Identify if the reversed code is Obfuscated or n I not

Question

I have an access to an old managemnt system for my client and he wants to add more to it. I was able to contact the guy who originally wrote the main DLLs and then I got control and started building around them. But now, I need to extend the original too and I have no option but to reverse engineer.

I tried Reflector Pro and JustDecompile but the obtained source was full of errors. ILSpy works well but still, here is a sample code that I get from ILSpy:

    private static object ParseIntoValue(string stringValue, string targetType)
    {
        if (targetType != null)
        {
            if (<PrivateImplementationDetails>{C6507306-5ECF-4D05-8EE4-BD4D7781AC4E}.$$method0x600080f-1 == null)
            {
                <PrivateImplementationDetails>{C6507306-5ECF-4D05-8EE4-BD4D7781AC4E}.$$method0x600080f-1 = new Dictionary<string, int>(12)
                {
                    ...
                };
            }
            int num;
            if (<PrivateImplementationDetails>{C6507306-5ECF-4D05-8EE4-BD4D7781AC4E}.$$method0x600080f-1.TryGetValue(targetType, out num))
            {
                object result;
                switch (num)
                {

                cases are here...

                default:
                    goto IL_2A6;
                }
                return result;
            }
        }
        IL_2A6:
        return null;
    }

Its pretty clear there is some form of obfuscation applied here. Reversed code from JustDecompile and Reflector Pro was completely useless. With ILSpy, I'm able to compile a few of the projects without any modifications at all.

I need help to identify this obfuscation (if that's the case). The original developer says he didn't obfuscate. I'm not so sure.

Thanks.

Since it's .NET 4.0 it could be lambda expressions. Those are difficult to decompile I've been told. Why not get the sources from the original developer? — Marnix van Valen, Mar 07 '12 at 13:17
The original guy is now on vacations and I doubt he'll be handing over the sources. Before he comes back and says the dog ate his Hard drives, I'm preparing on my own to re-write everything on .Net 4.0 — DoomerDGR8, Mar 07 '12 at 14:02

score 6 · Accepted Answer · answered Mar 07 '12 at 13:25

The PrivateImplementationDetails in the decompiled code could be an auto-implemented property.

If you replace <PrivateImplementationDetails>{C6507306-5ECF-4D05-8EE4-BD4D7781AC4E}.$$method0x600080f-1 with a property the code seems to make sense.

Dictionary<string, int> MyProp { get; set;}

private static object ParseIntoValue(string stringValue, string targetType)
{
    if (targetType != null)
    {
        if (MyProp == null)
        {
           MyProp = new Dictionary<string, int>(12)
            {
                ...
            };
        }
        int num;
        if (MyProp.TryGetValue(targetType, out num))
        {
          ....

Verified this is the output of an auto-implemented property cast as Dictionary when reflected in ILSpy. I wonder why it has so much trouble with Dictionary<,> ... { get; set; } ? — Chris Moschini, Dec 31 '12 at 16:33

Identify if the reversed code is Obfuscated or n I not

1 Answers1