I have some questions about the ConfuserEx

[ghost]

Hello,

Really sorry to post my questions here in the issue tracker of github. But got no other way as ConfuserEx don't have any support forum or something like that.

My questions are as follows:

1. What the inherit protection tick mark does?
2. Why there are protections presets along with manual protection adding system?
3. How can I understand the protection presets are applying to my file or just the manually added protection methods?
4. What protections each of the presets have? Do they contain some combination of the protections which can be added manually?
5. I have an application which has these files : appname.exe, DotNetBar2.dll, MysqlData.dll, IonicZip.dll. So should I use all these files inside the protector for protection and making it a single .exe file? Or I just need to protect the appname.exe file. I am asking this because all the other DLL are public libraries available in the internet. The DotNetBar2.dll is the application's form styling library. The MysqlData.dll is the library using which my application makes database connections. And the last one IonicZip.dll does the work of creating or extracting zip files. So, please tell me is it good for me to pack all these files inside on .exe? Or in my case only protecting the appname.exe will do the trick?
6. Is ConfuserEx obsfucations supports Windows 10? Because I am having problem running my software in a Windows 10 environment with maximum preset protection. All works fine upto the agressive protection preset. Any good solution for this?
7. What possible settings I could use to protect my application at it's best and also doesn't destroy it's Windows 10, 8.1, 8, 7 and XP compatibility?
8. Is global settings applied to all the files or I have to manually set protection rules for each file?
9. Can I obsfucate C++ programs with this obsfucator? Or it only supports .NET obsfucation?
10. What does the seed blank and Generate Debug Symbols option does?

Developers, please if possible reply to these questions of mine to get all my confusions cleared about this software.

Thanks in advance...

[alexmurari]

Hi,

Well, quite a handful... let's go!

1. If you choose the 'Normal' preset (for example) and check the inherit box, all previous protections (like 'Minimum') will be inherited and apllied to your assembly. The same for 'Agressive', it will inherit 'Normal' and 'Minimum' presets...and so on.
2. This is by design, both work together.
3. This link has all information you need about ConfuserEx protections, and their corresponding presets.
4. See 3.
5. If these libraries are public, there's no need no add them in the protection routine, just make sure they are included in your release folder. But yes, they'll work if added in the protection... (since they are .NET assemblies :p).
6. Yes, they do. I am using right now all avaible protections of ConfuserEx in my app on Windows 10 environment. Continues on 7...
7. Well, the question isn't the OS, but your app and the choosen protections. There are some apps that doesn't work with resorces protection, others that doesn't work with XAML renaming. My advice, don't use the ConfuserEx's GUI, intead use the CRPROJ file with the confuser.CLI (just drag and drop the CRPROJ file in this EXE). The CRPROJ file is a XML document that let you customize the ConfuserEx project settings far beyond the GUI. This file is created when you save the project in the GUI. (So you don't have to manually create it).
8. Yes, global settings are for all added assemblies.
9. Only .NET assemblies (including mixed mode assemlbies).
10. Generate debug symbols check generates the 'PDB' files for the confused assemblies. The seed value in not sure, but I think it's the seed value for randomizing some protections like 'Renaming.

Hope I have helped you. :)

[ghost]

Thanks a lot MurariAlex. You helped me a lot. But with your suggestions I got some little more questions.

1. If the application of your's is running in Windows 10 properly with all the available protections then why my one is not working on Windows 10?
2. Actually I have no idea about how will I use the confuser.CLI to protect my file. What command lines would it support. And how could I make it compatible for working in Windows 10 using the CLI file?

You might be thinking why I am referring all the time Windows 10 in my problems. As you already said that the thing is not related to OS versions. But I am actually not able to believe in that point because after I used Maximum preset to protect my .exe file it runs in Windows 7 like charm. But the same file doesn't start in Windows 10 don't know why.

1. Can you please tell me me how can I use the maximum or all available protection methods for my .exe file? I mean to say that I want to use all the protection methods ConfuserEx have using the GUI maybe.

I asked this beacuse I will then protect my .exe file with the best security methods by ConfuserEx. Then I will check the protected file in different OS versions like Windows XP, 7, 8, 8.1 and 10. If any of the OS gives any problem I will then start deleting one protection method's like resource name changing or other and then test it on those operating systems. But for this first I need to protect my .exe file with the utmost protection ConfuserEx have.

Please help me here. Thanks in advance...

[alexmurari]

Hi,

Some protections may not be compatible across different versions of .NET framework, like the JIT anti-tamper. What you can do is customize protections, or remove some of them to know which one is crashing your app.

Follow these steps to customize the protections and use the CLI:

1. Open the GUI and set up the configurations to protect your app, manually add all protections, assemblies and output folder like you did before.
2. Click on the save button to save this project, it´ll create a CRPROJ file.
3. Open the CRPROJ file that you just created wuth a text editor. Edit it to customize the protections.

Example:

  <rule pattern="true" inherit="false">
    <protection id="anti ildasm" />
    <protection id="anti tamper" />
    <protection id="constants" />
    <protection id="ctrl flow" />
    <protection id="anti dump" />
    <protection id="anti debug" />
    <protection id="invalid metadata" action="remove" />
    <protection id="ref proxy" />
    <protection id="resources" />
    <protection id="rename" >
        <argument name="renXaml" value="false" />
    </protection>
  </rule>

Is this example, I am removing the invalid metadata protection and modifying the rename protection, the XAML elements will not be renamed in this case. It´s just an example, in the link that I provided in the previous comment, you can learn all arguments that can be customized in each protection.

To use use this file, just drag and drop it on the confuser.CLI.exe or pass it as argument to it. :)

[ghost]

Can you please provide me the best security and compatible configuration of all the 10 protection methods? The configuration should be for the best protection until it reaches any incompatibility.

This help would be really appreciated.

Thanks in advance...

[alexmurari]

Each app is unique, for my needs I only remove resources encryption and XAML renaming (when the app is WPF):

    <protection id="anti ildasm" />
    <protection id="anti tamper" />
    <protection id="constants" />
    <protection id="ctrl flow" />
    <protection id="anti dump" />
    <protection id="anti debug" />
    <protection id="invalid metadata" />
    <protection id="ref proxy" />
    <protection id="resources" action="remove" />
    <protection id="rename" >
        <argument name="renXaml" value="false" />
    </protection>

This is for my scenario, but I can´t balance protection and compatibility for you. You gotta try it for yourself until you reach a satisfatory level in your scenario.

[ghost]

Got it...Thanks a lot man for all your help. All the confusions are now cleared. Thanks a lot again.