The Ramblings of Two Microsoft .NET Developers, TFS, and Visual Studio ALM Guys --- "Yes, we are both named Ed."

Integrating Dotfuscator into Team Build (TFS)



If you happen to use Dotfuscator by PreEmptive Solutions then you have probably wondered how to integrate this into your automated Team Builds.  They happen to include an MSBuild task for calling the proper command-line functions but don't have much documentation about this feature.

Background Obfuscation Information:  In general, obfuscation prevents reverse engineering of your software by using different techniques to make the MSIL of your .NET compiled application less understandable.  Several different companies use many techniques for doing this including: string encryption, renaming of symbols, control flow manipulation, etc.  If you've ever used Reflector for .NET you know how easy it is to look at reverse-engineered "source code" for a .NET application.

  • Start by putting your Dotfuscator configuration file in the folder that contains your team build script (i.e. TFSBuild.proj) and it to source control.
  • Open up your team build script and edit it.  (Be sure to check it out first.)
    • Start by adding a reference to the proper custom targets file that is provided.  You should have a Dotfuscator Build Machine license installed on the TFS Build Server(s.)  If you got the wrong license version, just ask them for upgrade pricing.

      <Import Project="$(MSBuildExtensionsPath)\PreEmptive\Dotfuscator\4.0\PreEmptive.Dotfuscator.Targets" />

 

    • Next, add a section for the Dotfuscator Properties you will need.  You'll notice we have a keys directory that gets pulled down from source control during the build process.  We keep our strong name key in this direcotry and the keydir directory property is for resigning the assemblies after the obfuscation is complete.

        <!-- Properties for Dotfuscate Task-->
        <
      PropertyGroup
      >
          <
      ConfigPath>$(SolutionRoot)\..\BuildType\Dotfuscator.Configuration.xml</ConfigPath
      >
          <
      InputPath>$(SolutionRoot)\..\Binaries\Release</InputPath
      >
        </
      PropertyGroup
      >
        <
      PropertyGroup
      >
          <
      DotfuscatorProperties
      >
            <
      targetdir>$(InputPath)</targetdir
      >
            <
      keydir>$(SolutionRoot)\Keys</keydir
      >
          </
      DotfuscatorProperties
      >
        </
      PropertyGroup
      >
        <
      ItemGroup
      >
          <
      InputAssembly Include="$(InputPath)\*.dll;$(InputPath)\*.exe" Exclude="$(InputPath)\*.vshost.exe"
      />
        </
      ItemGroup
      >  

 

    • Finally, customize the AfterCompile target by adding the Dotfuscate task with appropriate property settings.  See more information about Customizable Team Foundation Build Targets.

        <Target Name="AfterCompile">
          <!--
      Perform obfuscation steps after assemblies are compiled.
      -->
          <
      Dotfuscate InputAssemblies="@(InputAssembly)" Properties="$(DotfuscatorProperties)" ConfigPath="$(ConfigPath)"
      >
            <
      Output TaskParameter="MappingFile" ItemName="DotfuscatorMappingFile"
      />
            <
      Output TaskParameter="ReportFiles" ItemName="DotfuscatorReportFiles"
      />
            <
      Output TaskParameter="OutputAssemblies" ItemName="DotfuscatedAssemblies"
      />
            <
      Output TaskParameter="SatelliteAssemblies" ItemName="DotfuscatedSatelliteAssemblies"
      />
            <
      Output TaskParameter="DebugSymbols" ItemName="DotfuscatedDebugSymbols"
      />
          </
      Dotfuscate
      >
        </Target
      >
  • Next, take some time to edit your Dotfuscator configuration file.  Notice the properties I am using in my sample project below and what is being set in the Dotfuscator properties collection in the Team Build script above.  Basically, I have just cleared the property values out to make sure that the MSBuild task populates them correctly.

