The "Babel Encrypt" plugin is a component included in the Babel Obfuscator Ultimate edition. However, for those with the Enterprise edition, it requires a separate purchase. This plugin comes as an assembly file called "BabelEncrypt.dll" and works seamlessly with the Babel command line tool. To utilize it, simply specify the plugin file's path in the command line as follows:

babel myapp.exe --plugin BabelEncrypt.dll --stringencryption custom

Where myapp.exe is the target assembly you want to obfuscate. The string encryption argument [custom] is needed to let babel use the algorithm provided by the plugin instead of the built-in string encryption algorithms.

Plugin Arguments

The Babel Encrypt Plugin accepts the following optional arguments:

password <string>

Set a password used to encrypt string data. The encryption is performed with the Triple DES algorithm. If not specified, a random password is generated.

iterations <number>

The number of encryption passes to be performed (default: 1).

minStringLength <number>

If a string's length is less than the specified value, it will not be encrypted. When this option is set to 0, all strings, regardless of length, will be encrypted, which is the default behaviour. By setting a value greater than 0, you can exclude short strings from being encrypted, which may improve performance or have other benefits depending on your specific use case. It's important to note that the value you set for the minimum string length will directly impact the level of obfuscation applied to your assembly.

minHasStringLength <number>

Set the minimum string length to encrypt with the HASH algorithm (default: 15).

useLocalVars <true|false>

Whether to create local variables to call the decryption method (default: false). By default, this option is set to "false," meaning that the decryption method is not called using local method variables. However, if set to "true," the decryption method will be called using local method variables. This can help to further scramble the code and add extra protection to the obfuscated assembly. Utilizing local method variables during decryption can make the code more difficult to understand and reverse engineer, as the execution path will be more complex and less predictable. However, it may also affect the performance of the obfuscated assembly, as local method variables can increase the memory usage and processing time required to execute the code.

extraControlFlow <true|false>

This option aims to increase the level of security and protect the encrypted strings from being easily reverse-engineered or decompiled. When enabled, additional control flow obfuscation is applied to the method containing encrypted strings, making the code more scrambled and harder to understand. The default setting is typically "false" but can be changed based on the desired level of obfuscation and protection.

checkDeobfuscators <true|false>

The option to check for a deobfuscator tool is a security feature in Babel Obfuscator that helps prevent reverse engineering of the obfuscated code.

Whether to check the presence of a deobfuscator tool. If a deobfuscator is detected, the decryption of the strings will not occur, and the program will silently fail (default: false).

useCodeEncryption <true|false>

Whether to use Babel Obfuscator code encryption feature to encrypt the code of the string decryption methods. This option can work only when code encryption is enabled. (default: false).

dictionary <path|expression>

The specified text file contains a list of strings or regular expressions that determine which strings should not be encrypted by the obfuscation tool. The file should be structured so that each line represents an exact string or a regular expression pattern. The obfuscation tool will use this information to exclude the listed strings from the encryption process. Regular expressions allow for a more flexible and comprehensive approach to excluding strings while providing the exact strings ensures that specific strings are not encrypted regardless of the broader pattern.

Examples

Here are some examples of using the plugin from the Babel Obfuscator command line.

Medium protection

Enable deobfuscator detection besides using the default plugin configuration.

babel myapp.exe --plugin BabelEncrypt.dll --stringencryption custom --argument checkDeobfuscators=true

Full protection

This example shows how to enable all plugin features with extra control flow for the decryption caller and use local variables to call the decryption method.

babel myapp.exe --plugin BabelEncrypt.dll --msilencryption --stringencryption custom --argument iterations=2 --argument extraControlFlow=true --argument useLocalVars=true --argument useCodeEncryption=true

Using an external dictionary

You can use a text file to set an exclusion word dictionary. Each line can be the exact string to exclude or a regular expression.

babel myapp.exe --plugin BabelEncrypt.dll --stringencryption custom --argument dictionary=exclusionlist.txt

The exclusionlist.txt text file content:

.*@acme.com
No secret here to encrypt

Setup Babel Encrypt in DevOps

If you are utilizing the Babel.Obfuscator NuGet package within your DevOps environment or any other build system that supports NuGet packages, you can seamlessly incorporate the Babel Encrypt plugin into your build process.

This can be accomplished by adding the following MSBuild instructions to your project file:

<ItemGroup>
  <BabelPlugin Include="$(BabelTaskDir)BabelEncrypt.dll" />
</ItemGroup>
<PropertyGroup>
  <PluginsArguments>iterations=3</PluginsArguments>
</PropertyGroup>

With these instructions in place, when you trigger a build in your DevOps environment or build system, the Babel Encrypt plugin will be invoked, incorporating additional encryption alongside the code obfuscation provided by Babel Obfuscator.