How to use Dotfuscator in Visual Studio

Dotfuscator tutorial

PreEmptive Protection - Dotfuscator provides comprehensive .NET application protection, integrating easily into the secure software development lifecycle. Dotfuscator works on compiled assemblies without needing source code or additional programming.

In this post, I will explain how to use Dotfuscator in Visual Studio 2017, 2019, and 2022. Dotfuscator Community 6 is included in the latest versions of Visual Studio 2022.

How to use Dotfuscator in Visual Studio

Dotfuscator is available as part of the Visual Studio installation or as a standalone tool. If not installed, you can find it in the Visual Studio Marketplace or download the Dotfuscator Community edition.

Dotfuscator has different licensing options, including a free community version with limited features and a premium version with more advanced features.

Go to Extensions > Manage Extensions in Visual Studio, then search for Dotfuscator to install it.

After completing the Dotfuscator installation, open your Visual Studio and select Tools => PreEmptive Protection - Dotfuscator

Clicking Ok button.

Entering your information, then click Submit button.

Clicking Download Now button.

Enter your confirmation code. You can find it in the email when completing registration.

I'll create a new Console Application project, then make a simple c# example as shown below.

// dotfuscator visual studio 2022
class Program
{
    static void Main(string[] args)
    {
        // Press Ctrl+F5 (or go to Debug > Start Without Debugging) to run your app.
        int limit = 77;
        string connectionString = ConfigurationManager.ConnectionStrings["cn"].ConnectionString;
        for (int i = 1; i <= limit; i++)
        {
            using (SqlConnection cn = new SqlConnection(connectionString))
            {
                if (cn.State == System.Data.ConnectionState.Closed)
                    cn.Open();
                using (SqlCommand cmd = new SqlCommand($"select ProductName from Products where ProductID={i}", cn))
                {
                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                            Console.WriteLine(string.Format("{0}: {1}\n", i, reader.GetString(0)));
                    }
                }
            }
        }
        Console.ReadKey();
    }
}

Opening your App.config file, then add a connection string as shown below.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
    </startup>
  <connectionStrings>
    <add name="cn" connectionString="Data Source=.;Initial Catalog=Northwind;User ID=sa;Password=123@qaz;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
</configuration>

You should modify your connection string based on your sql account and database. I'm using Northwind database to play demo.

The example above allows you to connect to sql server, then retrieve products data from the products table in your Northwind database.

To release your application, you should change from Debug to Release mode, then rebuild your project.

Preemptive dotfuscator

Preemptive Dotfuscator refers to a technique or tool used to protect .NET applications from reverse engineering and tampering. Dotfuscator is a popular obfuscation tool used for this purpose, and "preemptive" often refers to preventing attempts to decompile or understand the code before they even occur.

Opening your Visual Studio and select Tools => PreEmptive Protection - Dotfuscator

Selecting Input item, then click Add button => Select your executable in the release directory => Click Build button.

After completing the build, you will see detailed information below the screen

You will find the file ofuscator in the Dotfuscated folder located in the Release folder.

If you use the dnspy ​​tool to view the executable file, you might find that your file is decompiled.

DNSpy is a popular open-source .NET assembly browser and decompiler. It's a powerful tool for .NET developers and security researchers, providing capabilities for reverse engineering, debugging, and analyzing .NET applications.

Here are some of its key features:

1. Decompilation: DNSpy can decompile .NET assemblies into C# or Visual Basic code, allowing users to analyze and understand the logic of compiled .NET applications.

2. Assembly Editing: It provides the ability to modify .NET assemblies directly within the tool, including editing IL code, renaming classes/methods/fields, and more.

3. Debugging Support: DNSpy allows users to debug .NET assemblies by attaching to running processes or opening them directly. It provides features such as breakpoints, stepping through code, inspecting variables, etc.

4. Assembly Analysis: DNSpy provides various analysis tools to inspect .NET assemblies, including metadata, resources, types, methods, and more.

5. Plugin System: DNSpy supports a plugin system, allowing users to extend its functionality with custom plugins.

6. Cross-Platform: DNSpy is cross-platform and can run on Windows, macOS, and Linux operating systems.

7. Integration: It integrates with other tools commonly used in the .NET development ecosystem, such as Visual Studio and .NET Reflector.