A Quick Reminder on .NET 10.0

The core idea behind .NET 10.0 is to compile a Windows Forms application and then run it on any system—not just Windows. This cross-platform capability marks a significant shift from earlier .NET versions.

In practice, a .NET 10 application is actually a DLL library. Like any other .NET framework code, its source code is compiled into CIL (Common Intermediate Language) / MSIL (Microsoft Intermediate Language). The resulting .NET 10 DLL assembly contains code that the Common Language Runtime (CLR) executes. Importantly, this compiled code can be disassembled, meaning it can be read, analyzed, or "hacked" by anyone with the right tools. That's precisely why we still need to protect such .NET assemblies through obfuscation.

Opaquer's Support for .NET 10 Projects

Opaquer fully supports .NET 10 projects where the publish output is a DLL file specifically, Framework-dependent deployments. However, when the publish output is an EXE file that calls a .NET 10.0 DLL (i.e., Self-contained deployment), the final DLL must also be obfuscated. In fact, both deployment types require protection for the core DLL.

Let's break down the two types of .NET 10.0 applications you can build:

1. Framework-dependent Deployment (FDD)

As the name suggests, FDD relies on the presence of a shared, system-wide version of .NET 10 on the target machine. Since .NET 10 is already installed, your app becomes portable across different installations of .NET 10. Your application contains only its own code plus any third-party dependencies that fall outside the .NET 10.0 libraries. FDDs produce `.dll` files, which can be launched from the command line using the `dotnet` utility. For example, running `dotnet app.dll` would execute an application named `app`.

2. Self-contained Deployment (SCD)

Unlike FDD, an SCD does not depend on any pre-installed shared components on the target system. Everything needed both the .NET 10 libraries and the .NET 10 runtime is bundled with the application and isolated from other .NET 10 apps. SCDs produce an executable file (e.g., `app.exe` on Windows platforms for an application named `app`), which is essentially a renamed version of the platform-specific .NET 10 host, along with a `.dll` file (e.g., `app.dll`) that contains the actual application logic.

Important Note on Windows Forms Development

Windows Forms app development in .NET 10 follows the Self-contained Deployment (SCD) concept. This means that even though an EXE is generated, the real intellectual property lies within the accompanying DLL, which remains vulnerable to reverse engineering. Therefore, obfuscating that DLL is not just recommended, it's essential for protecting your application's core logic.

Extension: Why This Matters for Developers

Given that SCDs bundle the runtime and dependencies, they are convenient for end users but expose more surface area for potential attackers. Opaquer steps in by obfuscating the critical DLL, ensuring that even if someone gains access to the deployed files, understanding or modifying your proprietary code becomes significantly harder. Whether you choose FDD for smaller footprints or SCD for standalone distribution, protecting your .NET assemblies should always be part of your build pipeline. Let me know if you'd like this formatted for a blog post, documentation, or a technical slide deck.

Read instructions how Opaquer secures .NET 10 source codes