| Feature | Obfuscator (obfuscate) | Obfuscator (merge) | Obfuscator (embed) | ILMerge | Costura.Fody | LibZ |
|---|---|---|---|---|---|---|
| Can obfuscate |  |
 |
|
|
|
|
| Dead code elimination | |
|
|
|
|
|
| Very large projects | 1 |
1 |
|
1 |
|
|
| Safe to reference assemblies by name | |
|
|
|
|
|
| Safe to use reflection on objects | 2 |
2 |
|
|
|
|
| Sharing assemblies between executables | |
|
|
|
|
|
| Does not alter compiled assemblies | |
|
|
|
|
3 |
| Compress assemblies | 4 |
4 |
|
|
|
|
| Compress resources | |
|
|
|
5 |
5 |
| Use alternative compression algorithms | 6 |
6 |
6 |
|
7 |
8 |
| Merge assemblies with conflicting resources | 9 |
9 |
|
|
|
|
| Mixing 32-bit and 64-bit assemblies | |
|
10 |
|
|
|
| MEF discovery11 | |
|
|
|
|
|
| Risk that it just won't work | High | Medium | Low | Medium | Low | Low |
| Intellectual property protection12 | Medium | None | Low | None | None | None |
- It's yes, but I've seen ILMerge and commercial obfuscator crashing with OutOfMemoryException on 15MB executable (actually ILMerge could crash much earlier)
- With obfuscation and pruning it's not safe. Obfuscation changes member names, pruning can remove member completely when they are not used "conventionally". You need to do some mumbo-jumbo with attributes and/or configuration files to prevent that. But you need to know upfront which classes are you going to use reflection on. If you don't know on compile time it makes the whole obfuscation/pruning useless. Please note that Dapper uses reflection on anonymous classes. You can't add attributes to anonymous classes. There are workarounds but the whole thing requires some (up to "a lot of") work.
- The standard approach to LibZ does alter compiled assemblies (so it should be 'No' like the others). There is a way, though, requiring dropping one file into a project to avoid post-processing completely.
- Pruning is king of compression (removing redundancy). It has some disadvantages (again: reflection), but it's quite useful to remove code which does not get called at all. Additionally you can create mini-bootstrap application which embeds (and compresses) merged/pruned assembly. It's two stage process, but gives best results.
- Resources are compressed because assemblies are compressed. It's not real resource compression.
- The obfuscator I know uses zlib.
- Costura.Fody uses built-in deflate.
- By default LibZ uses built-in deflate, but you can plug in any algorithm you want.
- To be honest I actually don't know (never tried) but it doesn't seems possible as you could build resource names to load dynamically in your code.
- Unless you handle it yourself I'm not sure if it is able to decide which one to load.
- Of course, with all those solutions you can get MEF catalogues knowing the assembly, but this is about discovery.
- Some may say that "all of them give zero protection". But, let's face it, wannabe hacker can be stopped by good obfuscator. With protection is like with encryption: you can call protection unbreakable if cost of breaking it is greater than price of the thing it is protecting.