# Control Flow

### :fast\_forward:Performance: Medium           :closed\_lock\_with\_key:Potency: High            :brain:Resilience: High

## Understanding the protection

Control flow obfuscation is a technique used to make the control flow of a program difficult to understand and reverse engineer.&#x20;

This is achieved by transforming the original code in such a way that the control flow becomes harder to follow, while preserving the functionality of the program.

There are several reasons why control flow obfuscation is a good idea for C# or .NET applications. First, it can help protect the intellectual property of the code, making it more difficult for others to understand and potentially steal. Second, it can make it harder for attackers to reverse engineer the code and find vulnerabilities to exploit. Third, it can make it more difficult for malicious actors to create functional copies of the application.

#### Before Obfuscation:

```csharp
        public static void Main(string[] args) {
          int i, sum = 0, n;
          Console.Write("Enter the Nth Number : ");
          n = int.Parse(Console.ReadLine());
          for (i = 0; i <= n; i++) {
            sum = sum + i;
          }
          Console.WriteLine("\nSum of N Numbers : " + sum);
          Console.ReadLine();
        }
```

#### After Obfuscation:

```csharp
		public void InterfaceMethod(float b)
		{
			int num = -1961952481;
			int num2 = -1574439195;
			int num3 = 553806077;
			int num4 = 1668559803;
			for (;;)
			{
				if (~(((-87 / num4 & (int)-3.0786116f) ^ (int)5.293522f) < ((num4 + -95 | num4) & (int)8.033648f)) & (~(8.9628105f + (float)num4 + (float)num4 - (float)num4 < (float)(16 % num4 & num4 & (int)6.241485f)) & ~((num4 - num4 ^ num4) - (int)9.832379f < (64 * num4 + 61 ^ 86))))
				{
					Console.WriteLine("\nSum of N Numbers : " + sum);
					num4 = (int)((-11.802868f - (float)num4) % (float)num / (float)37 + (float)767841124);
				}
				else
				{
					if (-1460763283 == num4)
					{
						break;
					}
					if (~((num4 / (int)-8.1555f ^ num4 ^ -83) > (num4 - -11 & -10) - 28) | (~((num4 - 36 | (int)-4.076834f) * 29 > (num4 / (int)-4.492111f * 73 ^ num4)) | ((12.411447f ^ (float)num4) | (float)num4) - 11.7112875f > (float)((96 + num4 ^ (int)-7.2460685f) * 16)))
					{
						num4 = ((50 % num3 ^ -24) >> num4) + 1792755332;
					}
					else if (~((-97 | num4 | num4) + -15 < ((58 / num4 ^ num4) | num4)) | (~((-26 << num4) - num4 + (int)7.8907924f < (int)((-12.561203f % (float)num4 | (float)32) * (float)45)) & (num4 - (int)-8.214035f + num4 & -84) == (num4 % num4 + num4 | num4)))
					{
						num4 = (int)((5.822695f % (float)num ^ (float)92) - (float)num2 + (float)113675818);
					}
				}
				if (1474886602 == num4)
				{
					return;
				}
			}
		}
```

## Tuning the protection for best performance

By default, the Control Flow Obfuscation that we provide has little to no impact on performance, the reason is, the challenges and arithmetic's added on the default settings are easily solved by the JIT Compiler.  These settings, however, also reduce the complexity of obfuscation.

If you want to trade performance for security, you can do so by using the parameters present in the protection.

### Mangling Complexity &#x20;

Mangling complexity measures how many times, the pathing of your application is obscured. This means that the control flow of your application is obfuscated multiple times, ensuring the most [resilience](/.net-code-obfuscation/getting-started.md#quick-start) against automatic tools (deobfuscators).

{% hint style="danger" %}
Using a number higher than 3 can worsen the performance exponentially. If you want to safeguard your code to the maximum, check [Virtualization](broken://pages/-MT7X6Y6qXT3U-3Ln7Z-).
{% endhint %}

### Expression Density

Expression density sets how complex the generated arithmetic expressions are. You can change this setting if you want to enhance the[ potency](/.net-code-obfuscation/getting-started.md#quick-start) of the method and generate an uglier code when your application is decompiled.

### Opaque Density

Expression density sets how complex the logical expressions are. You can change this setting if you want to enhance the[ potency](/.net-code-obfuscation/getting-started.md#quick-start) and [resilience](/.net-code-obfuscation/getting-started.md#quick-start) of the method and generate an uglier code when your application is decompiled.

### Enhanced Mode

The enhanced mode enables a set of techniques that obscure the pathing of the obfuscated app. This is done by adding a new layer of encryption that protects the opaques and expressions present in the application.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cyphor.net/.net-code-obfuscation/code-obfuscation/control-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.