carlosedufs / protobuf-net

Automatically exported from code.google.com/p/protobuf-net
Other
0 stars 0 forks source link

Obfuscation-friendly protobuf-net.dll #358

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Please make all protobuf-net code obfuscation-friendly. I am merging all 
application dependencies including protobuf-net.dll into single monolithic 
executable, which then gets obfuscated. For this reason, I need 
protobuf-net.dll to be compatible with obfuscators.

Specifically, please reference all attribute names like this:

typeof(ProtoContractAttribute).Name

rather than just by "ProtoContract" string. When referenced this way, 
attributes can be renamed safely by obfuscators.

An alternative approach is to just mark all attributes with 
ObfuscationAttribute, but the above approach is better since it makes it harder 
for attackers to identify message classes in the obfuscated assembly.

I don't think there is anything else preventing obfuscation. When I exclude 
attributes from obfuscation, protobuf-net is able to perform serialization 
without exceptions.

Original issue reported on code.google.com by robert.v...@gmail.com on 25 Feb 2013 at 2:48

GoogleCodeExporter commented 9 years ago
I've played with obfuscators a little more and this is the filter I am 
currently using:

ProtoBuf.BclHelpers
ProtoBuf.ProtoReader
ProtoBuf.ProtoWriter
ProtoBuf.*Attribute
ProtoBuf.Meta.TypeModel

It would make my life (and life of many protobuf-net users) easier if these 
cases are excluded via ObfuscationAttribute directly in protobuf-net code. Or 
even better if the code is written without dependency on specific class/method 
names.

One more issue I have found is that protobuf-net doesn't like enum obfuscation 
that inlines enum values and leaves the enum empty. Apparently protobuf-net 
checks whether there is an enum member with value corresponding to whatever is 
found in the input stream. If it's not there, protobuf-net throws exception. 
This is usually correct behavior, but it requires me to filter enum messages 
out of obfuscation. I would prefer to have an options that lets me to turn off 
this check in release build.

Original comment by robert.v...@gmail.com on 4 Mar 2013 at 6:25