英文:
How to hide an embedded resource file from being shown in dotPeek or any other decompiler
问题
我有一个带有密码的文件,我需要以某种方式隐藏它。是否有办法隐藏嵌入的资源,使反编译工具无法访问?如果没有,如何最佳实践地隐藏文件以防止被反编译?简单的加密是不够的,因为文件仍然可以被反编译,即使内容已加密。
英文:
I have a file with a password that I need to somehow hide. Is there a way to hide an embedded resource from a decompiler? If there isn't, what is the best practice to hide files from being decompiled? Simple encryption is not enough, since the file can still be decompiled, even if the content is encrypted.
答案1
得分: 1
不建议将密码存储在资源文件中。但如果您坚持要保存,除了使用一些昂贵的反编译软件,还可以采取以下方法,但这只会增加反编译的难度。
在文献中,常用的防止反编译的方法有:强签名 + 混淆 + 加密。
1. 强签名
强命名程序集可以确保您的程序集是唯一的,不能被篡改、欺诈使用等;即使程序集具有相同的名称,它们也会具有不同的签名。这也非常简单实现。
注意:未签名的主程序可以引用已签名或未签名的程序集;已签名的主程序不能引用未签名的程序集。
2. 混淆
混淆是对编译生成的MSIL中间代码进行混淆。最简单的混淆是名称混淆,即用特殊符号或其他符号替换命名空间名称、类名、方法名、字段名等。其目的是使人们看到后感到迷糊,但不改变程序执行逻辑。
可以使用Dotfuscator进行混淆的方法。
我们还可以选择其他标记来加密字符串,添加水印等。我在这里使用了另一种加密方法,所以不选择进行操作。
3. 加密
继续加密混淆后的文件以进一步保护文件。
可以使用MaxtoCode。
打开软件后,您会发现它非常简单,只需添加文件,然后点击执行加密。其他选项如:加密字符串、强命名等都很简单。
加密后的文件比以前大了一倍。在使用Reflector.exe反编译后,发现文件更加彻底地加密,因为主函数的内容被隐藏了。
英文:
It is not recommended that you store passwords in resource files. But if you insist on saving, in addition to using some expensive anti-decompilation software, you can also take the following methods, but it only increases the difficulty of decompilation.
Throughout the literature, commonly used methods to prevent decompilation: strong signature + obfuscation + encryption.
1. Strong signature
Strongly named assembly can ensure that your assembly is unique, not tampered with, fraudulently used, etc.; even assemblies with the same name will have different signatures. It is also very simple to implement.
NOTE: An unsigned main program can reference signed or unsigned assemblies; a signed main program cannot reference unsigned assemblies.
2. Obfuscation
Obfuscation is to obfuscate the MSIL intermediate code generated by compilation. The simplest obfuscation is name obfuscation, which is to replace namespace names, class names, method names, field names, etc. with special symbols or other symbols. The purpose is to make People are dizzy until they see it, but it does not change the program execution logic.
Methods that can be obfuscated using Dotfuscator.
We can also choose other tags to encrypt strings, add watermarks, etc. I use another method for encryption here, so I don’t choose to operate.
3. Encryption
Continue to encrypt the obfuscated files to further protect the files.
MaxtoCode can be used.
After opening the software, you can see that it is very simple, after adding the file, just click to execute the encryption. Other options like: encrypted strings, strong names, etc. are simple.
The encrypted file is twice as large as before. After decompiling with Reflector.exe, it is found that the file is encrypted more thoroughly, because the content of the main function is hidden.
答案2
得分: -2
首先,在源代码中保存密码是一个坏主意,因为它们可以被静态反编译,所以要小心。
要加密嵌入式资源,您可以使用混淆器,比如ConfuserEx。
英文:
It first of all is a bad idea to keep passwords in your source code, as they can be statically decompiled, so watch out about that.
To encrypt your embedded resources, you can use an obfuscator, such as ConfuserEx.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论