Obfuscate and optimize method IL code
Performs advanced targeted transformations on method instructions which obfuscate control flow and make compiler constructs hard to infer and decompile. Rummage will never insert unnecessary branches (which can slow down code), but instead reorders code blocks and replaces instruction sequences with equivalents. In many cases Rummage eliminates redundancy and local variables.
Before | After |
---|---|
for (int i = 0; i < count; i++) Console.WriteLine(i); |
object arg_01_0 = 0; while (true) { object expr_01 = arg_01_0; if (expr_01 >= count) break; Console.WriteLine(expr_01); arg_01_0 = expr_01 + 1; } |
Normally the decompiler would have been able to deduce the for loop structure, but after Rummage it fails to do so, and also chooses the wrong type for the locals (so its output wouldn't compile). Moreover, the obfuscated IL has no locals at all (the i got eliminated completely):
Before (IL) | After (IL) |
---|---|
.locals init ( |
|
Observe that while the decompiled code looks longer than the original, the actual underlying IL code was significantly shortened by Rummage.
Rummage makes irreversible changes that make the code very hard — even for a human — to express in a source language such as C# or Visual Basic.NET.
Decompilers, out of necessity, assume that the IL is the result of a compiler; however, the modified IL is structured in a way that no compiler would output.
Rummage uses a mathematical proof technique to guarantee that the changes are safe and make no difference to the program semantics.