By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,671 Members | 1,393 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,671 IT Pros & Developers. It's quick & easy.

hide my code

P: n/a
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Jun 29 '08 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Look for and buy software that will obfuscate the code. The word "obfuscate"
is the search term
"Elliot" <el************@hotmail.co.ukwrote in message
news:CB**********************************@microsof t.com...
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
Jun 29 '08 #2

P: n/a
Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
I think you need to redefine the problem.

You can try encrypting the strings and heavily obfuscate
the decrypting code. But then the black host just sniff the
network when you app accessed the URL's.

You need another design.

Arne
Jun 29 '08 #3

P: n/a
On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?
Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
Jun 29 '08 #4

P: n/a
That's good.
Use obfuscator may be easier for me, a beginner.
"Ken Foskey" <fo****@optushome.com.auwrote in message
news:48********@dnews.tpgi.com.au...
On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
>My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
Jun 30 '08 #5

P: n/a
On Tue, 1 Jul 2008 03:56:47 +0800, "Elliot"
<el************@hotmail.co.ukwrote:
>That's good.
Use obfuscator may be easier for me, a beginner.
"Ken Foskey" <fo****@optushome.com.auwrote in message
news:48********@dnews.tpgi.com.au...
>On Sun, 29 Jun 2008 22:40:57 +0800, Elliot wrote:
>>My codes contain several URLs which are supposed to be not disclosed. As
some programs such as Luxx Roxxxx's .NET Reflector can 'disclose' my
codes almost completely.
Any suggestion to 'hide' those URLs?

Use gnupg to encrypt the file and then decrypt at runtime and load into a
memory table.

Other comments apply, there are plenty of ways to find the info other
ways.

Ken
An obfuscator may well obfuscate your variable names, it may not
obfuscate your URLs. It is possible that you will have to obfuscate
the URLs yourself and just obfuscate the decoding function.

Any hardcoded string in the source code will be visible to anyone who
wants to look at it. The general way round the problem is not to put
the actual URL string into the source code, but to put a different
string (or array of char, array of byte etc.) which can be
programatically transformed to give the correct URL.

How you want to do this will depend on how secure you want things to
be. Your main decision is if the transformation of the non-URL into
the URL is transparent to the user or if the user needs to enter some
secret password to allow the transformation to proceed. THe method
you pick should be determined by who you are trying to protect
against: your Aunt Edna, someone with as many resources as yourself,
Nasty Megacorp Inc with a few hundred thousand dollars to spend or a
three letter government agency with millions.

The simplest option is something like Base64: you can either have a
text of "elephant" with the text in your source of "ZWxlcGhhbnQ=", or
the other way round. Various hash functions, or the unix crypt()
function could be substituted for Base64, depending on what is
available, though these will only work one way round, not both ways
like Base64. All of these methods are vulnerable to someone who can
disassemble the executable file. Aunt Edna only.

Base64 and hash functions do not take a key. The next level of
security involves using a keyed cypher. If you want this to be
transparent to the user then the key needs to be kept somewhere. If
the key is hard coded into the executable then the key is vulnerable
to disassembling the executable. If kept in a separate file, then
again it will be possible to discover the filename from the executable
and lead the attacker to the file containing the key. Delivering the
key over the internet is vulnerable to network sniffing. Probably
anything short of Nasty Megacorp Inc.

The securest way is for the user to enter the key when the password
transformation is required.

This is a pseudocode example of the middle option, in this case a
password encrypted with a key held on a separate file:
string codedPassword <- "elephant";

string keyFileName <- "keyfile.txt";

function DecodePassword(string cyphertext) : returns string
byte[] key <- ReadKeyFrom(keyFileName);
string plaintext;
int i <- 0;
foreach char c in cyphertext do
plaintext[i] <- c XOR key[i];
i <- i + 1;
end foreach
return plaintext;
end function
If the key file reads:

0x16, 0x1D, 0x10, 0x19, 0x1A, 0x13, 0x0B, 0x18

then the real password is not "elephant", but a different animal
altogether. This example uses a simple XOR encryption. I
deliberately made the coded password look like a real word as an added
level of misdirection. The real password does not appear anywhere in
the program file.
rossum
Jun 30 '08 #6

P: n/a
Elliot wrote:
My codes contain several URLs which are supposed to be not disclosed.
As some programs such as Luxx Roxxxx's .NET Reflector can 'disclose'
my codes almost completely. Any suggestion to 'hide' those URLs?
Just thinking out loud here....

If your app is actually connecting to these urls, then really speaking
if anyone really wants to discover where you are connecting to they
can, its not even a particulary difficult task and you don't need to be
reflecting over your code to do it, any network sniffer will do.

If the urls really and truely are secret, then don't connect your app
to them, develop and use a Web Service (with security) that can have a
public address, and then use that to connect to the urls and pass
though / back your data via it.

Regards Tim.

--

Jul 1 '08 #7

P: n/a
Elliot wrote:
That's good.
Use obfuscator may be easier for me, a beginner.
An obfuscator won't do what you want, it will obfuscate the code, but
not your url strings inside your code. (well not the ones I have used
anyway)

Regards Tim.

--

Jul 1 '08 #8

P: n/a

"Tim Jarvis" <ti*@jarvis.com.auwrote in message
news:uX**************@TK2MSFTNGP02.phx.gbl...
Elliot wrote:
>That's good.
Use obfuscator may be easier for me, a beginner.

An obfuscator won't do what you want, it will obfuscate the code, but
not your url strings inside your code. (well not the ones I have used
anyway)

Regards Tim.

--
Some obfuscators encrypt strings as part of their obfuscation features.
The pro version of the one that comes with VS2005 does that.
Jul 1 '08 #9

This discussion thread is closed

Replies have been disabled for this discussion.