An open source .NET 8 obfuscation engine for everyone.
- Simple to use, extend and run with.
- Provides a few useful services and an architecture that supports .NET and .NET Framework (legacy) obfuscation/protections.
- Dynamically (or not) loads protections from DLLs.
Note: Post Build Events use xcopy which may not be accessible on your platform. Check out the Example Protection csproj files.
Executables and packages are not available to download directly. It is expected that you either:
- Build the project from source and edit it, or
- Include the project as a git submodule.
To build the project you will need to adjust the output type of ProwlynxNET project to be an executable (if you want to run the examples). Else, leave it as a library and ignore it for the most part.
The ProwlynxNET.Core is the only real shared code that should be referenced by your project.
An obfuscator generally requires several services, why make this difficult? Let's not.
This service focuses on helping out other protections with different values for parts of the module being obfuscated.
Check the Prowlynx.NET -> Program.cs file for an example of using this. ExampleProtection references this.
This service provides the option for custom obfuscation markings on members using the [Obfuscation] custom attribute.
For examples of how to use this please refer to the TestAppCore/FW projects which demonstrate the use case. Running the project once built will also produce a result from ExampleProtection showing which methods can/cannot be protected which are identified by the attribute argument service.
The attribute argument service is heavily used by the AttributeReader class inside the Marker Service.
The above two services are fantastic, but they don't provide much (mainly for values), they can be difficult to work with. Hence the marker service was made.
The marker service allows you to quickly check whether a method, type, event, whatever it is that inherits from IMemberDefinition can be processed by some protection method.
You can also add marks to items to later come back and see if you can exclude or include them (perhaps you want to disable string encryption for a particular method internally...).
As always, the example protection covers this marker service extensively. Take a look.
Made simple by AsmResolver's cloning abilities this allows you to quickly inject a type into a module. Incredibly popular and useful service but you can of course just use AsmResolver's cloning yourself if you like.
Check out the example protection for how to deal with .NET and .NET Framework to make sure the two are kept distinctly separate.
Simple cryptography services such as Aes and Hashing (SHA1, 256) have been implemented and are accessible through the ObfuscationTask.CryptoProvider.
A protection may have multiple stages each with different priorities in which to be run. A stage itself might have multiple different "sub-stages" that also have different priorties in which to be run. Therefore, a stage and protection both implement the same interface: IProtection.
A protection must inherit from ProtectionBase
A stage must inherit from either a Stage or MDStage
A service provider provides service instances. It is in other words a glorified collection of service instances.
The currently implemented Service Providers include:
- ArgumentProvider
- AttributeArgumentProvider
- CryptoProvider
- InjectionProvider
- MarkerProvider
A service provider may contain one or more service instances, some like the Injection Provider add only one with a shortcut to it accessible using the ServiceProviderBaseT.First property.
Services all implement an interface of their same name which must implement the IService interface.
The engine used involves a simple setup and an ObfuscationTask.
An ObfuscationTask contains the context of the obfuscation including the different Service Providers available. It also keeps the module that is currently being processed (unless inside an MDStage in which it is null) as a property.
It's always good to have something to be striving towards, right?
In the pipeline most certainly, perhaps using Echo, also by Washi1337. Would provide trace services including getting arguments for instructions and breaking methods into basic blocks.
Simply create a log of changes made perhaps as a service so that they can be resolved later.
- Uses the fantastic AsmResolver as the backing library.
- The once-famous Confuser and it's successor ConfuserEx source.