Obfuscation
Last updated
Last updated
The Input panel is typically the first panel displayed when you open the Babel Obfuscator graphical user interface. It is used to specify the input assemblies that you want to obfuscate and any other assemblies that will be merged or embedded with the target assembly. You can select one or multiple assemblies by browsing to their location or by dragging and dropping them into the Input panel.
The Input Grid displays all the Primary Source Assemblies you have added to your project. There is a separate row in the Input Grid for each assembly that displays information about the assembly file and its associated configurations. You can expand each row to view additional file grids that provide further customization options.
The five tabs in the Input section are: Inputs, Rules, Maps, Plugins, and Search Directories. The Inputs tab allows you to choose the assemblies you want to merge or embed into the primary assembly. The Rules tab lets you add your XML rules files that Babel will process during the obfuscation of the related primary assembly. The Maps tab is where you can add XML input mapping files generated during the obfuscation of the primary assembly references (for cross-assembly obfuscation). The Plugins tab is for adding external Babel plugins to obfuscate the primary assembly. The Search Directories tab lets you specify additional directories where Babel can search for referenced assemblies.
You can easily add files to each available section using drag and drop from Windows Explorer. The Input Assembly grid allows you to change the order in which the assemblies are processed for obfuscation by simply dragging and dropping each primary source assembly into the desired row. The processing of the primary source assemblies begins with the community in the first row.
This section allows users to configure various settings for Babel Obfuscator, including renaming options, control flow obfuscation, string encryption, and more. The Settings panel holds all the options for obfuscating the chosen target assembly. To switch between multiple target assemblies, use the combo box on the toolbar to select the desired target assembly.
A vertical slider is present to allow the user to set the desired obfuscation level. The slider can take values from 0 to 10, where 0 corresponds to no obfuscation and 10 to maximum obfuscation.
Each change you make to the obfuscation settings can be applied to all target assemblies within the project by checking the checkbox button to the right of the assembly combo box.
The Rules panel in Babel Obfuscator's user interface allows users to tailor the obfuscation process to meet their specific requirements by specifying custom rules for various aspects of the process, such as naming, control flow, string encryption, and more. With this panel, users can add, edit, or delete rules based on regular expressions, wildcards, or exact names, for example, to preserve the names of certain methods or types or to exclude specific parts of the code from obfuscation. The panel displays a comprehensive list of all the rules in place and provides an easy way for the user to view, edit, or delete any rules as needed. This feature offers great flexibility and control over the obfuscation process, making it easier for users to meet their specific needs and requirements.
The Optimizations panel in the Babel Obfuscator graphical user interface allows the user to enable or disable specific optimization techniques to be applied during the obfuscation process. These optimization techniques are designed to improve the obfuscated code's performance, reduce its size, and increase the obfuscation of the
Remove Dead Code: This optimization removes any code not used in the target assembly. This optimization can significantly reduce the size of the obfuscated code and improve its performance.
Seal Classes: Sealing classes can also increase the performance of the obfuscated code by allowing the Just-In-Time (JIT) compiler to perform certain optimizations that are not possible when a class is not sealed.
Disgregate Properties and Events: Disgregate Properties and Events optimization is a process that involves the removal of properties and events information from metadata tables. This leads to the conversion of the get_ and set_ or add_ and remove_ methods of the affected properties and events into standard methods.
This optimisation results in a reduced metadata size and improved obfuscation, making it more challenging to reconstruct the original properties or events. By combining this optimization with renaming, better overall obfuscation can be achieved.
Inline Expansion: This optimization replaces method calls with the method's body code. This optimization can also improve the performance of the obfuscated code, as it reduces the overhead of method calls. To enable inline expansion, you need to target the methods that should be expanded inline. This can be done using the System.Reflection.ObfuscationAttribute directly on the method:
Remove Enum Types: Enum type removal optimization is a technique used in code obfuscation to remove an enumerated type's underlying metadata information. Instead of including the full type definition in the code, only the enumerator values are kept, making it harder for reverse engineering tools to understand the code structure and the relationships between different elements. Removing the type metadata can help make the code more difficult to understand and reverse-engineer.
