{"id":76063,"date":"2020-09-24T17:00:19","date_gmt":"2020-09-24T14:00:19","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it\/"},"modified":"2020-09-24T17:00:19","modified_gmt":"2020-09-24T14:00:19","slug":"what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it\/","title":{"rendered":"#What Is Code Obfuscation, and Should You Use It? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a28963fa36d9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a28963fa36d9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it\/#Why_Obfuscate_Code\" >Why Obfuscate Code?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it\/#Other_Options_Convert_to_a_Compiled_Language\" >Other Options: Convert to a Compiled Language<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-code-obfuscation-and-should-you-use-it-cloudsavvy-it\/#Should_You_Obfuscate\" >Should You Obfuscate?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What Is Code Obfuscation, and Should You Use It? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 alignnone wp-image-6925 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/c742fce2673b369f858512546614bf6a\/p\/uploads\/2020\/09\/255d0a21.png\" alt=\"Questionable coding?\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Certain languages like Java and .NET can be easily decompiled into readable source code. Code obfuscation is a process that makes your <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication binaries harder to read with a decompiler. It\u2019s an important tool for protecting your business\u2019s intellectual property.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_Obfuscate_Code\"><\/span>Why Obfuscate Code?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Compiled languages like C++ get converted directly to bytecode. The only way to reverse engineer how they work is with a disassembler, which is an arduous and complicated process. It\u2019s not impossible, but trying to infer high level application logic from a stream of assembly language is hard.<\/p>\n<p>On the other hand, languages like C# and Java aren\u2019t compiled for any particular operating system. Rather, they\u2019re compiled to an inter<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>ry language, like .NET\u2019s MSIL. The intermediary language is similar to assembly, but it can be easily converted back into the source code. This means that if you have a public DLL or executable that your business is distributing, anyone with a copy of your executable can open it up in a <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.jetbrains.com\/decompiler\/\">.NET decompiler like dotPeek<\/a>, and directly read (and copy) your source code.<\/p>\n<p>Code obfuscation can\u2019t prevent this process\u2014any .NET DLL can be plugged into a decompiler. What obfuscation does do is use a number of tricks to make the source code <em>annoying as hell <\/em>to read and debug.<\/p>\n<p>The simplest form of this is entity renaming. It\u2019s common practice to properly name variables, methods, classes, and parameters according to what they do. But you don\u2019t have to, and technically there\u2019s nothing stopping you from naming them with a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of lowercase L\u2019s and I\u2019s, or random combinations of Chinese unicode characters. To the computer, there\u2019s no issue, but it\u2019s completely illegible to a human:<\/p>\n<pre>IlIIIIlIIIllIIIllIIll&#13;\nlIIIllIIllIlIIIIlIIIl<\/pre>\n<p>An basic obfuscator will handle this process automatically, taking the output from the build, and converting it to something that\u2019s a lot harder to read. There\u2019s <strong>no performance hit<\/strong> compared to non-obfuscated code<\/p>\n<p>More advanced obfuscators can go further, and actually change the structure of your source code. This includes replacing control structures with more complicated but semantically identical syntax. They can also insert dummy code that doesn\u2019t do anything except confuse the decompiler. The effect of this is that it makes your source look like spaghetti code, making it more annoying to read.<\/p>\n<p>Another common focus is hiding strings from decompilers. In managed executables, you can search for strings like error messages to locate sections of code. String obfuscation replaces strings with encoded messages, which are decrypted at runtime, making it impossible to search for them from a decompiler. This usually comes with a performance penalty.<\/p>\n<p>There are plenty of options for obfuscators, though it will depend on which language you are obfuscating. For .NET, there\u2019s <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/obfuscar\/obfuscar\">Obfuscar<\/a>. For Java, there\u2019s <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.guardsquare.com\/en\/products\/proguard\">ProGuard<\/a>. For JavaScript, there\u2019s <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/javascript-obfuscator\/javascript-obfuscator\">javascript-obfuscator<\/a>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Other_Options_Convert_to_a_Compiled_Language\"><\/span>Other Options: Convert to a Compiled Language<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Converting one programming language to another isn\u2019t an entirely crazy idea\u2014Unity uses <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/docs.unity3d.com\/Manual\/IL2CPP.html\">IL2CPP<\/a>, a converter that transforms .NET code into compiled C++ bytecode. It\u2019s a lot more performant, but it also helps secure <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>s against easy cracking, which is crucial for an environment plagued by piracy and cheaters.<\/p>\n<p>Microsoft has <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/dotnet\/corert\">CoreRT<\/a>, an experimental .NET Core runtime using Ahead-Of-Time compilation, though it isn\u2019t ready for production use.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Should_You_Obfuscate\"><\/span>Should You Obfuscate?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you\u2019re deploying code in untrusted environments where you want to protect your source code, you should almost always use at least a basic obfuscator to rename functions, methods, and properties to make decompiling take a bit more effort.<\/p>\n<p>If you\u00a0<em>really\u00a0<\/em>need nobody to be able to decompile your app, you can use a more intrusive obfuscator, but really you should consider if the problem would be better solved by switching to a language that doesn\u2019t have this issue, such as C++ or Rust.\n<\/div>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/6923\/what-is-code-obfuscation-and-should-you-use-it\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What Is Code Obfuscation, and Should You Use It? \u2013 CloudSavvy IT&#8221; Certain languages like Java and .NET can be easily decompiled into readable source code. Code obfuscation is a process that makes your application binaries harder to read with a decompiler. It\u2019s an important tool for protecting your business\u2019s intellectual property. Why Obfuscate Code?&#8230;<\/p>\n","protected":false},"author":1,"featured_media":76064,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/09\/255d0a21.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-76063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=76063"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76063\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/76064"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=76063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=76063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=76063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}