How to Obfuscate Your .NET Assemblies with Skater and Integrate It into Your Build Pipeline
Protecting your .NET assemblies from reverse engineering is an important step in securing your intellectual property. One straightforward way to achieve this is by using Skater, which provides both a graphical user interface (GUI) and a command-line interface suitable for automation.
This article walks through how to obfuscate assemblies using Skater GUI first, and then how to integrate Skater into your Visual Studio build process and Azure DevOps pipeline.
Step 1: Obfuscate Assemblies Using Skater GUI
Skater GUI allows you to obfuscate files manually with minimal effort. You simply select the target assembly, configure the desired obfuscation options, and run the process. This is a convenient way to verify that Skater works correctly with your project and to understand which transformations are applied.
Once you are comfortable with the results produced by the GUI, the next logical step is to automate the process as part of your build.
Step 2: Integrate Skater into the Visual Studio Build Process
To automate obfuscation, Skater can be executed as a Post-build event in your Visual Studio projects. This ensures that every time the project is built, the resulting assembly is automatically obfuscated.
In the project properties, add the following command to Post-build event command line:
"C:\Program Files (x86)\RustemSoft\Skater\Skater.exe"
-SOURCE="$(TargetPath)"
-OUTPUT="$(TargetPath)"
-KEY="$(ProjectDir)KeyFile.snk"
-WRITELOG="$(TargetDir)Skater.log"
-ALLPRIVATE
-CONCEALSTRINGS
-FLOW
What this command does:
- SOURCE / OUTPUT: Uses the compiled assembly as both input and output, replacing it with the obfuscated version.
-
KEY: Applies strong-name signing using the specified
.snkfile. - WRITELOG: Writes a detailed obfuscation log to the target directory.
- ALLPRIVATE: Obfuscates all private members.
- CONCEALSTRINGS: Protects string literals.
- FLOW: Applies control-flow obfuscation.
With this configuration in place, building the solution in Visual Studio on your development machine will automatically obfuscate the DLLs of the relevant projects via the command-line interface.
Important Note About Parallel Builds
To avoid file access conflicts and ensure predictable results, you must configure Visual Studio to build projects sequentially:
- Go to Tools → Options → Projects and Solutions → Build and Run
- Set Maximum number of parallel project builds to 1
This guarantees that each project is built and obfuscated one after another.
Step 3: Running the Build in Azure DevOps
After verifying that the post-build obfuscation works locally, you can move on to your CI/CD environment.
Assume you are using Azure DevOps with your own self-hosted build agent. When the pipeline starts, the solution builds successfully, just as it does on your development PC.
Because Skater is executed as part of the post-build step, no additional pipeline configuration is required—as long as:
- Skater is installed on the build agent
- The paths used in the post-build command are valid on the agent machine
Verifying the Result
After the pipeline finishes, you can inspect the build server’s output directory. You will find that the produced DLL assemblies are already obfuscated. This confirms that Skater has been successfully integrated into the automated build process and is working correctly in both local and CI environments.
Summary
By combining Skater GUI for initial testing with command-line execution in post-build events, you can:
- Obfuscate assemblies automatically
- Keep your build process consistent
- Seamlessly run the same protection steps locally and in Azure DevOps
This approach ensures your delivered binaries are protected without adding manual steps to your workflow.
Top comments (0)