A Better Obfuscation, or How To Write Code That Will Make Someone Kill You

Tags: .NET, C#

Tuesday, July 11, 2006 8:48:00 AM

The following code is perfectly valid C#, and compiles without errors:

int _;
_ = 5;

If we take it a bit further, we can do something like this:

int _, __, ___, ____;

_ = 5; __ = 10; ___ = 15; ____ = 20;

_ = __ - _ * ____ / ___;

Now I feel like I'm playing Hangman. I feel I should be filling in the blanks.

I've never run into anything like this in real code, I'm glad to say. But if Dotfuscator or any other obfuscating tool want to make their obfuscated code even harder to read, they should stop using the easy-to-remember "a", "b" .. "aa", "ab" variable names and switch to underscores. It's horrible.

8 Comments

  • foobar said

    I used to work with someone who used to do this all the time. Nothing like trying to figure out if __x and ___x and ____x were the same :)

  • AvnerK said

    Ars_inveniendi: Now imagine that you don't only have _ as variable names, but have all your methods obfuscated into the same names with with overloaded parameters. Most obfuscators will use single letters for these overloaded methods, but single letters are relatively easy to remember, even when obfuscated. Underscores? Hell!

  • GT said

    PreEmptive's Dotfuscator Pro does provide several renaming schemes. One renames everything to unprintable characters which is actually better than underscores because every symbol shows up as a the same box character. Of course, don't forget this will make stack traces rather hard to read.

  • Malcolm said

    I once had a coworker who created asp function with 7 variables named s1 - s7. As you read through the code he used combinations like s5 = s2 + s3 and s7 = s4 + s3. Mix that up with functions declared in-line and you have some of the best obfuscation yet. He understood why I rewrote any code he asked me to troubleshoot as opposed to debugging it.

Comments have been disabled for this content.