Obfuscating an add-in

230
3
10-21-2020 12:00 PM
MarvisKisakye1
Occasional Contributor

My attempts to obfuscate an add-in specifically using agile.net have been unsuccessful. I excluded all classes inheriting from ArcGIS.Desktop.Framework.Contracts as well as not obfuscating the xaml file as stipulated at ProConcepts Advanced Topics · Esri/arcgis-pro-sdk Wiki · GitHub. After obfuscation however,  the add-in doesn't work. I am wondering if it's possible to obfuscate an add-in; has someone successfully accomplished this? Uma HaranoWolfgang Kaiser

Tags (3)
0 Kudos
3 Replies
AdamDavis
Occasional Contributor

Hi Marvis,

We use Agile.net on our Desktop and Pro Application.

Pro must have the same name in the daml and as the name of the class (or it is obfuscated and that is reflected in the daml)

We achieve this by

[Obfuscation(Exclude = true)]
public class Dosomething : Button
{
protected override void OnClick()
{
using (DosomethingCommand dosomethingCommand = new DosomethingCommand())
{
dosomethingCommand.Command();
}
}
}‍‍‍‍‍‍‍‍‍‍‍‍

Try this first with doSomethingCommand doing nothing and then build from there.

There can be other issues in the code that cause it not to work - eg enums <-> string etc 

Also turn most of the settings off in Agile.net and switch them on one by one and test.

It can be frustrating narrowing it down to where it is failing - the ObfucationMap xml that Agile produces can help there if you set Exceptions to show.

Best regards,

Adam

0 Kudos
MarvisKisakye1
Occasional Contributor

I added [Obfuscation(Exclude = true)] which is a neat way to exclude classes.

I followed your advice and tested each obfuscation option individually. I found that Renaming, Control flow, String obfuscation and Resource Encryption are the only options that work. I wonder if that's adequate protection....

Have you been able to get the Method call obfuscation, Code encryption and Code virtualization  options to work?

0 Kudos
AdamDavis
Occasional Contributor

Hi Marvis,

We've never managed to get code virtualization work with ArcGIS, ArcGIS Pro or AutoCAD. I suspect it's because we are creating an add-on to an existing product rather than directly on Windows. These products must do a certain amount of probing of our dlls to get what they need and ensure all dependencies are present etc.

Method Call Obfuscation and Code Encryption work OK for us. 

You can use something like JetBrains DotPeek to take a look at how the code looks after obfuscation to get a sense of how well the code is "protected". If you aim is to ensure the logic of your code is not copied then you just need to make it it more time-consuming to deobfuscate than for someone to write it from new. If your aim is to protect a licencing scheme then it may not be sufficient.

Adam

0 Kudos