C
C#2w ago
(Ghost)™

Hiding Encryption key from RE

Hi, I made an application in C#, most of the strings are encrypted with AES and are in C++ DLL. The C# app in simple depends on C++ Dlls I have also placed the AES Secret Key C++ DLL. I am doing this to give atleast a little hard Time to RE. What you people think, any opinions?
15 Replies
Buddy
Buddy2w ago
What exactly are you trying to achieve? And what is so important that you want to encrypt things?
(Ghost)™
(Ghost)™2w ago
Protecting some strings values. Yes
Buddy
Buddy2w ago
What is it for? And it isn't really protecting anything. Anyone can read it from RAM, let alone attach a debugger and read it when it is decrypted.
(Ghost)™
(Ghost)™2w ago
Just giving a hard time to RE. When he try decompiling 1. Decompile Winrar Sfx Get 50+ Dlls 2. Decompile Enigma Protector 3. Getting actual strings
Buddy
Buddy2w ago
Are you making a cheat or something? Why go to such an extent? As pointed out earlier:
https://discord.com/channels/143867839282020352/1255915053736005643/1255923821706346610
MODiX
MODiX2w ago
Buddy
And it isn't really protecting anything. Anyone can read it from RAM, let alone attach a debugger and read it when it is decrypted.
Quoted by
<@203166497198047232> from #Hiding Encryption key from RE (click here)
React with ❌ to remove this embed.
Buddy
Buddy2w ago
one can easily just use x64dbg and read the value
(Ghost)™
(Ghost)™2w ago
No cheats Protecting my app
Buddy
Buddy2w ago
What is there to protect? Don't expose the code to the client. Simple as that
(Ghost)™
(Ghost)™2w ago
Strings values
Buddy
Buddy2w ago
You should never store API keys internally within the app
(Ghost)™
(Ghost)™2w ago
Got It.
Buddy
Buddy2w ago
a web server is required As I mentioned previously. Nothing is safe if it is at the hand of the client. If you remove that part, your app is safe as the only way to access the internals of the app is to hack into your web server. Your current solution is security by obscurity which is a BAD idea and should never be done.
(Ghost)™
(Ghost)™2w ago
I need to study web server implementations.
Buddy
Buddy2w ago
Imagine if you had a database and you accessed the database straight from the app. Anyone with the ability to reverse engineer the app can access your database. And even if you encrypt the credentials within the app, it can still be accessed from RAM when it is used / decrypted at runtime.
Want results from more Discord servers?
Add your server
More Posts
what URL should Kestrel listen to in a docker container on Azure App ServiceI have an ASP.NET Core in a docker container that will be hosted on Azure App Service. What URL shouASP.Net WebForm application is becoming slower after precompiling it in AzureHello everyone, Recently we deployed a precompiled ASP.Net Webform application in Azure App ServiceNeed help with video processingI wanna display a video in opentk. Anyone know how to do that?Help with coding a JSON file-based framework for extending features in a Unity modIn my current project I want other modders to be able to add their own features via JSON files in a Making my functions more genericright now i have several functions that do essentially the same thing, the only difference being theHow to update app automatically ?I don't understand how to use "ClickOnce" or another method to update my c# winform app pls give me✅ The value '(image path)' is not valid for Image.Hey guys i'm new to Web development in general So basically i made an input for image file for a p✅ NullReferenceException for a array of bytes (image)hey everybody i'm new to ASP.NET i was doing a small ecommerce project and i want to add a default ✅ How do I get rid of 'System.ArgumentOutOfRangeException'here the 'l'astname' substring doesnt come as output because of this exception can someone help What is the correct way to bind a view model to a view?Hey all, new to c# and MVVM. I'm creating a small android app but keep running into issues when tryi