Skip to content
This repository has been archived by the owner on Jan 27, 2019. It is now read-only.

Constants Protection Not Working #369

Closed
alexmurari opened this issue Nov 20, 2015 · 3 comments
Closed

Constants Protection Not Working #369

alexmurari opened this issue Nov 20, 2015 · 3 comments
Labels
question

Comments

@alexmurari
Copy link

Hi,

Consider this code in two different assemblies (the StringTest is an extension method):

Assembly 1 (EXE)

    class Program
    {
        static void Main(string[] args)
        {
            const string test = "Some random text...";
            Console.WriteLine(test.StringTest());
            Console.ReadKey();
        }
    }

Assembly 2 (DLL)

    public static class StringExtensions
    {
        private const string Text = "this is a test";

        public static string StringTest(this string str)
        {
            return str + " - " + Text;
        }
    }

CRPROJ

  <rule pattern="true" inherit="false">
    <protection id="anti ildasm" />
    <protection id="anti tamper" action="remove">
      <argument name="mode" value="normal" />
      <argument name="key" value="dynamic" />
    </protection>
    <protection id="constants">
      <argument name="mode" value="x86" />
      <argument name="decoderCount" value="10" />
      <argument name="cfg" value="true" />
      <argument name="elements" value="SNPI" />
    </protection>
    <protection id="ctrl flow">
      <argument name="predicate" value="x86" />
      <argument name="intensity" value="80" />
      <argument name="depth" value="8" />
      <argument name="junk" value="true" />
    </protection>
    <protection id="anti dump" />
    <protection id="anti debug">
      <argument name="mode" value="antinet" />
    </protection>
    <protection id="invalid metadata" />
    <protection id="ref proxy">
      <argument name="mode" value="strong" />
      <argument name="encoding" value="x86" />
      <argument name="depth" value="8" />
      <argument name="internal" value="true" />
      <argument name="typeErasure" value="false" />
    </protection>
    <protection id="resources" action="remove"/>
    <protection id="rename">
      <argument name="renXaml" value="true" />
    </protection>
  </rule>

Browsing with DnSpy, the string const Text in assembly 2 is untouched. If I change to readonly then it is properly obfuscated. I specified the constant elements to be protected as "SNPI".

Is this an bug or intended? Thanks.
@yck1509
Copy link
Owner

yck1509 commented Nov 20, 2015

Hi,

Yes this is intended. Const string is stored in metadata as literal fields, and their content cannot be encrypted then decrypted at runtime. Readonly string is initialized in CIL code, therefore could be encrypted by constant protection.

@alexmurari
Copy link
Author

Thanks for the explanation. That's right, const literals can't be decrypted/encrypted at runtime.
I think it's better use readonly then...

@RobSiklos
Copy link

@yck1509 Would be good if this information was included in the docs (https://github.com/yck1509/ConfuserEx/wiki/Constants-Protection)

@agendec-com agendec-com mentioned this issue Mar 7, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yck1509 @RobSiklos @alexmurari