1

I have some important strings stored in my program but even if i obfuscate/protect the assembly, people just use ProcessHacker or CheatEngine to scan for strings which really annoys me. Is there any way to prevent that from happening?

aynber
  • 22,380
  • 8
  • 50
  • 63
RageRBoy
  • 37
  • 3
  • @TheGeneral `there are plenty of approaches` can you name one or two im having the same issues I tried encoded and saved in DB not able to stop. checking from the server not able to stop – Avinash Reddy Apr 22 '19 at 06:21
  • The link is more with respect to asp.net core, but provides the general idea: https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.2&tabs=windows – peeyush singh Apr 22 '19 at 06:39
  • How about keeping your strings obfuscated until you need them and then un-obfuscate them on-demand? Ofcourse they could probably use one of those aforementioned tolls to get your key, but they would need to know what encryption is being used as well. – user3583535 Apr 26 '19 at 15:37
  • Searching for cracked versions of Adobe or Microsoft products should give you your answer. If they can't protect their products, what hope do the rest of us have? – Joel Coehoorn Apr 24 '23 at 13:48
  • http://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string/10366194#10366194 – John Alexiou Apr 24 '23 at 15:00

1 Answers1

0

Compile time encryption and just in time decryption. Requires a lot of work. It doesn't need to be REAL encryption, just decent obfuscation is enough to stop this, but the strings have to exist in memory obfuscated and the decrypted string needs to be destroyed after each time it's used.

Some libraries will decrypt at initial runtime but a simple memory dump or debugger will expose all the strings after the process or DLL is loaded.

You need it encrypted at runtime and decrypted only when the strings are needed, there are numerous ways to go about this.

This is a C++ example I like, which is part of a larger project https://github.com/red4000/DHCoD4/blob/master/DHCoD4/hCrypt.h#L53

For C# there are multiple good answers here

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59