Dynamic Proxy

Dynamic proxy protection is a powerful feature offered by Babel Obfuscator that enhances the obfuscation and protection of your application's code. It allows you to hide method calls to both external and internal code by generating dynamic proxy classes.

When dynamic proxy protection is enabled, Babel Obfuscator creates delegate types or proxy classes that act as intermediaries for method calls. These proxy classes are dynamically built during the obfuscation process and are used to replace the original method calls in your code.

The main advantage of dynamic proxies is that they effectively obscure the actual method calls, making it much more difficult for attackers or reverse engineers to understand and analyze the code flow. By utilizing dynamic proxies, you can prevent direct access to sensitive methods and obscure the application logic.

External And Internal Proxy Calls

Using dynamic proxy for internal method calls offers several advantages in terms of code obfuscation and protection. Here are some key benefits:

  1. Concealing Implementation Details: By generating dynamic proxies for internal types, the actual implementation details of those types are hidden from external code and potential attackers. The dynamic proxies act as intermediaries, shielding the internal logic and structure of the types, making it harder for malicious actors to understand and manipulate your code.

  2. Shield over Method Calls: When using dynamic proxies for internal types, decompilers face challenges in reconstructing the call flow for a method. Decompilers analyze compiled code to generate a high-level representation of the original source code. However, dynamic proxies introduce an additional layer of indirection, making it difficult for decompilers to accurately trace the sequence of method calls.

  3. Enhanced Obfuscation: The use of dynamic proxies for internal types adds an extra layer of obfuscation to your codebase. The proxies introduce complexity and indirection, making it more difficult for reverse engineers to understand the underlying structure and relationships of your code. This can deter reverse engineering attempts and protect your intellectual property.

By using dynamic proxies for internal calls, you create a barrier that hinders decompilers from accurately reconstructing the call flow within your code. This adds an additional layer of protection and makes it more challenging for attackers or reverse engineers to understand the underlying logic and behaviour of your application.

External proxy calls in Babel Obfuscator provide an effective defense mechanism against decompilers that attempt to reconstruct local variable names based on their inferred types. Decompilers often rely on the available metadata, such as the variable types, to reconstruct the original names of variables.

For instance, in the reflected code below, the tool inferred the list1 and count variable names from the call to the instance constructor for List<string> type and the get_Count() method, respectively.

var list1 = new List<string>();
int count = list1.Count;

When external proxy calls are enabled, Babel Obfuscator replaces direct method calls to external code with calls to dynamically generated proxy classes. These proxy classes act as intermediaries, intercepting and redirecting the method calls. As a result, the original method calls, and their associated local variable names are hidden and obfuscated.

And the above code with Dynamic Proxy enabled will become the following:

var local1 = new a();
int local2 = local1.b();

Decompilers that rely solely on metadata to reconstruct variable names will encounter difficulties when faced with external proxy calls. Since the original method calls are replaced with proxy calls, the inferred variable types alone will not provide any meaningful information about the original variable names. This effectively disrupts the decompiler's ability to reconstruct the original names based on type inference alone.

Dynamic Proxy Filters

Babel Obfuscator provides the flexibility to specify a list of filters to restrict the generation of dynamic proxies to specific methods. This feature gives you fine-grained control over the dynamic proxy generation, allowing you to selectively apply proxies to specific method calls based on their names or other patterns defined by the regular expressions. It provides flexibility in determining which parts of your code should have their call flow obscured and protected.

The primary benefit of Dynamic Proxy Filters is improved performance. By selectively applying proxies only to the necessary methods, you can significantly reduce the overhead associated with dynamic proxy generation. Unnecessary method calls are excluded from proxying, resulting in faster execution and improved overall performance of your obfuscated application.

By leveraging Dynamic Proxy Filters effectively, you can strike a balance between obfuscation and performance. By carefully choosing the methods that require proxying, you can achieve a high level of security while minimizing any potential performance impact.

Dynamic Proxy Filters provide a valuable optimization tool within Babel Obfuscator, enabling you to fine-tune the proxy generation process to achieve the desired level of obfuscation while maintaining optimal performance.

Configuring Dynamic Proxy

Configuring Dynamic Proxy in Babel Obfuscator can be done through multiple methods, including the command-line interface (CLI), MSBuild Babel tasks, and the Babel UI.

Command Line

Babel Obfuscator provides the option to enable dynamic proxy protection through the use of the --proxy switch in the command-line interface. This switch allows you to configure Babel to generate proxies for external and internal method calls. You can also specify the list of dynamic proxy filters, depending on your specific requirements.

The following command line configures Babel Obfuscator to generate dynamic proxies only for external method calls.

babel myapp.exe --proxy external

The example below will make Babel Obfuscator generate dynamic proxies for external and internal method calls.

babel myapp.exe --proxy all

This command line sets some dynamic proxy filter expressions.

babel myapp.exe --proxy ICollection.* --proxy IEnumerator.*

MSBuild Babel Task

<PropertyGroup>
   <DynamicProxy>external=true;internal=true;true</DynamicProxy>
   <DynamicProxyCallFilters>ICollection.*;IEnumerator.*</DynamicProxyCallFilters>
</PropertyGroup>

<Babel DynamicProxy="$(DynamicProxy)" 
       DynamicProxyCallFilters="$(DynamicProxyCallFilters)" />

Babel UI

To enable Dynamic Proxy in Babel, you can navigate to the Settings panel of the Babel UI. In the Encryption section, you will find the checkbox "Generate Dynamic Proxy." By checking this checkbox, you can activate the Dynamic Proxy feature.

Within the Dynamic Proxy settings, there is a combo box that allows you to choose the type of dynamic proxy to generate. This selection determines the specific behaviour and scope of the dynamic proxies that Babel will create.

To configure the Dynamic Proxy Call Filters, navigate to the Rules panel in the Babel UI. Create a new rule or modify an existing one to include the desired filters. Within the XML rule properties, specify the regular expressions that correspond to the method calls you want to proxy.

<Rules>
  <Rule name="rule1" feature="dynamic proxy" exclude="false" applyToMembers="true">
    <Pattern>*</Pattern>
    <Description>Set Dynamic Proxy Call Filters</Description>
    <Properties>
      <DynamicProxyCallFilters>IEnumerator.*</DynamicProxyCallFilters>
    </Properties>
  </Rule>
</Rules>

It's important to note that while dynamic proxy protection provides an additional layer of obfuscation, it may have a slight impact on the startup time of your application due to the generation and initialization of the proxy classes. However, the trade-off between improved security and a small performance impact is generally considered worthwhile in most cases.

By leveraging dynamic proxy protection in Babel Obfuscator, you can significantly enhance the security of your application by obscuring method calls and complicating the reverse engineering process.

Last updated