-
-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve reversible renamer protection with random password #393
Improve reversible renamer protection with random password #393
Conversation
✅ Build ConfuserEx 843 completed (commit 7c944b2047 by @KvanTTT) |
e9632e3
to
88f4413
Compare
✅ Build ConfuserEx 844 completed (commit 796ec8440b by @KvanTTT) |
I still do not see the added benefit of mixing the seed in there. Requiring both the seed and the password to decrypt the names feels clumsy. Why don't you just use the password itself (or some hash value of it) as seed for the renamer? Changing the behavior of the "seed" also something I'd like to avoid for the 1.x branch. It may break existing projects without the need for it. |
It allows hackers to reuse symbols map extracted from the first version of the software in further versions. It already works for other renaming modes except of With random seed, hacker have to build the map after every obfuscation run (after the next version). It compilated the process and consumes more time (the more time is required to deobfuscate → the more successful obfuscation). Also, I've implemented it in such a way that seed is not required if you don't want to use it: just add Maybe somebody else should express his point about the current seed and reversible renaming implementation. @ElektroKill what do you think about it? |
I love the concept of reversible renaming introducing randomness to protect against hackers who've mapped out previous versions. But not using this seed concept. The seed attribute seems like it would need documentation explaining the difference between not supplying it, supplying it with the value "", or supplying it with a value but then needing to use both the password and the seed to reverse the renaming. If the end result is make the password random, why not have a random password generator? Either use password="myPassword" or generate-password="true" and that writes a generated password (a hash or a GUID or whatever) to a file like your implementation is doing with the generated seed value. Now reversing is straight forward, and the attribute name is self-documenting (except for explaining the password will be output to a file, or to the console) |
Great, your suggestion looks more clear, convenient, and back compatible. I mean just the new option like |
I like @griknok idea. We still got one password that may be used to reverse the renaming but sufficient randomness to get a good rename. Adding a single new parameter to the rename protection isn't a big deal and doesn't break compatibility in any direction. |
Ok, will remake it closer to next weekend. |
88f4413
to
8c8d1ea
Compare
✅ Build ConfuserEx 847 completed (commit 180c2ee598 by @KvanTTT) |
Done. |
I have one question: how to name the new option? |
8c8d1ea
to
de0ac4c
Compare
✅ Build ConfuserEx 849 completed (commit 057a7e7395 by @KvanTTT) |
de0ac4c
to
4aa63d0
Compare
✅ Build ConfuserEx 850 completed (commit 12ab7b938f by @KvanTTT) |
✅ Build ConfuserEx 852 completed (commit 625e9dcbb6 by @KvanTTT) |
I like |
Ok, then it's done, I've fixed your notes. |
I suggest changing the following to log-like appandage for the password file. File.WriteAllText(path, password); to something like the following: File.AppendAllText(path, $"{outputFileTime.ToString("yyyy-MM-dd hh:mm:ss")}\t{outputFileName}\t{outputFileVersion}\t{outputFileSize}\t{password}"); So we can keep passwords for various versions in a single file. If multiple output files are placed into the same folder, it is also possible to distinguish them in the entries. |
Not sure about your suggestion:
|
The way it's working now matches the |
Enhancement and changes (the wiki should be updated):
Outputseed
file is generated in the output directory every obfuscation runseed=""
now is hardcoded seed, not randomFor decoding stack traces withreversible
renaming mode you need bothpassword
andseed
. If you don't want to use randomseed
just addseed=""
(or any other hardcoded value) to.crproj
config.New boolean option
generatePassword
that forces obfuscator to generate and use a new password on every run. The password is saved topassword
file in the output directory. Also, it's being generated ifmode
is reversible andpassword
is not specified.fix #383