none
obfuscate/hide string variable values in VB .NET exe application

    Question

  • Guys,
    I created a VB .NET exe application. When I use IL DASM, it shows the values of all the string variables in the code. These variable contains values that I would like to hide.
    Can you please tell the best way to obfuscate/hide these string variable values?

    Thank you
    Manish
    Wednesday, November 11, 2009 2:05 AM

Answers

  • It depends on how many of these strings you have and how secure they need to be. A simple solution is to build the strings in code from an array of integers representing the ASCII values of the string characters.  You can also build the strings in code using some simple encryption, such as XOR with an innocuous-looking key string, but the best solution is to use the encode/decode functions provided in .Net - create the strings as an encoded resource and retrieve and decode them as required. 
    • Proposed as answer by Jeff Shan Monday, November 16, 2009 8:25 AM
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Wednesday, November 11, 2009 2:49 AM
  • In addition to Acamar, be aware that this makes only sense with data that has to be encrypted, it makes no sense for screen titles and stuff like that.

    However, if it is really that important, then I would beside the encryption also use the obfuscator which is a standard feature of the newest Visual Studio Net full versions (and there are even better once).


    Success
    Cor
    • Proposed as answer by Jeff Shan Monday, November 16, 2009 8:25 AM
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Wednesday, November 11, 2009 7:15 AM
  • Hi ManishPo,

    Here is an article about how to encrypt and decrypt a file using the cryptography classes that are provided by the Microsoft .NET Framework you can look into
    http://support.microsoft.com/kb/301070

    Hope this helps

    Regards
    Jeff Shan
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Monday, November 16, 2009 8:25 AM

All replies

  • It depends on how many of these strings you have and how secure they need to be. A simple solution is to build the strings in code from an array of integers representing the ASCII values of the string characters.  You can also build the strings in code using some simple encryption, such as XOR with an innocuous-looking key string, but the best solution is to use the encode/decode functions provided in .Net - create the strings as an encoded resource and retrieve and decode them as required. 
    • Proposed as answer by Jeff Shan Monday, November 16, 2009 8:25 AM
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Wednesday, November 11, 2009 2:49 AM
  • In addition to Acamar, be aware that this makes only sense with data that has to be encrypted, it makes no sense for screen titles and stuff like that.

    However, if it is really that important, then I would beside the encryption also use the obfuscator which is a standard feature of the newest Visual Studio Net full versions (and there are even better once).


    Success
    Cor
    • Proposed as answer by Jeff Shan Monday, November 16, 2009 8:25 AM
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Wednesday, November 11, 2009 7:15 AM
  • Thank you Acamar and Cor.

    I am going through the documentation for dotfuscator to get familiar on how to encrypt the strings.
    If you have know of a code snippet for encode/decode or encryption, could you please point me to it.

    Thank you once again.
    Manish
    Wednesday, November 11, 2009 11:36 PM
  • Hi ManishPo,

    Here is an article about how to encrypt and decrypt a file using the cryptography classes that are provided by the Microsoft .NET Framework you can look into
    http://support.microsoft.com/kb/301070

    Hope this helps

    Regards
    Jeff Shan
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by Jeff Shan Tuesday, November 17, 2009 10:06 AM
    Monday, November 16, 2009 8:25 AM
  • Thank you Jeff.
    Tuesday, November 17, 2009 4:56 AM