Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Simple obfuscation of string in .NET?

I need to send a string of about 30 chars over the internet which will probably end up as an ID in a another company's database.

While the string itself will not be identifying, I would still like it not to be recognisable in any way.

What is the easiest way to obfuscate such a string in .NET, so that it can be easily reversed when necessary?

like image 377
Paul Lassiter Avatar asked Oct 23 '12 08:10

Paul Lassiter


People also ask

What is string obfuscation?

String obfuscation is an established technique used by proprietary, closed-source applications to protect intellectual property. Furthermore, it is also frequently used to hide spyware or malware in applications. In both cases, the techniques range from bit-manipulation over XOR operations to AES encryption.

What is .NET obfuscation?

Obfuscation is pretty simple (in concept), the idea is to alter your code in such a way that it makes the code much harder for a human to understand if they look at it using . NET reflection.

What is obfuscation in C#?

What Code Obfuscation Means in C# The technique of modifying an executable to be no longer useful to a hacker but remains fully functional is known as Code Obfuscation. Although the procedure may modify method statements or metadata, it does not affect program output.

What is DLL obfuscation?

This means that if you have a public DLL or executable that your business is distributing, anyone with a copy of your executable can open it up in a . NET decompiler like dotPeek, and directly read (and copy) your source code. Code obfuscation can't prevent this process—any . NET DLL can be plugged into a decompiler.


2 Answers

How about something classical (with a modern twist).

public static string Caesar(this string source, Int16 shift)
{
    var maxChar = Convert.ToInt32(char.MaxValue);
    var minChar = Convert.ToInt32(char.MinValue);

    var buffer = source.ToCharArray();

    for (var i = 0; i < buffer.Length; i++)
    {
        var shifted = Convert.ToInt32(buffer[i]) + shift;

        if (shifted > maxChar)
        {
            shifted -= maxChar;
        }
        else if (shifted < minChar)
        {
            shifted += maxChar;
        }

        buffer[i] = Convert.ToChar(shifted);
    }

    return new string(buffer);
}

Which obviously you would use like this

var plain = "Wibble";
var caesered = plain.Caesar(42);
var newPlain = caesered.Caesar(-42);

Its quick, your key is just an Int16 and it will prevent the casual observer from copy pasting the value but, its not secure.

like image 127
Jodrell Avatar answered Oct 17 '22 02:10

Jodrell


How about:

    Convert.ToBase64String(Encoding.UTF8.GetBytes(myString));

and its converse:

    Encoding.UTF8.GetString(Convert.FromBase64String(myObfuscatedString));

as long as you don't mind an increase in the length of your string

like image 42
Joe Avatar answered Oct 17 '22 04:10

Joe