XML Rules
In addition to options specified on the command line or through the MSBuild Babel task, Babel Obfuscator can be controlled and configured using rules defined in external XML files. These XML rules provide fine-grained control over the obfuscation process, allowing you to target specific assemblies, types, methods, and other code elements.
Rules Files
Babel rules files are XML documents that contain configuration information used to customize and control the obfuscation process. These files allow you to define precisely which obfuscation features should be applied to specific parts of your code, giving you granular control over the protection of your assemblies.
<Rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Rule name="rule 1" feature="default" exclude="false">
</Rule>
<Rule name="rule 2" feature="control flow" exclude="true">
</Rule>
</Rules>The Rules element can define a targetAssembly attribute that limits the scope of the rules it contains to a specific assembly. If the targetAssembly attribute is not specified, the rules will apply to all assemblies being processed. Example:
<Rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
targetAssembly="ACME.Data">In the XML rule file, rules are processed sequentially from top to bottom in the order they appear. This sequential processing allows you to override any existing rules with more specific rules that are listed subsequently, providing a flexible and hierarchical rule structure.
Rules Element
The Rules element serves as the root container that defines a set of rules to be applied to the target assembly. This element can contain multiple Rule child elements, each specifying different obfuscation behaviors.
| Attribute | Description |
|---|---|
| targetAssembly | Specifies the fully qualified name of the assembly to which the rules are applied. If not defined, the rules will apply to all assemblies involved in the obfuscation process. |
Rule Element
The Rule element is used to define a Babel obfuscation rule that can target one or more Babel Obfuscator features. Each rule specifies which code elements should be affected and how the obfuscation features should be applied to them.
| Attribute | Description |
|---|---|
| name | A friendly, descriptive name for the rule that helps identify its purpose |
| feature | The obfuscator feature name, or a comma-separated list of feature names, that this rule targets. Multiple features can be specified to apply the same rule to different obfuscation aspects |
| exclude | Boolean value indicating whether this rule will prevent the specified feature(s) from being executed. Set to “true” to exclude symbols from obfuscation, or “false” to explicitly include them |
| applyToMembers | Boolean value indicating whether to apply the rule to all members of a symbol that matches the rule criteria. When enabled, the rule cascades to nested members |
| locked | Boolean value indicating whether this rule is immutable and cannot be overridden by subsequent rules in the processing order |
The feature attribute defines the obfuscator feature on which the rule acts. The name and exclude attributes are mandatory, while the feature attribute is optional. If not specified, the feature defaults to “default”, which refers to the renaming feature.
The obfuscator features are predefined strings that correspond to specific obfuscation capabilities. All supported feature names are listed in the tables below.
Feature Table
The following features can target all symbol types defined inside an assembly, including types, methods, properties, fields, and events:
| Feature | Description |
|---|---|
| all | Targets all available obfuscation features |
| default | The default feature refers to symbol renaming obfuscation |
| agent | Targets the obfuscation agent functionality |
| cleanup attributes | Removes unwanted attributes from the assembly metadata |
| control flow | Applies control flow obfuscation to make code logic harder to understand |
| dead code | Enables dead code removal optimization |
| dynamic proxy | Replaces direct method calls with dynamic proxy calls |
| embed | Embeds dependent assemblies into the target assembly |
| merge | Merges multiple assemblies into a single assembly |
| msil encryption | Encrypts method bodies using MSIL (Microsoft Intermediate Language) code encryption |
| renaming | Obfuscates member names (types, methods, properties, fields, events) |
| renaming blob | Renames literal strings that correspond to renamed symbols, maintaining code functionality |
| resource encryption | Encrypts embedded resources within the assembly |
| string encryption | Encrypts inline string literals within the code |
| value encryption | Encrypts inline constant values and array initializations |
| inline | Inlines method calls to reduce code structure visibility |
| instrumentation | Enables code instrumentation for monitoring and analysis |
| optimizations | Applies various metadata and code optimizations |
| xaml | Handles renaming of symbols referenced in XAML or BAML resources |
The following obfuscation features are method-specific and can only be applied to method symbols:
| Feature | Description |
|---|---|
| msil encryption get stream | Declares the method used to retrieve the encrypted code source stream for MSIL decryption |
| string encryption encrypt method | Defines the custom method used to encrypt string literals |
| string encryption decrypt method | Defines the custom method used to decrypt string literals at runtime |
