I’m attempting to obfuscate my .NET plugin for Rhino7 but I’m running into issues with the format.
When attempting to load the .rhp into Rhino there is an error stating that it’s in an incorrect format.
I’m wondering if anyone has successfully done this in the past with Obfuscar or some other tool, and if the information is available does anyone know the expected format of a .RHP file so i can cross-reference it with my output.
I’m aware the .RHP is essentially a .DLL but due to this error I’m worried that maybe the entry point Rhino expects or some other critical element is being obfuscated.
The Obsfucation tools generally leave your public method and signatures intact. Since this is all that is visible to Rhino it generally works fine.
The best advice is to start with minimal Obfuscation and iteratively enable more and more advanced features until either you break something or you are happy with the level of obfuscation. You should use a decompiler to check what is being done.
Of course any obfuscation can be broken with enough time and effort - I think the most you can do it to raise the effort bar to a point where its easier for people to pay for a license or to write their own clone of your software rather than try and unpick your dll and use your source code…
That’s exactly my intention, just to make it hard enough so that the average Joe can’t google de-compiler and have access to all the code.
Just to confirm you were able to run some obfuscator on a .RHP file directly?
I’m thinking of separating the logic into a separate .DLL to ensure I don’t mess with any Rhino specific formatting within a .RHP file and just obfuscating the separate .DLL.
Basically to have the .RHP be a wrapper for the DLL.
For the RHP, I have had to first obsfucate the .dll and then rename it (or copy+rename, delete original). Eventually this can be integrated into your build cycle.
I’ve taken both approaches in the past, we now obsfucate the RHP file and also our other dll’s.
I applied obfuscation on my first plugins.
But to be honest, I have a different opinion on it nowadays. First question is to ask if it’s worth to do it!
If you are more a library consumer, then there is no point. You rather obfuscate something which is available anyways. So what is the skill other than the entire thing?
If you are implementing own and difficult algorithms, you might consider to make it Open-Source anyway and benefit from having your name under something great. You can choose a copy-left license if you want to prevent companies in commercially using it, but if nobody knows you did it, everyone else can claim they have invented it. Open-Source repositories have a date!
You cannot defeat piracy. With AI nowadays, reversing even obfuscated code is significant easier. But did you ever went into another project and just steal one or two functions? This is not how its going to work for complex projects.
People just reference your dll or copy the entire thing. As long as it runs, it’s not important if it’s obfuscated or not. If you want to prevent this, just build in traps.
Other than that, you should not use existing obfuscators, but use your own tooling. Then there is no tool out there to deobfuscate it. Also note that even if it works in your system, obfuscated code can trigger an antivirus alert or even silently inject malware. Are you blindly trusting free obfuscation software?