Capabilities of Dotfuscator
Applies to: Visual Studio Visual Studio for Mac
Note
This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
This page focuses on the capabilities of Dotfuscator Community with some references to advanced options available through upgrades.
Dotfuscator Community is a post-build system for .NET applications. With it, Visual Studio users are able to obfuscate assemblies and inject active defense measures into the application - all without Dotfuscator needing to access the original source code. Dotfuscator protects your application in multiple ways, creating a layered protection strategy.
Dotfuscator Community supports a wide range of .NET assembly and application types, including Universal Windows Platform (UWP) and Xamarin.
Intellectual Property Protection
Your application's design, behavior, and implementation are forms of intellectual property (IP). However, applications created for .NET are essentially open books; it's easy to reverse engineer .NET assemblies, as they contain high-level metadata and intermediate code.
Dotfuscator Community includes basic .NET obfuscation in the form of renaming. Obfuscating your code with Dotfuscator reduces the risk of unauthorized access to source code through reverse engineering, as important naming information will no longer be public. Obfuscation also shows effort on your part to protect your code from examination - a valuable step in establishing that your IP is legally protected as trade secret.
Many of the application integrity protection features of Dotfuscator Community further hinder reverse engineering. For instance, a bad actor may attempt to attach a debugger to a running instance of your application in order to understand the program logic. Dotfuscator can inject anti-debug behavior into your application to obstruct this.
Application Integrity Protection
In addition to protecting your source code, it's also important to ensure your application is used as designed. Attackers can attempt to hijack your application in order to circumvent licensing policies (that is, software piracy), to steal or manipulate sensitive data handled by the application, or to change the behavior of the application.
Dotfuscator Community can inject application validation code into your assemblies, including anti-tamper, anti-debug, and anti-rooted device measures. When an invalid application state is detected, the validation code can call upon application code to address the situation in an appropriate way. Or, if you prefer not to write code to handle invalid uses of the application, Dotfuscator can also inject response behaviors, without requiring any modification to your source code.
Many of these same methods may also be used to enforce end-of-life deadlines for evaluation or trial software.