| instrumentation on entry method | Defines the method to be called when entering an instrumented method |
| instrumentation on exit method | Defines the method to be called when exiting an instrumented method |
| instrumentation on exception method | Defines the method to be called when an exception occurs in an instrumented method |
| module initializer | Designates a method to be executed automatically when the module is initialized by the runtime |
Any Rule element can contain child elements such as Access, Target, Pattern, HasAttribute, Properties and Description. The Pattern element is mandatory, while all others are optional. These child elements provide additional filtering and configuration capabilities for the rule. Example:
<Rule name="DataWriter" feature="msil encryption" exclude="false">
<Target>Methods</Target>
<Pattern>SQLUtils.DataWriter::*</Pattern>
<Properties>
<Cache>true</Cache>
<MinInstructionCount>6</MinInstructionCount>
</Properties>
<Description>Encrypt all methods of the DataWriter class.</Description>
</Rule>Below is the complete list of all possible Rule child elements:
| Element |
|---|
| Access |
| Targets |
| Pattern |
| HasAttribute |
| HasBase |
| Implements |
| Namespace |
| Properties |
| Description |
Access Element
Restricts the rule’s scope to symbols with the specified visibility modifiers. Possible values are All or any combination of Public, Protected, Internal, Private, FamilyAndAssembly, and FamilyOrAssembly. If this element is not present, the default value All is used, meaning the rule applies to symbols of any visibility.
| Access | Description |
|---|---|
| Public | Accessible from any type in any assembly. |
| Protected | Accessible from within the same type as the member, and from any derived types that inherit from it (also known as Family access). |
| Internal | Accessible only within the same assembly in which the type is defined (also known as Assembly access). |
| Private | Accessible only from within the same type as the member, or from a nested type within that type. |
| FamilyOrAssembly | Accessible from types that qualify for either family access or assembly access (C# protected internal). |
| FamilyAndAssembly | Accessible only from types that qualify for both family access and assembly access (C# private protected). |
Targets Element
Restricts the scope of the rule to specific types of code symbols. Accepted values are All or any combination of Classes, Delegates, Structures, Interfaces, Enums, Events, Methods, Properties, Fields, StaticFields, and Resources. If this element is not present, the default value All is assumed, applying the rule to all symbol types.
Pattern Element
The Pattern element within Babel Obfuscator’s XML Rule definition serves as a crucial component for identifying and matching assembly symbols that are subject to obfuscation. This element accepts either a fully qualified symbol name, a wildcard expression, or a regular expression, thereby establishing a versatile and adaptable filtering mechanism for targeting specific code elements.
Wildcard Expressions: For simpler selection criteria, the Pattern element can incorporate wildcard characters. The ’?’ character represents any single character, while ’*’ denotes zero or more characters. This feature enables broad yet controlled selection criteria for symbol matching, making it easy to target groups of related symbols without writing complex patterns.
Regular Expressions: For more complex and precise filtering requirements, regular expressions can be employed within the Pattern element. When using regular expressions, the attribute isRegEx must be set to “true” to indicate that the pattern should be interpreted as a regular expression rather than a literal string or wildcard pattern. It is advisable to encapsulate the regular expression within a CDATA section to ensure proper XML parsing and accurate interpretation of special characters. For example:
<Pattern isRegEx="true"><![CDATA[^Properties.*]]></Pattern> Fully Qualified Name Format
The format of a fully qualified symbol name in Babel Obfuscator’s XML Rule pattern definition varies depending on the type of symbol being targeted. This nuanced approach ensures precise and effective obfuscation across various symbol types while maintaining clarity and consistency.
Types (Classes, Structures, Enums, Interfaces): The conventional format is represented as NamespaceName.TypeName, providing a straightforward notation for basic type declarations.
Nested Types: For nested types (types defined within other types), the format uses a forward slash separator: NamespaceName.TypeName/NestedTypeName. This notation clearly differentiates nested types from their parent types and maintains the hierarchical relationship.
Generic Types: The representation for generic types begins with NamespaceName.TypeName, followed by the generic type arguments enclosed within angle brackets:
NamespaceName.TypeName<GenericArgumentList>
GenericArgumentList: This element is not an independent pattern but rather an integral part of the Generic Types pattern. It defines the comma-separated list of generic type arguments, each specified with their full namespace and type name:
NamespaceName.TypeName1,NamespaceName.TypeName2,...,NamespaceName.TypeNameN
Methods: The typical format for methods includes the namespace, type name, method name, parameter list, and optionally the return type:
NamespaceName.TypeName::MethodName(ParameterList):ReturnType
It is worth noting that the inclusion of the ReturnType in the pattern is optional and may be omitted in most cases.
