Encrypting String Constants with Dotfuscator

Categories
Support Corner

Published on May 25, 2018 by Brent Prox

Reading Time: 2 minutes

Welcome to the Support Corner, where we’ll occasionally talk about topics that we’re seeing while working with our customers. If you’d like to see more like this, please click the Support Corner Category.

In addition to Renaming and Control Flow, String Encryption is an obfuscation transform that can help protect your application. When customers enable String Encryption in Dotfuscator, they are often surprised to see that string constant definitions are still visible in decompiled code. Customers often contact us asking how to encrypt those string constants.

However, those string constants don’t need to be encrypted; they need to be removed entirely. Dotfuscator’s String Encryption feature takes the strings that have been inlined by the .NET compiler and encrypts them. That leaves the constant definitions behind, unused – and they can be removed.Note: Dotfuscator Professional Edition is required in order to use String Encryption and Removal. 

This leads us to Dotfuscator’s Removal feature. If you are using String Encryption, you should also use Removal to remove those string constants. (This is another great example of how layered protection is far more valuable than any individual protection, alone.)

1. Within Dotfuscator, enable Removal by setting Settings > Global Options > Disable Removal to “No”
2. Select the “Remove only literals (const definitions)” option for Removal Kind in Removal > Options
3. Build your app with Dotfuscator
4. Decompile the assembly and verify the string constant definitions have been removed

Note: if you have Library Mode enabled, the public and protected constant definitions will not be removed. Turning on Library Mode for an assembly causes Dotfuscator to treat all visible types and members as entry points, automatically. Entry Points are excluded from Removal.

Please note: this is a basic overview of how to remove string constant definitions from your protected application. In applications with more complexity, there may be additional configurations necessary, such as removal exclusions. For more details, please see the documentation on Dotfuscator’s Removal Editor.

If you have any feedback on this topic, or other topics you would like us to discuss in the Support Corner, please feel free to contact us at support@preemptive.com.