    <?xml version="1.0" encoding="utf-8" standalone="no"?>
    <!
    DOCTYPE dotfuscator SYSTEM"http://www.preemptive.com/dotfuscator/dtd/dotfuscator_v2.1.dtd"
    >
    <
    dotfuscator version="2.1"
    >
      <!--
    This is application generated code. Do not edit manually.
    -->
      <
    propertylist
    >
        <
    property name="targetdir" value=""
    />
        <
    property name="keydir" value=""
    />
      </
    propertylist
    >
      <
    global
    >
        <
    option>verbose</option
    >
      </
    global
    >
      <
    input
    >
        <
    asmlist
    >
          <
    inputassembly
    >
            <
    option>library</option
    >
            <
    file dir="${targetdir}" name="Shared.Library.dll"
    />
          </
    inputassembly
    >
        </asmlist>
      </
    input
    >
      <
    output
    >
        <
    file dir="${targetdir}\Dotfuscated"
    />
      </
    output
    >
      <
    tempdir
    >
        <
    file dir="${targetdir}\Dotfuscated"
    />
      </
    tempdir
    >
      <
    renaming
    >
        <!--
    <mapping>
          <mapoutput overwrite="false">
            <file dir="${targetdir}\Dotfuscated" name="DotfuscatorMapFile-KeepSecure.xml" />
          </mapoutput>
        </mapping>
    -->
      </
    renaming
    >
      <
    controlflow level="high"
    />
      <
    stringencrypt
    >
        <
    includelist
    >
          <
    assembly
    >
            <
    file dir="${targetdir}" name="Shared.Library.dll"
    />
          </
    assembly
    >
        
    </includelist>
      </
    stringencrypt
    >
      <
    signing
    >
        <
    resign
    >
          <
    option>dontuseattributes</option
    >
          <
    key
    >
            <
    file dir="${keydir}" name="StrongName.key"
    />
          </
    key
    >
        </
    resign
    >
      </
    signing
    >
    </
    dotfuscator>
     
  • That's it.  Finally, just customize it to your heart's content!

 

Feel free to let me know if I can improve this in any way!  I'm always looking to efficiently refactor our Team Build scripts.

 

Ed B.

Posted in TFS


Tuesday, March 18, 2008 9:02:45 AM (Pacific Standard Time, UTC-08:00)
Hi,

i have a buildmschine with only TFS-Buildserver installed.
in this case, tfs build generated follow error message.

have you an idea why dofuscator don't find the path to ildasm.exe

thx for help
rs

Task "Dotfuscate"
Dotfuscator Professional Edition Version 4.2.5005.34747 Build machine license. This software may be used on binaries for general release.
Copyright 2002-2007 PreEmptive Solutions, LLC All Rights Reserved.

Loading Assemblies...
Could not find a compatible version of ildasm to run on assembly C:\C\Binaries\Release\iProfiler.WebServices.MeasurementServices.dll. This assembly was originally built with .NET Framework v2.0.50727.
Build Error.
C:\C\BuildType\TFSBuild.proj(327,5): error : Could not find a compatible version of ildasm to run on assembly C:\C\Binaries\Release\iProfiler.WebServices.MeasurementServices.dll. This assembly was originally built with .NET Framework v2.0.50727.
Done executing task "Dotfuscate" -- FAILED.
Done building target "Dotfuscator" in project "TFSBuild.proj" -- FAILED.
Done Building Project "C:\C\BuildType\TFSBuild.proj" (EndToEndIteration target(s)) -- FAILED.
rs
Tuesday, May 06, 2008 12:45:26 PM (Pacific Daylight Time, UTC-07:00)
I got the same error: Could not find a compatible version of ildasm to run on assembly.

My project was built using .net framework 2.0 and migrated to the .net framework 3.5 using VS 2008.

Any idea?
Giovan Gentile
Monday, January 27, 2014 11:16:56 PM (Pacific Standard Time, UTC-08:00)
Is there a section on TFS 2012 somewhere?
Tuesday, January 28, 2014 9:26:15 AM (Pacific Standard Time, UTC-08:00)
Hi arclight,

You use the same concepts as described in the blog post in TFS 2012 and TFS 2013.
Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

[Captcha]Enter the code shown (prevents robots):

Live Comment Preview