Properties: The prescribed format for properties follows this structure:
NamespaceName.TypeName::PropertyName:PropertyType
Generally, the property type does not need to be included in the pattern and can be omitted.
Events: The format for events is expressed as:
NamespaceName.TypeName::EventName:EventHandlerType
This format encompasses both the event name and its associated handler type.
Fields: Fields follow the format:
NamespaceName.TypeName::FieldName:FieldType
Similar to properties, the field type is typically optional and not required in most pattern definitions.
ParameterList: This component is exclusively associated with the Methods pattern. It details the fully qualified type names of parameters, separated by commas:
NamespaceName.TypeName1,NamespaceName.TypeName2,...,NamespaceName.TypeNameN
Remember, these patterns are used to specify precisely which parts of the code Babel Obfuscator should target for obfuscation. The exact syntax may vary slightly depending on the context and the specific requirements of your obfuscation strategy. Using accurate patterns ensures that only the intended symbols are affected by the obfuscation rules.
HasAttribute Element
Specifies a comma-separated list of fully qualified custom attribute type names. If the target symbol is decorated with at least one of these attributes, the rule will be applied to that symbol. This element provides attribute-based filtering for precise rule targeting.
This element supports the optional onEnclosingType attribute. When set to “true”, this attribute specifies that the custom attribute should be checked on the target symbol’s enclosing type rather than on the symbol itself:
<HasAttribute onEnclosingType="true">System.SerializableAttribute</HasAttribute>This configuration will match symbols such as methods, properties, fields, and events that belong to any type decorated with the SerializableAttribute.
HasBase Element
Specifies a comma-separated list of fully qualified base type names. The rule will match a type symbol if the target type derives from one of these specified base types. This element enables inheritance-based filtering for rule application.
This element supports the optional onEnclosingType attribute. When set to “true”, this attribute specifies that Babel should search within the enclosing type hierarchy of the target symbols, allowing you to apply rules based on the inheritance structure of containing types.
Namespace Element
Restricts the rule to symbols within a specified namespace. This provides namespace-level filtering for rule application.
<Namespace>ACME.Data</Namespace>The rule will be applied to all symbols defined within the ACME.Data namespace and its sub-namespaces.
Properties Element
The Properties element defines a collection of XML child elements used to customize the behavior of the selected rule feature. Each obfuscation feature supports specific properties that control its operation and fine-tune how it processes the matched symbols.
<Rule name="DataWriter" feature="msil encryption" exclude="false">
<Target>Methods</Target>
<Pattern>ACME.Data.DataWriter::*</Pattern>
<Properties>
<Cache>true</Cache>
<MinInstructionCount>6</MinInstructionCount>
</Properties>
<Description>Encrypts code in the DataWriter class.</Description>
</Rule>This rule configures the msil encryption feature by setting the Cache and MinInstructionCount properties for all methods in the DataWriter class.
Below is the comprehensive list of property elements supported by each obfuscation feature:
agent
| Property | Type | Description |
|---|---|---|
| TaskNameList | String | A comma-separated list of agent task names to which the rule applies. |
cleanup attributes
| Property | Type | Description |
|---|---|---|
| Attributes | String | A comma-separated list of qualified type attribute names or regular expressions that match the members to include in the search. |
| IncludeMembers | String | A comma-separated list of qualified symbol names or regular expressions that match the members to include in the search. |
| ExcludeMembers | String | A comma-separated list of qualified symbol names or regular expressions that match the members to exclude in the search. |
control flow
| Property | Type | Description |
|---|---|---|
| ILIterations | Integer | Specifies the number of iterations to apply during control flow obfuscation, with higher values producing more complex code structures. |
| EmitInvalidOpcodes | Boolean | When enabled, adds invalid instruction opcodes within the method flow to confuse disassemblers and decompilers. |
| ChangeIfStatement | Boolean | When enabled, transforms and obfuscates conditional if statement instructions to make logic harder to follow. |
| AddSwitchStatement | Boolean | When enabled, enriches control flow by inserting switch statement instructions into the method flow, creating more complex execution paths. |
| ScrambleControlFlow | Boolean | When enabled, produces “spaghetti code” by inserting irrelevant branches and jump instructions that significantly obscure the original control flow. |
| MaxSwitchTargets | Integer | Sets the maximum number of case targets allowed in switch control flow obfuscation, controlling the complexity of generated switch statements. |
| HideCaseConstantExpressions | Boolean | When enabled, hides the calculated constant values in switch control flow obfuscation by using computed expressions instead of literal values. |
| RandomCall | Boolean | When enabled, adds random method call instructions to further confuse analysis (only available when switch control flow is enabled). |
| AddMethodToken (*) | Boolean | When enabled, enriches control flow by adding load token instructions into the method flow, creating additional complexity. |
| StackUnderflow (*) | Boolean | When enabled, inserts instructions that create conditions where the evaluation stack underflows, making static analysis more difficult. |
(*) These options generate unverifiable IL code. If your assembly must run in a partially trusted environment or must pass PEVerify validation, do not enable these options.
