How can we help you today? How can we help you today?

Best way to obfuscate a big .net 8 project with ReadyToRun enabled?

I'm looking at your trial edition to find a way to obfuscate our product, but can't find an easy solution for it:

Some facts:

  • Multiple main projects (Windows desktop executables and Windows services)
  • - > 150 own assembly libraries in use, C# and vb.net
  • - lots of 3rd party NuGet package assemblies
  • - ReadyToRun release builds, self-contained but not single file

I found instructions on how to set up SmartAssembly obfuscation for a main assembly, between the build and ReadyToRun phases, but of course that's only 1/150th of the work to be done. (https://documentation.red-gate.com/sa/building-your-assembly/using-smartassembly-with-readytorun-images-net-core-3)

I also found a forum answer in https://productsupport.red-gate.com/hc/en-us/community/posts/24974651698461-Obfuscate-multiple-assemblies-you-know-like-a-normal-project about setting up a traversal project specifying which targets to obfuscate, but does it mean I still need to create all the .saproj projects, specify the <SmartAssembly ProjectFile="$(AssemblyName).saproj" /> tag everywhere, and is this still the wright way of working for creating ReadyToRun assemblies of these?

It is unlikely we will be able to use the merge feauture in the near future, so we'll keep deploying all assemblies separately (no merge feature)

What is the best solution for this, without changing other things to the project, to have the main and other own assemblies?

 

Tim
1

Comments

1 comment

Sort by
  • Jon Kirkwood
    Official comment

    Hi Tim

    Thank you for reaching out on the Redgate forums regarding your SmartAssembly query. 

    You're correct that obfuscating a large solution with multiple assemblies — especially when working with ReadyToRun, self-contained builds — requires a bit more setup, particularly without using the merge feature. 

    The recommended approach in this scenario is to use a traversal project. 

    Here’s how that typically works: 

    • Create a .saproj file for each assembly you want to obfuscate. Each .saproj will define the input/output paths and relevant obfuscation settings.
    • Set up a traversal MSBuild project that sequentially runs SmartAssembly for each of those .saproj files. This is done by referencing the SmartAssembly MSBuild task like so:
      • <SmartAssembly ProjectFile="Path\To\YourAssembly.saproj" />

    These entries can be listed one after another inside a custom MSBuild target, allowing you to run all obfuscation steps in a single build pass. 

    Each project will need to be defined explicitly, as SmartAssembly does not currently support wildcards or dynamic project discovery. 

    • Ensure obfuscation occurs before the ReadyToRun compilation — obfuscating after native image generation isn’t supported, as native images cannot be modified by SmartAssembly. 

       

    While this process is more manual than using the merge feature, it provides the flexibility needed for large applications deploying assemblies individually. 

    Jon Kirkwood

Add comment

Please sign in to leave a comment.