I have a file with a password that I need to somehow hide. Is there a way to hide an embedded resource from a decompiler? If there isn't, what is the best practice to hide files from being decompiled? Simple encryption is not enough, since the file can still be decompiled, even if the content is encrypted.
It is not recommended that you store passwords in resource files. But if you insist on saving, in addition to using some expensive anti-decompilation software, you can also take the following methods, but it only increases the difficulty of decompilation.
Throughout the literature, commonly used methods to prevent decompilation: strong signature + obfuscation + encryption.
1. Strong signature
Strongly named assembly can ensure that your assembly is unique, not tampered with, fraudulently used, etc.; even assemblies with the same name will have different signatures. It is also very simple to implement.
NOTE: An unsigned main program can reference signed or unsigned assemblies; a signed main program cannot reference unsigned assemblies.
2. Obfuscation
Obfuscation is to obfuscate the MSIL intermediate code generated by compilation. The simplest obfuscation is name obfuscation, which is to replace namespace names, class names, method names, field names, etc. with special symbols or other symbols. The purpose is to make People are dizzy until they see it, but it does not change the program execution logic.
Methods that can be obfuscated using Dotfuscator. We can also choose other tags to encrypt strings, add watermarks, etc. I use another method for encryption here, so I don’t choose to operate.
3. Encryption
Continue to encrypt the obfuscated files to further protect the files. MaxtoCode can be used. After opening the software, you can see that it is very simple, after adding the file, just click to execute the encryption. Other options like: encrypted strings, strong names, etc. are simple. The encrypted file is twice as large as before. After decompiling with Reflector.exe, it is found that the file is encrypted more thoroughly, because the content of the main function is hidden.