renaming
| Property | Type | Description |
|---|---|---|
| DisableOverloading | Boolean | When enabled, disables overloaded renaming, meaning methods with different signatures will receive different obfuscated names rather than sharing the same name. |
| DisableUnicode | Boolean | When enabled, prevents the use of Unicode characters in obfuscated names, restricting names to ASCII-only characters. |
| Internalize | Boolean | When enabled, changes the visibility of all public types that match the rule from public to internal, reducing the assembly’s API surface. |
| NameLength | Integer | Specifies the desired length for renamed symbol names, allowing you to control how long or short obfuscated identifiers should be. |
| NamePrefix | String | Defines a prefix string to be prepended to all renamed symbols, helping to identify or categorize obfuscated names. |
string encryption
| Property | Type | Description |
|---|---|---|
| MinInstructionCount | Integer | Sets the minimum threshold for the number of method instructions required for the rule to be applied. Methods with fewer instructions will be excluded. |
| MaxInstructionCount | Integer | Sets the maximum threshold for the number of method instructions allowed for the rule to be applied. Methods with more instructions will be excluded. |
merge
| Property | Type | Description |
|---|---|---|
| CopyAttributes | String | A comma-separated list of fully qualified custom attribute type names or regular expressions used to filter which attributes should be copied from the source assembly to the target assembly during merging. |
| NoCopyAttributes | String | A comma-separated list of fully qualified custom attribute type names or regular expressions used to filter which attributes should NOT be copied to the target assembly during merging. |
| Internalize | Boolean | When enabled, changes the visibility from public to internal for all merged types that match the rule, hiding them from external assemblies. |
| MergeAction | Default/Discard/Redirect | Specifies the merge action to be taken for the selected type. Default performs normal merging, Discard excludes the type from merging, and Redirect redirects references to another type in the target assembly (specified by the RedirectTo property). |
| RedirectTo | String | Contains the fully qualified target assembly type name that will replace the source type when the Redirect merge action has been specified. |
msil encryption
| Property | Type | Description |
|---|---|---|
| Cache | Boolean | When enabled, caches the decrypted method in memory so that JIT compilation occurs only on the first access, improving subsequent performance. |
| Internal | Boolean | When enabled, stores the MSIL-encrypted code inside the target assembly itself; when disabled, stores it in an external file. |
| Password | String | Specifies the password used to encrypt the method code, adding an additional layer of protection. |
| Source | String | Defines a source identifier name for the encrypted code, useful for organizing multiple encryption sources. |
| MinInstructionCount | Integer | Sets the minimum threshold for the number of method instructions required for the rule to be applied. |
| MaxInstructionCount | Integer | Sets the maximum threshold for the number of method instructions allowed for the rule to be applied. |
optimizations
| Property | Type | Description |
|---|---|---|
| ClassSealing | Boolean | When enabled, applies class sealing optimization by marking classes as sealed (final) when they have no derived types, improving performance. |
| ConstRemoval | Boolean | When enabled, removes constant field metadata, replacing references with literal values directly in the code. |
| DisgregateRemoval | Boolean | When enabled, removes properties and events metadata, reducing the assembly’s metadata footprint. |
| EnumRemoval | Boolean | When enabled, removes enum type definitions, replacing them with their underlying integral types. |
| UnwantedAttributes | Boolean | When enabled, removes unwanted custom attributes that may expose implementation details or debugging information. |
Description Element
Provides a descriptive text explanation of the rule’s purpose and behavior. This description will be displayed in the obfuscation log, making it easier to understand what each rule does when reviewing the obfuscation process.
