SmartAssembly has an official method of using single-file executables* (EXE) (introduced in .NET Core 3) in order to publish with their obfuscation tool.
We followed this method. The short of it is they use a clever, I won't say 'hack', but rather, 'method' of injecting the obfuscated assembly into the MSBuild / publish process (via the $(ProjectDir)\obj directory). This seems to work in that in generates a single .EXE file which executes as expected.
The issue we are running into is when we examine the resulting single file executable at a binary level, we are finding that it seems to contain copies of dependencies the main assembly references (which were supposed to be merged and obfuscated via SmartAssembly) in unobfuscated form! This outcome defeats the purpose of using an obfuscator.
Has anybody used SmartAssembly in this manner successfully?
UPDATE: There is a sample project here which illustrates this issue (this sample project is built to .netcoreapp3.1, so this is not a .net5.0-specific issue). This sample is a console application with a dependency on a class library. The obfuscation project is set to obfuscate and merge the class library into the console application.
This image shows a portion of a hex dump of the single EXE file which contains a string that's supposed to be obfuscated. In fact, the EXE contains the entire class library verbatim.
Finally, if you build and run the sample, it tries to print the name of an obfuscated type, and an obfuscated string, which comes out as its obfuscated type. Our conclusion at this point is this issue is likely caused by the publish process re-adding the unobfuscated dependencies back to the .EXE file.