Nota: Este post es una traducción personal (reconvertida en tutorial) de las explicaciones given by Bill Leach (CTO of PreEmptive Solutions), in this video taped for Channel 9 .
Introduction This article describes the steps necessary to protect the source code for Windows applicationsPhone
(both XNA and Silverlight), and include them reporting on their use. For this, use the Dotfuscator tool Windows Phone Edition
in version 4.9, recently launched by Preemptive Solutions in collaboration with Microsoft . First, it is necessary register and download the tool from this website
. Once email is received by the serial number needed to activate the program, only remains to launch the application: Start -> Programs -> Preemptive Solutions -> Dotfuscator. UIAlthough
Dotfuscator Professional can be integrated into Visual Studio 2010 as a project type more Dotfuscator
Windows Phone Edition is a standalone application with its own user interface:
Main Menu toolbar with typical options to load and save a draft obfuscation
- Button with green Play symbol in the toolbar, which begins the obfuscation of the code selected and generate protected versions of the assemblies or programs.
- configuration tabs: Settings
-
- Input: Selection of what we want to protect assemblies or executables on the project. The
- rest : configuration properties for each of the features provided
- Dotfuscator
- : Application General Settings
which assemblies or executables to protect. To do this, you just have to go to the Input tab
and click the open folder icon. Classic box appears file selection dialog, where you can select:
- Assemblies (libraries)
- runtime DLL (Applications) type. EXE
- type.
- . XAP
- . This will be the option to be used in the present example.
Note: If, as is the case, we are working with Windows Phone project (and XAP files), Dotfuscator will only work with the assembly that is in those files. The content will be protected or modified at all. Once you select the XAP package to protect its contents appear in the bottom window down a tree:
If any of the DLLs in the package, there will be some properties of activated obfuscation in the form of CheckBoxes. One of the most relevant, according to the objectives of this article, is called Library:
This is necessary when a library, despite being obscured, will be used for any other software later. If you change the names of the public types, the interface of the library would be different, so it would no longer be usable from the outside. Output
Keeping this option checked (default is checked), Dotfuscator leave all names and types public methods without renaming (without obscuring). Private types will be renamed itself, and the entire contents of the methods obfuscate, but the names that are visible from were left unchanged.
application
Dotfuscator generates protected versions of what is selected in the Input tab:
For assemblies (DLL) generates DLLs
For- protected executable (EXE), generating EXEs
- For protected Windows packages Phone (XAP), generates packets protected XAP
- By default the output directory is the same where the input assembly, plus a sub-folder created by the program with the name
. However, this behavior can be changed in the Settings tab -> Project Properties -> ConfigDir. Applying basic protection
Once you have selected the projectinputs, you must select what type of protection is applied.
Although each type of protection can be configured in depth (in their respective tabs) and can even apply different behaviors for each method or property, first apply a generic configuration in the Settings tab
. By default, all protections are disabled
, appearing as follows:Disable Flow Control: Yes Disable
- Linking: Yes
- PreMark Disable: Yes
- Disable Removal: Yes
- Disable Renaming: Yes
- String Encryption Disable: Yes
Flow Control and Renaming . In some cases it may also be interesting to activate the Encryption String , especially if the application contains protect strings containing sensitive. To activate each function, we must tell Dotfuscator NOT disable them, ie to values \u200b\u200bsuch as: Disable Flow Control: No
andDisable Renaming: No.
Flow Control Flow obfuscation control is responsible for making it more difficult to understand code, through changes in program flow. Although the end result is still equivalent to the functional level, make changes so it is not at all obvious where you're going to play pass the implementation, thus interfering with reverse engineering tasks. RenownedRenowned takes care of changing the name to all private types, changing the original names descriptive values \u200b\u200bsuch as: "a", "b" "c", etc. In the Renaming tab
be excluded by hand, one by one, methods or properties that explicitly want to leave out the renaming. However, for basic use, this is usually not necessary. With these features enabled, already has a basic protection code source. Now be described as reporting applications include Windows Phone
.Add instrumentation, or Analytics Code
addition to protection and obfuscation,Dotfuscator can add instrumentation to programs.
