Dotfuscator is an application hardening and obfuscation tool for all .NET platforms. including the latest versions of Xamarin and .NET Core. PreEmptive is a trusted global leader of protection tools for Desktop, Mobile, Cloud, and Internet of Things (IoT) applications. We help organizations make their applications more resistant and resilient to hacking and tampering -- protecting intellectual property, sensitive data and revenue.
Website
https://www.ideracorp.com/
Category
Security
Suitable for enterprise
HQ Location
Houston, TX
Number of Employees
213
Year Founded
1999
Sign up for free
Media
Awards
Questions and Answers
See all questions and answers >Pros & Cons
If you've been in the .Net Dev space for any time, you've probably heard of Dotfuscator. But what you might not know are the people behind it. I've been dealing with a number of them, from Sales to Support, and every single time I come away happy. They are not a company that takes their money and runs, instead continue to look for ways to help use it, use it better and improve their communication (and of course, their products!). Even when you submit what you think is a bug, and instead, it's that you are doing it wrong (not that that ever happened to me ;), they are professional and above all, friendly.
Dotfuscator is an amazing 'multi-purpose' piece of genius (e.g., includes software protection and hardening services for developers, architects, and testers), so it's hard to choose what I like best. However, our team's most pressing need was directly related to securing devices to detect if our application is running on a rooted Android device. If so, terminate and/or respond to sessions on these devices.
I really like to use this tool, it's easy to use, with many options to protect the source code, and a very good speed of processing. I used it for about 5 years withouth any problem on deployment environments. This tool really helped us to avoid the intellectual property stealing from some customers who rented the solution developed but required to install it on their own servers due security concerns. Tech support is always kind and helpful, when needed.
Dotfuscator does what it says: It protects your .NET applications. There are many features. We just use the basic code obfuscation and this works great. Their support is very helpful if you encounter any issues or need help. As it is more or less an industry standard product, you can find plenty of tutorials and help online. Also the documentation is very good. Honestly, once put in place and set up, you could almost forget about it. Which is a good thing.
My initial implementation of Dotfuscator was an attempt at obfuscation without any changes to the source code. I used the Dotfuscator config editor to create the config files using the default obfuscation configuration and added those to my source. Then by utilizing the private NuGet package on Microsoft's hosted build agents for Azure DevOps, I used the Dotfuscator CLI pipeline task to perform obfuscation on-demand during deployment. It took me only a matter of hours to put things together, and after obfuscating my assemblies using Dotfuscator, 100% of my integration tests passed on the first run. Due to this success, we are pursuing the obfuscation of our mobile code using Xamarin.
Love the string encryption and removal features. It is great to know that my apps are protected
Good language to learn for beginners very helpful and easy to understand
I guess the "downside" of Dotfuscator is the number of options and configuration settings available. It's almost too good in that respect. That said, I wouldn't change the number of options, but maybe put a Dotfuscator for Dummies wizard in front for the first times...
We didn't hear about it sooner! A lot of time and effort would have been saved had we moved quicker to secure this product!
I don't have things to add to this list, once I undestood how the software works and how the final results are generated, all my issues with it where fully solved.
All the obvious drawbacks of obfuscation apply: - Renaming and string encryption will take more time the bigger your .NET application gets. Luckily newer versions can be run in parallel on all of your assemblies so this speeds things up greatly. - The obfuscated assembly that you deploy to customers won't necessarily be the same that your developers are working with. Though it happened rarely, we encountered bugs due to renaming (obfuscation) that no developer saw before a release version was built and tested. - Production stack traces will show obfuscated code. But de-obfuscating stack traces is an integrated tool so it's not that big of a deal. Pricing is higher than we'd like, but it's a quality product for development of professional .NET software and you get what you pay for.
Be cautious when adopting the latest version, as you may need to check compatibility between the product offerings. I was told that I could just swap in a new released version without requiring any changes to my configuration or pipeline. However, the update to 6.0.1 included breaking changes to the Visual Studio Marketplace CLi pipeline task I was using. I was forced to continue using the old version of the NuGet package (4.43.3) until the pipeline task is updated and released for compatibility with the new version of the private NuGet package.
It can be a bit tricky to automate between machines because of different file paths, but this won't be a problem if you have good communication with your team.
User should get a free or trial version for testing purpose or educational purposes
Video Reviews
Share
Latest Reviews
See all Reviews