473,226 Members | 1,319 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,226 software developers and data experts.

hide my code

My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Jun 29 '08 #1
8 1861
Look for and buy software that will obfuscate the code. The word "obfuscate"
is the search term
"Elliot" <el************@hotmail.co.ukwrote in message
news:CB**********************************@microsof t.com...
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
Jun 29 '08 #2
Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
I think you need to redefine the problem.

You can try encrypting the strings and heavily obfuscate
the decrypting code. But then the black host just sniff the
network when you app accessed the URL's.

You need another design.

Arne
Jun 29 '08 #3
On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
Jun 29 '08 #4
That's good.
Use obfuscator may be easier for me, a beginner.
"Ken Foskey" <fo****@optushome.com.auwrote in message
news:48********@dnews.tpgi.com.au...
On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
>My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
Jun 30 '08 #5
On Tue, 1 Jul 2008 03:56:47 +0800, "Elliot"
<el************@hotmail.co.ukwrote:
>That's good.
Use obfuscator may be easier for me, a beginner.
"Ken Foskey" <fo****@optushome.com.auwrote in message
news:48********@dnews.tpgi.com.au...
>On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
>>My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
An obfuscator may well obfuscate your variable names, it may not
obfuscate your URLs. It is possible that you will have to obfuscate
the URLs yourself and just obfuscate the decoding function.

Any hardcoded string in the source code will be visible to anyone who
wants to look at it. The general way round the problem is not to put
the actual URL string into the source code, but to put a different
string (or array of char, array of byte etc.) which can be
programatically transformed to give the correct URL.

How you want to do this will depend on how secure you want things to
be. Your main decision is if the transformation of the non-URL into
the URL is transparent to the user or if the user needs to enter some
secret password to allow the transformation to proceed. THe method
you pick should be determined by who you are trying to protect
against: your Aunt Edna, someone with as many resources as yourself,
Nasty Megacorp Inc with a few hundred thousand dollars to spend or a
three letter government agency with millions.

The simplest option is something like Base64: you can either have a
text of "elephant" with the text in your source of "ZWxlcGhhbnQ=", or
the other way round. Various hash functions, or the unix crypt()
function could be substituted for Base64, depending on what is
available, though these will only work one way round, not both ways
like Base64. All of these methods are vulnerable to someone who can
disassemble the executable file. Aunt Edna only.

Base64 and hash functions do not take a key. The next level of
security involves using a keyed cypher. If you want this to be
transparent to the user then the key needs to be kept somewhere. If
the key is hard coded into the executable then the key is vulnerable
to disassembling the executable. If kept in a separate file, then
again it will be possible to discover the filename from the executable
and lead the attacker to the file containing the key. Delivering the
key over the internet is vulnerable to network sniffing. Probably
anything short of Nasty Megacorp Inc.

The securest way is for the user to enter the key when the password
transformation is required.

This is a pseudocode example of the middle option, in this case a
password encrypted with a key held on a separate file:
string codedPassword <- "elephant";

string keyFileName <- "keyfile.txt";

function DecodePassword(string cyphertext) : returns string
byte[] key <- ReadKeyFrom(keyFileName);
string plaintext;
int i <- 0;
foreach char c in cyphertext do
plaintext[i] <- c XOR key[i];
i <- i + 1;
end foreach
return plaintext;
end function
If the key file reads:

0x16, 0x1D, 0x10, 0x19, 0x1A, 0x13, 0x0B, 0x18

then the real password is not "elephant", but a different animal
altogether. This example uses a simple XOR encryption. I
deliberately made the coded password look like a real word as an added
level of misdirection. The real password does not appear anywhere in
the program file.
rossum
Jun 30 '08 #6
Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose'
my codes almost completely. Any suggestion to 'hide' those URLs?
Just thinking out loud here....

If your app is actually connecting to these urls, then really speaking
if anyone really wants to discover where you are connecting to they
can, its not even a particulary difficult task and you don't need to be
reflecting over your code to do it, any network sniffer will do.

If the urls really and truely are secret, then don't connect your app
to them, develop and use a Web Service (with security) that can have a
public address, and then use that to connect to the urls and pass
though / back your data via it.

Regards Tim.

--

Jul 1 '08 #7
Elliot wrote:
That's good.
Use obfuscator may be easier for me, a beginner.
An obfuscator won't do what you want, it will obfuscate the code, but
not your url strings inside your code. (well not the ones I have used
anyway)

Regards Tim.

--

Jul 1 '08 #8

"Tim Jarvis" <ti*@jarvis.com.auwrote in message
news:uX**************@TK2MSFTNGP02.phx.gbl...
Elliot wrote:
>That's good.
Use obfuscator may be easier for me, a beginner.

An obfuscator won't do what you want, it will obfuscate the code, but
not your url strings inside your code. (well not the ones I have used
anyway)

Regards Tim.

--
Some obfuscators encrypt strings as part of their obfuscation features.
The pro version of the one that comes with VS2005 does that.
Jul 1 '08 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: MOHSEN KASHANI | last post by:
Hi, I am trying to hide some form elements in a form by default and show/hide depending on which radio button is clicked. This is what I have but it is not working: <head> <style> ..noshow {...
7
by: FP | last post by:
I'm new to Java Script. I'm displaying comments people have made. Below each persons' comment I want to add 2 buttons "Reply" and "Amend". Clicking "Reply" would display an empty text field...
1
by: asilverpeach | last post by:
Hey Guys! Found some great scripts here on this topic but have to make to changes to the code that I can't seem to figure out. First, In the following code clicking on the headers shows the...
1
by: pamate | last post by:
hi, I want to show hide layers. I am able to show and hide layers but i am facing problem that, cant view the cursor in Mozilla,but i can type in input text box, its overlapping the layers. ...
10
by: sara | last post by:
Hi - Is it possible to hide the detail section of a report at run time? I have a report that prints all details, with summary lines. The user would like the report ALSO with just summary lines....
18
by: Liquidtouch | last post by:
I have been searching on this for awhile and cant find anything and playing around with it got me no where. I will start with what I am after and then explain what I have. I have a table with 3...
18
by: ryrocks | last post by:
Hi, Im making a 'contact us' page. The user click on the div, this then reveals another larger div displaying more information giving the effect of the box expanding or dropping down. I have 3...
6
by: Ralph | last post by:
Hi, I was reading effictive C++ and some other books again and they all tell you about hiding implementation details (proxy/pimpl/inheritance) but they never really explain when to use it. I...
6
by: Doogie | last post by:
Hi I have an img control I am trying to hide upon certain types of commands in my code behind. When to hide it is directly tied to a asp:dropdownlist control. So depending on what the user...
0
Debadatta Mishra
by: Debadatta Mishra | last post by:
Introduction In this article I will provide you an approach to manipulate an image file. This article gives you an insight into some tricks in java so that you can conceal sensitive information...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.