Remove Const Fileds: Constant fields are special fields in .NET assemblies that are stored in the metadata and can be accessed at runtime by their name. They contain constant values known at compile time and cannot be changed at runtime. This optimization works by removing these constant fields from the metadata and replacing them with their actual constant values, making the code more difficult for reverse engineers to understand and analyze. This optimisation aims to reduce the information available in the metadata, making it harder for attackers to discover the original code structure and relationships between various parts of the code.
Cleanup Attributes: Custom attributes provide additional information about code elements, such as classes, methods, and properties. This information can be useful for code analysis, but it can also give hints to a deobfuscator about the purpose and behaviour of the code. By removing the custom attribute metadata information, Babel Obfuscator can reduce the assembly size making the code more difficult to understand and analyze.
The Navigation Output panel in Babel Obfuscator UI provides options for specifying the output file location, strong name key information to re-sign the assembly after obfuscation, and other important configurations. You can use this panel to create an XML mapping file useful in cross-assembly obfuscation scenarios. Additionally, you can choose to generate a log file, which will contain all messages produced by Babel during the obfuscation process.
Babel Obfuscator features a console panel where detailed information about the obfuscation process can be displayed. The obfuscation log shows all the messages produced by Babel during the obfuscation, providing an in-depth view of what took place and any possible issues that may have arisen. This feature is especially useful for debugging and understanding the obfuscation process, as well as troubleshooting any errors that may occur. The console panel allows the user to see the progress of the obfuscation process in real time, providing valuable insights into how the obfuscation process is proceeding and how it can be improved. By examining the log, users can quickly identify potential problems and make changes to the obfuscation rules or configuration to resolve them.
Babel Obfuscator provides a Statistical Panel that displays various chart reports to show the statistical information of the principal obfuscation phases. The charts visually represent the information, giving a comprehensive overview of the obfuscation process, including key data on each main obfuscation phase.
Symbol Renaming: The panel displays statistics on how many symbols have been renamed during the obfuscation process, including class, method, property, events and field names.
String Encryption: The panel provides information on the methods where string encryption has been applied and the strings that have been encrypted. The information is displayed in a hierarchical treemap chart, which groups the strings in a hierarchical manner, starting from methods and moving up to namespaces, making it easy to assess the impact of string encryption on different parts of the code.
Control Flow: The panel provides information on the number of methods that have undergone control flow obfuscation and its impact on the code's complexity. It displays the CYC (Cyclomatic Complexity) calculated on each method before the control flow obfuscation and the Delta CYC, which represent the increment of cyclomatic complexity introduced by control flow obfuscation. CYC is a metric that measures the number of independent paths in a piece of code and helps assess its complexity and maintainability. This information helps users evaluate the obfuscation process's effectiveness and make informed decisions about the obfuscation settings and rules to use in future obfuscation processes.
Note that CYC and Delta CYC are available only when full obfuscation statistics are enabled. To know more, see the statistics command line option.
Code Encryption: The Code Encryption statistical panel in Babel Obfuscator provides information on the extent to which the code has been encrypted and where the encrypted methods are located within the hierarchy of classes and namespaces. This information is presented in a treemap chart, which visually represents the structure of the code, making it easy to see at a glance the impact of the code encryption on different parts of the code. The treemap is divided into rectangles, each representing a class or namespace, and the size of each rectangle reflects the amount of code contained within that class or namespace. The color of each rectangle represents the extent to which the code has been encrypted, with darker colors indicating higher levels of encryption. By presenting this information in a visual format, the Code Encryption statistical panel makes it easier for users to understand the impact of code encryption on their code and assess its overall security.
Dynamic Proxy Calls: Dynamic proxy calls hide the implementation details of an external call, making it more difficult for reverse engineers to understand the code. The statistical panel in Babel Obfuscator gives an insight into the usage of dynamic proxy calls in the obfuscated code. It provides information on the number of dynamic proxy calls inserted and which external calls have been proxied. By showing this information, the user can get a better understanding of the impact of dynamic proxy calls on the code and make informed decisions on the obfuscation rules that govern the generation of proxies.
Optimizations: The panel displays statistics on the various code optimizations that have been applied during the obfuscation process, including the removal of dead code, removal of unwanted attributes, sealing classes and inlined methods.
Execution Time: The panel provides information on how long the obfuscation process took, including the time taken by each phase. This information is useful for tracking performance and optimizing the obfuscation process.