Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NativeAOT Protect #96543

Closed
dadavadd opened this issue Jan 5, 2024 · 4 comments
Closed

NativeAOT Protect #96543

dadavadd opened this issue Jan 5, 2024 · 4 comments
Labels
area-NativeAOT-coreclr question Answer questions and provide assistance, not an issue with source code or documentation.

Comments

@dadavadd
Copy link

dadavadd commented Jan 5, 2024

Hello. You've probably heard about software for obfuscation of method and class names for IL2CPP Unity? (Beebyte) Will it be possible to create the same obfuscators for NativeAOT? For example, for string obfuscation.
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Jan 5, 2024
@ghost
Copy link

ghost commented Jan 5, 2024

Tagging subscribers to this area: @agocke, @MichalStrehovsky, @jkotas
See info in area-owners.md if you want to be subscribed.

Issue Details

Hello. You've probably heard about software for obfuscation of method and class names for IL2CPP Unity? (Beebyte) Will it be possible to create the same obfuscators for NativeAOT? For example, for string obfuscation.

Author: dadavadd
Assignees: -
Labels:

area-NativeAOT-coreclr
Milestone: -

@jkotas jkotas added the question Answer questions and provide assistance, not an issue with source code or documentation. label Jan 5, 2024
@Symbai
Copy link

Symbai commented Jan 5, 2024

You can already use (.NET) obfuscators with NativeAOT (at least those which obfuscate during build). But the main reason for obfuscation in .NET is that people don't load your assembly in dnSpy and get the full source code back. With nativeAOT this becomes obsolete.

If you want further protection especially at runtime you should use other protectors made for native code in first place. Like Enigma, Themida, VMProtect etc. Unlike with IL they work very well with nativeaot now.

But string obfuscation in .NET is pretty useless, no matter if IL or native code because a simple memory dump at runtime will reveal the plain text.

@jkotas
Copy link
Member

jkotas commented Jan 5, 2024

NativeAOT does not preclude use of IL obfuscators.

Note that IL obfuscators tend to introduce number of issues, including performance regressions or hard to debug crashes. It is not unusual for .NET runtime support requests that involve obfuscated code to be closed as a problem introduced by the IL obfluscator. This is the case with native AOT as much as it is with all other runtime flavors.

@jkotas jkotas closed this as completed Jan 5, 2024
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Jan 5, 2024
@charlesroddie
Copy link

Hello. You've probably heard about software for obfuscation of methods for IL2CPP Unity? (Beebyte) Will it be possible to create the same obfuscators for NativeAOT? For example, for string obfuscation.

In NativeAOT you can use the little-known feature <StackTraceSupport>false</StackTraceSupport> to remove names of methods. See #96339 (comment) .

@github-actions github-actions bot locked and limited conversation to collaborators Feb 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-NativeAOT-coreclr question Answer questions and provide assistance, not an issue with source code or documentation.
Projects
AppModel
Archived in project
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jkotas @Symbai @charlesroddie @dadavadd