David Grey's Blog

Friends of Redgate logo

Global Code Analysis Suppressions Compromise Effectiveness of Obfuscation

One of the things I always do when I start a new C# project is turn on Code Analysis for the project and set all of the rules to return errors rather than warnings. This might seem rather draconian but once you get used to the rules it's fairly straightforward to write code that complies with them. Just now and again though you get tripped up by a rule and you can't change the way the code is implemented for a perfectly valid reason. In these specific cases you can prevent the rule from causing problems by suppressing the rule. Rule suppression works by adding a rule suppression attribute either to the code entity (class, method, property, field, etc) directly or in a GlobalSuppressions.cs file.

One of the other things I regularly do is enable obfuscation of my code using an obfuscation tool as I want to have maximum protection of my intellectual property. I usually pick the obfuscator settings so that it munges the binaries as much as possible and removes any intelligence about my code that namespace and type names might reveal.

Imagine my surprise then when I opened up an obfuscated assembly in Reflector the other day and choose to disassemble an assembly that had global code analysis rule suppressions. There, sat in the assembly metadata in plaintext, was the code analysis global rule suppression attributes with the names of the types, etc to which they apply. There are some other non-global rule suppression attributes in the same assembly but they are just attached to an (obfuscated) type/field and because they contain no name information these attributes do not reveal any additional information that might help someone trying to reverse engineer my code. However the global attributes might do - although the types they apply to are obfuscated, the global attributes contain the plaintext name information which gives some information about the organisation and possible functionality of my code. Although it doesn't give much to go on, it does give an attacker a bit of an advantage.

So in short, if you want to maximise your protection through obfuscation, watch out for those global code analysis suppressions.

del.ico.us del.ico.us | Digg It Digg It | Technorati Technorati | StumbleUpon StumbleUpon | Furl Furl | reddit reddit

Posted: Oct 18 2007, 05:42 PM by David
Filed under: , , ,

Comments

No Comments