DEV Community

Cover image for How to encrypt Strings in .NET code obfuscation?
Skater
Skater

Posted on

How to encrypt Strings in .NET code obfuscation?

The string encryption function enables the encryption of literal string data type values. You can choose to encrypt all strings or mark certain strings for obfuscation. Additionally, you have the option to select a cryptographic method for encrypting the strings. Only the strings specified will be encrypted or obfuscated.

Discussing the Skater .NET Obfuscator, it's evident that strings can offer significant hints to anyone attempting to reverse-engineer code, so safeguarding string data is crucial. While it won't stop a determined hacker from decoding the strings and accessing the data, it can hinder an attacker's efforts to crack a licensing routine, who would typically search for strings related to licensing to find the relevant code section. Skater enhances security by encrypting the strings within your .NET assembly, incorporating a decryption routine that executes at runtime to restore the original strings.

Strings Protection Special Features

  1. Strings are crucial components of code, and it is logical to create them in native code. Skater produces a C++ DLL that contains the protected strings. This new option secures algorithms by encoding strings in native code and storing them in a separate machine-code DLL. Although native code can be reverse-engineered, it is a challenging task, and the strings are encrypted within the DLL. Choosing the "Strings Stored in Separate DLL (recommended)" option, Skater will generate a C++ DLL to house the protected strings. This DLL will be placed in the same directory as your output assembly path. You must then define the name of the Separate DLL file, which defaults to 'appExtension'. It is essential to include the Separate Strings DLL in your product distribution package and install it alongside your final assembly; otherwise, your .NET assembly will not function. This method ensures that decompilers cannot view or decode the string objects in the output assembly, rendering the string values completely invisible.
  2. The Skater .NET Obfuscator utilizes virtual cloud storage to safeguard essential parts of the source code. It secures your algorithms by encrypting strings and storing them in a Cloud Vault, all while maintaining the .NET user interface. Skater extracts string values, encrypts them, and then uploads them to a virtual vault. This method is secure against reverse engineering because it's housed on a protected web host. Additionally, strings are encrypted for protection in the Cloud Vault. To observe this, re-obfuscate the ConsoleApplication1.exe executable using Skater .NET Obfuscator. Open the exe file with Skater Obfuscator, and this time, navigate to the Strings tab and choose 'Strings Stored in protected virtual Cloud Vault' as the 'Strings Store Location'.

Image description

The **Strings **tab-page is divided into two sections. Using this page, you can navigate through the String values in the assembly structure and select or deselect them for the obfuscation process. The right section allows you to modify specific settings, while the left section presents the structure of your assembly, enabling you to alter the appearance of the panes. The left section offers a hierarchical view of your assembly's structure in a tree-like format. This tree is considered an object containing multiple objects, such as assembly classes, methods, fields, etc. By selecting a particular String value, it will be encrypted. In the right pane, toggling the checkboxes will select or deselect groups of String values for inclusion in the obfuscation process.

The "Do not obfuscate Strings with length less than" field allows you to exclude strings from the encryption process based on their length. For example, if you enter '3', a string like 'ab' will not be encrypted, even if selected. However, a string of length '3' or more, such as 'abc', will be encrypted.

For encrypting your String values, you can apply a cryptographic algorithm and must provide a password for the encryption. This password will be encrypted and stored within your obfuscated assembly. Alternatively, you can choose to store the password in a separate file outside the assembly. This file must be placed in the same directory as your deployed assembly.

Skater allows you to adjust the size of two panes using a special center splitter. As you hover the mouse pointer over the central vertical edge, the cursor changes to show that both panes are resizable. By clicking once on the plus or minus icon adjacent to a member node in the left pane's tree, you can expand or collapse that member node. The absence of plus or minus icons next to a node indicates that the member node does not contain any objects beyond that level. A brief description of the selected member is displayed in the Status bar.

Top comments (1)

Collapse
 
moopet profile image
Ben Sinclair

Can you give a use case for wanting to obfuscate strings in code? The only thing you talk about is someone trying to get around a "licensing routine" and to do that, all you need is a debugger (ok, and maybe a network proxy).