Protecting and Analyzing .NET Code with ConfuserEx 2 ConfuserEx 2 is the modern, open-source successor to the widely used Confuser and original ConfuserEx projects. It serves as a powerful protector for .NET applications, offering advanced obfuscation techniques to safeguard intellectual property from reverse-engineering. Key Features of ConfuserEx 2
Go to the Protect! tab and click the button. Once finished, you can verify the obfuscation by attempting to open the output file in a tool like dnSpy. Security Research: Deobfuscation Techniques confuserex 2
| Feature | Description | Effectiveness vs v1 | |---------|-------------|---------------------| | | Mangles namespaces, classes, methods, parameters (non-encryptable symbols preserved). | Slightly improved – less predictable hex names. | | Control Flow | Adds junk code, predicates, and dispatcher-based jumps. | Moderate – new patterns resist simple de4dot. | | Constant Encryption | Embeds constants in encrypted buffers, decrypted at runtime. | Weak – runtime decryption exposes cleartext in memory. | | Resources Encryption | Compressed + encrypted embedded resources (e.g., binaries, configs). | Good – resources not trivially extractable. | | Anti-Tamper (Hash) | Signs assembly hash; if modified, app refuses to run or crashes. | Improved – uses stronger hashing (SHA256) vs original MD5. | | Anti-Debug | Detects debuggers (IsDebuggerPresent, remote threads). | Basic – bypassable with kernel-mode debuggers. | | Reference Proxy | Indirect method calls via proxies, obscuring call graphs. | Moderate – complicates static analysis. | Protecting and Analyzing
: Includes features that detect if a debugger is attached or if the assembly has been modified, often causing the program to terminate if it detects unauthorized analysis. tab and click the button