Configuring Rules
Rules files can be configured and integrated into Babel Obfuscator through multiple methods: the command line interface, the MSBuild Babel task, and the Babel User Interface. Each method provides different advantages depending on your workflow and project structure.
Command Line
babel myapp.exe --rules babelRules.xmlThe --rules option can be specified multiple times on the command line to include additional XML rules files. This allows you to organize rules into separate files and combine them as needed.
MSBuild Babel Task
<ItemGroup>
<RuleFile Include="babelRules.xml" />
</ItemGroup>
<Babel RulesFiles="@(RuleFile)" />The RulesFiles option in Babel Obfuscator accepts a list of XML rules files, which can be defined using the ItemGroup element in your MSBuild project file. This approach allows multiple rule files to be specified and easily managed within the project structure. Each rule file listed in the item group is treated as a separate input for Babel Obfuscator and can be used to specify different obfuscation rules and settings for different parts of your codebase.
In addition to using external XML rules files, you can embed the XML rules definition directly inside the project file by using the XmlRules attribute of the Babel task, as shown below:
<PropertyGroup>
<XmlRules>
<Rules targetAssembly="Acme, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f66185f16ea61c16">
<Rule name="rule1" feature="msil encryption" exclude="false">
<Target>Methods</Target>
<Pattern>Acme.Engine*</Pattern>
<Description>Enable MSIL Code Encryption in Acme Engine</Description>
</Rule>
</Rules>
<Rules targetAssembly="Acme.Entities, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f66185f16ea61c16">
<Rule name="rule2" feature="control flow" exclude="true">
<Target>Methods</Target>
<Pattern>Acme.Entities.*</Pattern>
<Description>Disable Control Flow Obfuscation for EF classes</Description>
</Rule>
</Rules>
</XmlRules>
</PropertyGroup>
<Babel XmlRules="$(XmlRules)" />When using Babel Obfuscator to process multiple target assemblies in a project, you can specify which target assembly a set of rules should be applied to by using the targetAssembly attribute in the XML rules. This attribute allows you to target a specific assembly by its fully qualified name, including version, culture, and public key token. If the targetAssembly attribute is omitted, the rules will be applied to all target assemblies defined in the project.
Babel UI
Babel UI provides a graphical user interface for adding, editing, and managing obfuscation rules, making it easier to configure and visualize obfuscation settings for your projects without manually editing XML files.
To add XML rules files to a Babel Obfuscator project using the Babel UI, follow these steps:
- Open your Babel Obfuscator project in the Babel UI.
- In the Input Grid, expand the row corresponding to the target assembly where you want to add the rule file.
- Select the “Rules” tab and choose the first empty row in the grid displayed below.
- Click on the ”…” button in the right-hand corner of the selected row.
- Select the XML rules file you want to add from the file dialog that opens.
- Once you have selected the file, click the “Open” button.
- If needed, you can edit the XML rule file in your system’s default text editor by clicking the pencil button.
After following these steps, the XML rules file will be added to your project and its rules will be applied during the obfuscation process according to the definitions contained in the file.
Babel UI Rules Files
Babel Obfuscator UI provides a user-friendly interface for directly editing and creating obfuscation rules without manually writing XML. To use this feature, follow these steps:
- Select the “Rules” item in the left navigation panel of the Babel UI.
- In the “Rules” panel that appears, you will see a hierarchical tree view of the symbols in your target assembly.
- Right-click on a symbol node in the tree view to display a context menu.
- From the context menu, select “Add Rule” to define a new obfuscation rule for that symbol.
- Choose the obfuscation feature you want to apply from the submenu that appears.
- From the secondary menu, select one of the predefined rule templates for that feature.
- If needed, you can further customize the rule’s settings and properties using the “Rule Properties” panel located in the bottom-right section.
By following these steps, you can quickly and easily define custom obfuscation rules for specific symbols in your target assembly through a visual interface. This allows you to fine-tune the obfuscation process to meet the specific security and performance requirements of your application without needing to manually edit XML files.
Babel UI Edit Rules
In Babel Obfuscator UI, all rules defined in the “Rules” panel for a given target assembly are automatically stored within the project file using the XmlRules attribute of the Babel task. By storing the rules directly in the project file, Babel Obfuscator UI ensures that all obfuscation rules are maintained together with the project configuration and remain easily accessible. This integrated approach makes it convenient to manage and update rules as needed, while ensuring that the rules are always version-controlled and saved alongside the project.