I need to send a string of about 30 chars over the internet which will probably end up as an ID in a another company's database.
While the string itself will not be identifying, I would still like it not to be recognisable in any way.
What is the easiest way to obfuscate such a string in .NET, so that it can be easily reversed when necessary?
String obfuscation is an established technique used by proprietary, closed-source applications to protect intellectual property. Furthermore, it is also frequently used to hide spyware or malware in applications. In both cases, the techniques range from bit-manipulation over XOR operations to AES encryption.
Obfuscation is pretty simple (in concept), the idea is to alter your code in such a way that it makes the code much harder for a human to understand if they look at it using . NET reflection.
What Code Obfuscation Means in C# The technique of modifying an executable to be no longer useful to a hacker but remains fully functional is known as Code Obfuscation. Although the procedure may modify method statements or metadata, it does not affect program output.
This means that if you have a public DLL or executable that your business is distributing, anyone with a copy of your executable can open it up in a . NET decompiler like dotPeek, and directly read (and copy) your source code. Code obfuscation can't prevent this process—any . NET DLL can be plugged into a decompiler.
How about something classical (with a modern twist).
public static string Caesar(this string source, Int16 shift)
{
var maxChar = Convert.ToInt32(char.MaxValue);
var minChar = Convert.ToInt32(char.MinValue);
var buffer = source.ToCharArray();
for (var i = 0; i < buffer.Length; i++)
{
var shifted = Convert.ToInt32(buffer[i]) + shift;
if (shifted > maxChar)
{
shifted -= maxChar;
}
else if (shifted < minChar)
{
shifted += maxChar;
}
buffer[i] = Convert.ToChar(shifted);
}
return new string(buffer);
}
Which obviously you would use like this
var plain = "Wibble";
var caesered = plain.Caesar(42);
var newPlain = caesered.Caesar(-42);
Its quick, your key is just an Int16
and it will prevent the casual observer from copy pasting the value but, its not secure.
How about:
Convert.ToBase64String(Encoding.UTF8.GetBytes(myString));
and its converse:
Encoding.UTF8.GetString(Convert.FromBase64String(myObfuscatedString));
as long as you don't mind an increase in the length of your string
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With