProGuard, Javascript-obfuscator. etc.

Another option: You can convert to a Compiled Language

Actually, you can convert one programming language to another one, isn’t that a hard or crazy idea. It is an effective way to secure games from cracking, and it is an important step to do when protecting from piracy and cheaters. For example, Unity uses an IL2CPP converter to transform .NET code into C++ bytecode.

Is it necessary to Obfuscate?

Untrusted environments exist – so if you are using a code, and you want to secure it, it is important to use an obfuscator to make decompiling hard. 

Securing your code is a must. Using an obfuscator is a must. If you don’t want anybody to decompile your app, you should try switching to a language that doesn’t have these problems.

Filan Fisteku

Published by
Filan Fisteku

Recent Posts

5 Ways Your Company’s CRM Software can be Improved

The problem with a lot of CRM software is that it is complicated. It can…

2 days ago

The Different Types of Crypto Wallets

Cryptocurrency wallets are required to use Bitcoin and other cryptocurrencies. They're one of the most…

1 week ago

5 Online Business Opportunities To Grab And Succeed In 2021

The world is heading towards digitization, and it seems like there is no shortage of…

1 month ago

Five Router Settings to keep Hackers Off Your Cameras, Smart Speakers, and Network

From ‘chilling at home’ to ‘working from home, your wi-fi router has been your savior…

2 months ago

What is IT Asset Disposition? – ITAD Explained

No matter what business you’re in, I’m sure it’s safe to say “technology plays a…

2 months ago

Top Cybersecurity Threats in 2021

When it comes to cybersecurity threats, every passing year seems to be the worse year…

3 months ago