C
C#6mo ago
(Ghost)™

Hiding Encryption key from RE

Hi, I made an application in C#, most of the strings are encrypted with AES and are in C++ DLL. The C# app in simple depends on C++ Dlls I have also placed the AES Secret Key C++ DLL. I am doing this to give atleast a little hard Time to RE. What you people think, any opinions?
15 Replies
Buddy
Buddy6mo ago
What exactly are you trying to achieve? And what is so important that you want to encrypt things?
(Ghost)™
(Ghost)™OP6mo ago
Protecting some strings values. Yes
Buddy
Buddy6mo ago
What is it for? And it isn't really protecting anything. Anyone can read it from RAM, let alone attach a debugger and read it when it is decrypted.
(Ghost)™
(Ghost)™OP6mo ago
Just giving a hard time to RE. When he try decompiling 1. Decompile Winrar Sfx Get 50+ Dlls 2. Decompile Enigma Protector 3. Getting actual strings
Buddy
Buddy6mo ago
Are you making a cheat or something? Why go to such an extent? As pointed out earlier:
https://discord.com/channels/143867839282020352/1255915053736005643/1255923821706346610
MODiX
MODiX6mo ago
Buddy
And it isn't really protecting anything. Anyone can read it from RAM, let alone attach a debugger and read it when it is decrypted.
Quoted by
<@203166497198047232> from #Hiding Encryption key from RE (click here)
React with ❌ to remove this embed.
Buddy
Buddy6mo ago
one can easily just use x64dbg and read the value
(Ghost)™
(Ghost)™OP6mo ago
No cheats Protecting my app
Buddy
Buddy6mo ago
What is there to protect? Don't expose the code to the client. Simple as that
(Ghost)™
(Ghost)™OP6mo ago
Strings values
Buddy
Buddy6mo ago
You should never store API keys internally within the app
(Ghost)™
(Ghost)™OP6mo ago
Got It.
Buddy
Buddy6mo ago
a web server is required As I mentioned previously. Nothing is safe if it is at the hand of the client. If you remove that part, your app is safe as the only way to access the internals of the app is to hack into your web server. Your current solution is security by obscurity which is a BAD idea and should never be done.
(Ghost)™
(Ghost)™OP6mo ago
I need to study web server implementations.
Buddy
Buddy6mo ago
Imagine if you had a database and you accessed the database straight from the app. Anyone with the ability to reverse engineer the app can access your database. And even if you encrypt the credentials within the app, it can still be accessed from RAM when it is used / decrypted at runtime.
Want results from more Discord servers?
Add your server