How can we help you today? How can we help you today?

SA 6.5 insecure ? DE4DOT recovered full source code

Hello guys, I wanted to evaluate your product because I need a robust obfuscator with exception reporting, but the first attempt to deobfuscate a simple assembly with de4dot (https://github.com/0xd4d/de4dot) succeded and recovered my source code.

In the current state the obfuscator is totally useless, do you plan to improve it ?


Thanks

Lester
lestersat
0

Comments

2 comments

Sort by
  • dom.smith
    Hi Lester,

    Thanks for the info.

    Obviously, no .NET obfuscator can be completely robust, because at the end of the day, the CLR still has to be able to interpret your code. As a general rule, however, the more complex your application, the less likely it is that de-obfuscators like de4dot will be able to recover your code.

    We'd be really interested in having a general idea of the complexity of your application and the features in SmartAssembly that de4dot was able to reverse.

    To answer your question, though, the good news is yes. In the next few weeks, we hope to be releasing a new version of SmartAssembly, which contains a beta version of a new type of obfuscation. I can't say more at the moment, but keep watching this forum for details of when it is released.

    Thanks,

    Dom.
    dom.smith
    0
  • lestersat
    My app was a very simple one, I agree that a complex application will be more difficult to understand.

    The thing that "alarmed" me is that the deobfuscator recovered all the encrypted strings; I will probably add another layer of encryption to my sensitive strings in the program.

    Good that you are working on this, I really want to use your product because the exception reporting is very well done and it will be a great value for our application.

    Regards
    Lester
    lestersat
    0

Add comment

Please sign in to leave a comment.