Code Encryption

Babel Obfuscator's Code Encryption feature allows users to encrypt their entire code to protect it from reverse engineering.

Babel Obfuscator transforms the original method IL instruction into a new set of custom instructions that can include various obfuscation techniques that it makes more difficult to reverse engineer or modify the code. Once the new representation of the code has been constructed, it is encrypted using the chosen encryption algorithm (such as AES) to make it even more difficult to understand or modify.

At runtime, when the protected assembly is loaded into memory, the Babel Virtual Machine (BVM) is used to decrypt and execute the protected code. The BVM is a lightweight runtime engine included with the obfuscated assembly and provides the necessary functionality to decrypt the code, execute it, and ensure it runs correctly.

Code Encryption offers a strong level of protection against reverse engineering and intellectual property theft, but they also come with trade-offs in terms of application performance and complexity, so it is not recommended to apply it to the entire codebase. Instead, it is better to selectively apply this obfuscation technique to the most sensitive parts of the code that require protection while using other obfuscation techniques for the rest of the code. This way, you can strike a balance between security and performance.

The Babel Code Encryption is a completely managed solution. This means that the encrypted methods are not replaced by native code targeting a specific platform. This managed method solution ensures that the cross-platform nature of the .NET Framework is not compromised and allows the Just-In-Time (JIT) compiler to optimize code for the target CPU.

Code Encryption Limits

The Babel Code Encryption feature is not supported on .NET MAUI and Blazor assemblies due to the following key reasons:

Platform Constraints

Ahead-of-Time (AOT) Compilation: Platforms like iOS, which are central to .NET MAUI, rely on AOT compilation. This process compiles code into native binaries ahead of time, eliminating the possibility of dynamic code generation or modification at runtime, which is essential for code encryption and decryption.

Limited Support for System.Reflection.Emit Namespace

Restricted IL Generation: The System.Reflection.Emit namespace, which is used for generating IL dynamically, has limited or no support on key platforms like iOS and WebAssembly (used by Blazor). Since code encryption often relies on dynamic IL manipulation, this limitation further hinders the implementation of encryption features in MAUI and Blazor.

Security Restrictions

Sandboxed Environments: Both MAUI and Blazor operate in environments where apps are sandboxed for security. Platforms like iOS impose strict security measures that prevent any form of runtime code modification to protect against malicious code execution, making dynamic encryption impractical.

Risk of Code Injection: The dynamic code generation required for encryption and decryption poses significant security risks, including potential code injection vulnerabilities. MAUI and Blazor frameworks prioritize security by avoiding such risks.

Due to these constraints, .NET MAUI and Blazor do not support the Code Encryption feature, focusing instead on secure, portable, and platform-consistent development practices.

Enabling Code Encryption

Babel Obfuscator allows the user to selectively apply code encryption to specific methods in the codebase instead of encrypting the entire codebase. This is done to avoid the performance issues that can arise from encrypting large amounts of code.

To indicate which methods should be encrypted, the user can either use an XML rule or the Obfuscation attribute. With an XML rule, the user can specify the names of the methods that should be encrypted.

<Rule name="encrypt code" feature="msil encryption" exclude="false">
  <Target>Methods</Target>
  <Pattern>ACME.Algorithms::*</Pattern>
  <Description>Encrypt all methods of Algorithm class.</Description>
</Rule>

Alternatively, the Obfuscation attribute can be used to mark individual methods for encryption by setting the "Feature" parameter to "msil encryption".

[Obfuscation(Feature = "msil encryption", Exclude = false)]
public void ProcessData()
{
   // Encrypted code
}

By enabling Code Encryption, the selected methods will be encrypted during the obfuscation process.

Command Line

babel myapp.exe --msilencryption

Rather than using XML rules or attributes, the switch command --msilencryption can optionally accept regular expressions to select the methods or types where code encryption should be enabled. For example, the following command:

babel myapp.exe --msilencryption ACME.LicenseManger::.*

Will configure Babel to encrypt all the methods belonging to LicenseManager class in the ACME namespace.

MSBuild Babel Task

<PropertyGroup>
  <MsilEncryption>true</MsilEncryption>
</PropertyGroup>

<Babel MsilEncryption="$(MsilEncryption)" />

Babel UI

To enable code encryption in Babel User Interface, navigate to the "Obfuscation" and click on Settings to open the obfuscation settings panel. Under the Encryption section, check the "Encrypt Code" combo box.

Optionally you can enter a list of regular expressions in the "Filter" field to filter all the namespaces or classes where code encryption should be applied. Leave this empty if you selected the methods to encrypt using XML rules or the Obfuscation attribute.

You can easily verify if the code encryption process has been successfully applied by examining the obfuscation statistics generated during the build process. These statistics provide valuable insights into the transformations and protections applied to your code.

In addition to the obfuscation statistics generated during the build process, the code encryption statistics are also available in the output log. The output log provides a detailed record of the obfuscation process, including any code encryption activities that have taken place.

Encrypt Msil phase, elapsed time 00.579s
Embedded resource: omJYi
   size : 13170 bytes

Method statistics:
   194/[  252]    resources: 76.98 %

   194/[  252]      overall: 76.98 %

Number of encrypted methods: 194

By examining the code encryption statistics in the output log, you can easily verify if code encryption has been applied to your code and gain insights into the level of protection it provides. It allows you to confirm that your sensitive code has been successfully encrypted, ensuring that it remains secure and resistant to unauthorized access.

Last updated