How can i protect myself against decompilers

  • Thread starter Thread starter Dakkar
  • Start date Start date
D

Dakkar

i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
 
Secrets should not be stored in code as string are always stored as a
sequence of bytes. You could encrypt it, but then where would you put the
decryption key so that your program can use it.

Why not put the password in a config file controlled by the user?

Dakkar said:
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
Click to expand...
 
Dakkar said:
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my program against this decompilers.
Thanks
Click to expand...


Could you please content yourself with posting your
queries just once and under just one identity?
Repeated posting is rude, especially after people
have already answered your question.
 
my code is like this how can i protect my password and this password
has to be included in my exe
is it possible to make it byte if it is how?


public bool sorgu(String u_name, String pw)
{
MyCmd = new OdbcCommand();
MyConn = new OdbcConnection("DRIVER={MySQL ODBC 3.51
Driver};" + "SERVER=212.98.232.34;" +
"DATABASE=account;" + "UID=root;" +
"PWD=12345;" + "Port=3306;" +
"Option=16384;" + "Stmt=;" +
"DSN=mysql_csystem;");
MyConn.Open();
MyCmd.Connection = MyConn;
StringBuilder SQL = new StringBuilder();
SQL.Append("SELECT ");
SQL.Append("username,rndpass ");
SQL.Append("FROM ");
SQL.Append("accounts ");
SQL.Append("where ");
SQL.Append("username ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(u_name);
SQL.Append("' ");
SQL.Append("and ");
SQL.Append("password ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(pw);
SQL.Append("'");
MyCmd.CommandText = SQL.ToString();
OdbcDataReader result =
MyCmd.ExecuteReader(CommandBehavior.CloseConnection);
int nResultCount = 0;
while (result.Read())
{
uouser = result.GetString(0);
uopass = result.GetString(1);
++nResultCount;
}
if (nResultCount != 0)
{
txt1.Text += "Kullanici Adi ve Sifre
Dogrulandi....\n\n";
return true;
}
else
{
return false;
}


}
 
In short you cannot. You can make it more difficult by obfuscating the code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.



Dakkar said:
my code is like this how can i protect my password and this password
has to be included in my exe
is it possible to make it byte if it is how?


public bool sorgu(String u_name, String pw)
{
MyCmd = new OdbcCommand();
MyConn = new OdbcConnection("DRIVER={MySQL ODBC 3.51
Driver};" + "SERVER=212.98.232.34;" +
"DATABASE=account;" + "UID=root;" +
"PWD=12345;" + "Port=3306;" +
"Option=16384;" + "Stmt=;" +
"DSN=mysql_csystem;");
MyConn.Open();
MyCmd.Connection = MyConn;
StringBuilder SQL = new StringBuilder();
SQL.Append("SELECT ");
SQL.Append("username,rndpass ");
SQL.Append("FROM ");
SQL.Append("accounts ");
SQL.Append("where ");
SQL.Append("username ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(u_name);
SQL.Append("' ");
SQL.Append("and ");
SQL.Append("password ");
SQL.Append("=");
SQL.Append("'");
SQL.Append(pw);
SQL.Append("'");
MyCmd.CommandText = SQL.ToString();
OdbcDataReader result =
MyCmd.ExecuteReader(CommandBehavior.CloseConnection);
int nResultCount = 0;
while (result.Read())
{
uouser = result.GetString(0);
uopass = result.GetString(1);
++nResultCount;
}
if (nResultCount != 0)
{
txt1.Text += "Kullanici Adi ve Sifre
Dogrulandi....\n\n";
return true;
}
else
{
return false;
}


}
Click to expand...
 
Peter Rillingwrote:
In short you cannot. You can make it more difficult by obfuscating
the code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.
Click to expand...

So what can i do for prevent people to see my password
and this program has to connect to mysql with root access
 
Correct. You should really re-engineer the whole system so that the
password does not have to be stored in the executable. Not only is that
safer, but it makes it easier to change the password later. And, let's be
honest, any system that uses passwords but does not make it easy to change
the password is not a very good system.

Peter Rilling said:
In short you cannot. You can make it more difficult by obfuscating the
code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new
byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.
Click to expand...
 
Check out the Trojan website, they have a rather extensive line of
protection utlities.

Dakkar said:
Peter Rillingwrote:
Click to expand...
In short you cannot. You can make it more difficult by obfuscating
the code
or doing a base64 encoding. Or even encrypting the string, but then you
have to store the decryption key somewhere and you might be back to square
one with placing the key in your code as plain text.

Sure, you can always make it an array of bytes if you want, like "new byte[]
{40, 41, 42, 43}" where you initialize the array with the character codes
for the password, but that is really not much more protective then plain
text.

As long as the password is in the program, if someone wanted access, then
could easily backtrack from the point of creating the SqlConnection object
to where the connection string was created. Anything you do would be like
locking your house, but putting the key under the doormat.
Click to expand...

So what can i do for prevent people to see my password
and this program has to connect to mysql with root access
Click to expand...
 
Back
Top