Both features are independent. Ie can be applied both at once, you can apply protection but not implementation, and vice-versa.
The implementation uses a platform called Preemptive Solutions asRuntime Intelligence.
What it does is inject into the program that processes certain lines of code whose mission is to generate reports using the same each time it runs, and upload them to the Runtime Intelligence portal (or other), each registered developer to access protected by user name and password. is a very similar behavior to that afforded other analysis platforms in other sectors, such as Google Analytics
on websites, blogs, etc.The instrumentation is enabled / disabled from the Settings tab
, paragraph Instrumentation (we leave all options enabled-Yes-) Identifying and implementing the company in reports
Obviously, generator Reporting should know what application is reporting, and for business. Both were identified inInstrumentation tab.
It is necessary to expand the node for the DLL that contains the main application class:
For an application
- XNA, will be one DLL that contains the kind of guy
- Game For Silverlight application, DLL that will contain the App class
- Once deployed the node, a list of default attributes, such as the following picture (for example in XNA).
For the implementation work, it is necessary to add two more, right-clicking on the name of the DLL and selecting the option: Add Attribute . Once this is done, open a window asking the type of attribute to add, with a series of predefined values:
BusinessAttribute
The two to be added are: This attribute identifies the software development company, through a
Company Key
unique provided via email by Preemptive Solutions when it was made registration portal Runtime Intelligence. Can also be found in the portal Dashboard once done login. It is recommended also include a company name.
ApplicationAttributeTo identify the application, you must provide the following information:
- Application Type: application type (can leave blank)
- Guid: ID of the main application assembly. Must be unique, as it will be used in the portal to identify this application. In this field you can use the Guid
- project, available on its Assembly Info ( accessible from Visual Studio Solution Explorer window or from the Project Properties -> Assembly Info ). Name: Name of the application (you can leave blank, although it is highly recommended)
- Version: Version of the application (if left blank, the Reporter
- try to remove metadata assembly-data). indicating where to inject the code
Instrumentation
) a little bit down, and further expand the content of the lower DLL (in this example, the DLL Silverlight: WindowsPhoneApplication1.dll):
For XNA
- game, this is the kind of game
- Game In case of a Silverlight application , this is the kind
- App Report of commencement of
For SilverLight
applications, a prime candidate is the event
Application_Launching App class If an application XNA, a good choice might be the method Initializing Game class. After selecting the method, right-clicking on its name, and select Add Attribute
. Again, we require the type of attribute to add, but this time the list of options is different:
SetupAttribute
attribute choice this time is , which has many parameters that may be left with their default values. Even so, it emphasize these two: Custom Endpoint: Instead of sending the reports to EndPoint by default (the Portal Runtime Intelligence), here you can specify a different custom EndPoint
- Use SSL: Enable SSL protection for communications
- Generate reports start a separate thread
If the application you are developing takes time to load (which is typical in XNA games), normal (or more recommended) is to have the initial burden of content in a separate Thread
apart, so that while the burden is produced, can show an animated icon type Loading .... In these cases, it is advisable to include the injection of code that reports
thread, if the reportgeneration takes a little bit because of network or any other (should not). In this way the user experience will not be hindered. If you look at the following example, which is protecting an XNA game, the point executed in a thread
apart is the method calledCreateAssets : implementation report to
If you also want that the reports point out when they stopped using the application, will have to follow a similar procedure adding an attribute to a method that executes when the application is ending.For
XNA games- , the perfect method for this is
- OnExiting , class Game. For applications SilverLight, a good choice is the event
- Application_Closing, App class In this case, the attribute type to add is
, which can be left with its default settings. And with that and a biscuit-analytics code at eight
0 comments:
Post a Comment