I programmed a program in Windows form in C # language and to secure it and not to see the program variables, I have used the following three solutions, but some variables are still observed in memory using the WinHex program.
1.obfuscating with ConfuserEx
2.using SecureString
3.Put the strings in the section of App.config
The related codes are as follows:
Main Code:
SecureString ss1 = ConvertToSecureString(ConfigurationManager.AppSettings["SKB"]);
byte[] SKB = System.Text.Encoding.UTF8.GetBytes(new NetworkCredential("", ss1).Password);
ss1.Dispose();
SKB's value in App.Config:
<appSettings>
<add key="SKB" value="0164Kfm*" />
</appSettings>
ConvertToSecureString() Function:
public SecureString ConvertToSecureString(string password)
{
if (password == null)
throw new ArgumentNullException("psw");
var securePassword = new SecureString();
Array.ForEach(password.ToCharArray(), securePassword.AppendChar);
securePassword.MakeReadOnly();
return securePassword;
}
The value of SKB is visible in memory by using WinHex:
How can I delete variables value in memory?
