Can obfuscar be used with Blazor WebAssembly

Question

I created a Blazor WebAssembly with code that I want to obfuscate. The tool obfuscar works well but when I replace the original dll with the obfuscated one, my website cannot be loaded. The dev tools show the following errors:

• Failed to find a valid digest in the 'integrity' attribute for resource 'https://[...].dll' with computed SHA-256 integrity '[...]'. The resource has been blocked.
• Unknown error occurred while trying to verify integrity.
• Error: Failed to start platform. Reason: TypeError: Failed to fetch at St (blazor.webassembly.js:1)
• Uncaught (in promise) TypeError: Failed to fetch at service-worker.js:22 at async onInstall (service-worker.js:22)

This even happens when I set all obfuscation attributes to false, e. g. <Var name="RenameFields" value="false" />

1. Can obfuscar be used with Blazor WebAssembly and if so, how? (Is this even a problem with Blazor wasm?)
2. If obfuscar cannot be used, is there a (free) obfuscation tool, I could use?

Many thanks

Philipp

Answer 1

I've tried obfuscar a while back before and it also didn't work for me.

Not sure how well the paid ones work. If you're not looking for something complicated, you can write a simple one.

I did a blazor project for a not-for-profit and wrote a simple obfuscator for that - not foolproof - just to make it hard for someone to read if they look at the dlls

1. Copies all cs files from the source solution to a target obfuscator solution
2. Each filename is renamed along with the corresponding filename in the csproj if the filename is in the csproj
3. For each file, rename words (namespaces, methods, variables) that are marked (eg ending with certain custom character or word)
4. For each file, remove comments - checking for //, /* not within a string
5. For each word that are renamed in the each file, add it to a dictionary of words and store the list somewhere for each file.
6. Store another dictionary of words for global/public variables/methods so this can be reuse for all files, using the same rename for those words

Make sure in the generated obfuscated that the unit tests still work. Use something like ILSPY to check the dlls and see how they look, if you're happy with it.

7. Write a simple unobfuscator by looking at the dictionary of words to unobfuscate any error output messages.

The most work is not in the obfuscation codes but in marking which methods/variables to be obfuscated (ending with certain customer character or word) in the source codes especially if there are lot.
I separated local variables and public variables/methods by capitalization or underscoring the public variables/methods. Attributes are named differently as they should end with the word Attribute.

As for encrypting text/strings, it doesn't look as good as I put it within a decrypting function (or encapsulate certain strings with the function while obfuscating). The function for decrypting is still within the blazor web client. I just pass the key used for decryption from the server via initializing data in the blazor app.