does extraction of literals into resource help obfuscation?

Question

1.00/5 (1 vote)

See more:

.NET2.0

I have a .NET user control in C# and it has lots of exception messages(literals). If I extract these literals into a resource file and let these message stay the same. does this extraction help me to obfuscate my application?

Here is a small demo to explain what I said:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

namespace TestResource
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button3_Click(object sender, EventArgs e)
        {
            int text1 = Convert.ToInt32(textBox1.Text);
            int text2 = Convert.ToInt32(textBox2.Text);
            int result = text1+text2;

            if (result <= 100)
                MessageBox.Show(result.ToString());
            else
            {
                throw new ArgumentOutOfRangeException("exceeds the maximum upper bound 100");
            }

        }
    }
}

now I extract this literal "exceeds the maximum upper bound 100" into a resource file and the following code as this:

C#

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

namespace TestResource
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button3_Click(object sender, EventArgs e)
        {
            int text1 = Convert.ToInt32(textBox1.Text);
            int text2 = Convert.ToInt32(textBox2.Text);
            int result = text1+text2;

            if (result <= 100)
                MessageBox.Show(result.ToString());
            else
            {
                throw new ArgumentOutOfRangeException(Resource.English.Exceeds100Message);
            }

        }
    }
}

After I compiled this into an executable then run obfuscator software .
because this button click method is private, it will be obfuscated.
Does this "Resource.English.Exceeds100Message" variable help obfuscation?

Posted 14-Feb-15 11:47am

Southmountain

Updated 14-Feb-15 13:38pm

v4

Add a Solution

Comments

BillWoodruff 14-Feb-15 18:30pm

I think you need to say more about what exactly "obfuscation" refers to here. Are you referring to the end-result of running "obfuscation software" like DotFuscator on your .NET assemblies ?

Southmountain 14-Feb-15 19:33pm

Yes. it is the case.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2015-02-14T13:52:00

Solution 1

"Does it help obfuscation"?

No. Your string literals will still be in clear text in the executable.

Posted 14-Feb-15 13:52pm

Dave Kreskowiak

Comments

Southmountain 14-Feb-15 21:06pm

string is fine, how about the variable name Exceeds100Message?

Dave Kreskowiak 14-Feb-15 21:49pm

Names like that usually get obfuscated, depending on the tool you're using.

BillWoodruff 14-Feb-15 21:54pm

Hi Dave, fyi: some .NET obfuscators, like Cryto Obfuscator (commercial, 3rd. party), claim they can encrypt/scramble contents of resources. Note that I have not purchased/used Crypto Obfuscator, I just remember this fact from reading their product description when I took a brief tour of the various obfuscators available for .NET about a year ago.

Dave Kreskowiak 14-Feb-15 21:57pm

It's possible. I've only seen the free ones and they didn't touch the resources. I really have no need for an obfuscator.