Recently, I wanted to make sure that Windows Phone 7 applications we publish are protected with obfuscation and since PreEmptive provides a free professional tool called Dotfuscator, I thought I'd give it a try. I've been using DeepSeaObfuscator for years and this blog really is not about comparing these two but to provide a step by step guide on how to take your release Windows Phone 7 xap file and obfuscate using dotfuscator. I had to open a support ticket just to figure out how to make it work so I figure this will be good information for everyone using it.
Obfuscation of your xap is about protecting your intellectual property from disassemblers or possibly hiding sensitive information that is in your code.
There are great free tools like Reflector that allow you to disassemble your exe, and dll. If you want to protect your xap file then obfuscation is great way to make things harder for people to extract what they want out of your dll or exe. It is not 100% fail-proof but it will definitely slow things down.
How to disassemble using Reflector?
For your xap simply rename you xap extension to zip and use your favorite tools like 7Zip to unzip and you will see all the contents of the xap including dll’s that you can disassemble using Reflector.
When you open your unzipped dll in Reflector you will see something similar to the below figure:
How to Use PreEmtive dotfuscator?
Here you will see the step by step guide in configuring your dotfuscator so you can successfully obfuscate your xap. You will require to set certain configuration to make this work property.
1. Open Dotfuscator and browse to your xap and select as shown below.
2. Click on Settings choose the settings below shown. Notice here that I had to DISABLE renaming because otherwise my obfuscated app will not run. Renaming is where it renames your variables, remove namespaces, and/or properties can be removed. Basically problem with renaming is because properties are bound to XAML binding and it has potential to break the app when obfuscated. Everything else I took a default option here.
3. Another I thing had to do was to add User Defined Assembly Load Path to C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\Silverlight\v4.0\Profile\WindowsPhone in order to build successfully to be obfuscated as shown in below:
4. Simply click Build or File –> Build and your obfuscated file will be in .\Dotfuscated.
Testing your obfuscated XAP
You would now need to test your xap either using emulator or your real device.
1. Go to Start –> All Programs –> Windows Phone Developer Tool and click on Application Deployment
2. From Application Deployment Window select your XAP by browsing to the location of obfuscated XAP as shown below:
3. Choose Windows Phone 7 Emulator from Target dropdown and click Deploy.
4. Your Emulator will popup and install your xap and you will need to test to make sure it runs correctly
Here you learned about obfuscating the XAP using dotfuscator and even if you are using DeepSeaObfuscator configuration and process is similar.