My source got cracked

yes, so while i was using .net smart smartassembly at maximum obfusion. The mysql database login string was cracked. any alternate way to prevent it?

Answers

  • I'm so sorry to hear that!

    Can I just double check that you had strings encoding enabled in addition to obfuscation/name mangling? (The strings encoding feature is what would protect the login string.)

    Even with strings encoding though which is pretty good, it is by no means 100% infallible (unfortunately, no protection by any obfuscating tool is). At the end of the day, the .NET Runtime needs to be able to decrypt the string at runtime to be able to use it, so someone with enough time and resources could potentially work this out. Having said that, this is the first report we've had of this happening so I'm again very sorry to hear it!

    With database connections, it's important to think outside of SmartAssembly too - if you don't connect to the database via an encrypted connection then no obfuscation/encoding would help as someone could potentially just run a packet sniffer to grab the password "en-route". Additionally, in the case where your database will be out on the internet somewhere and accessed by multiple clients it would be best to have some sort of service that your application talks to, which would then talk to the db (and then still encrypt the communications between your client app and the server in some way). In that case, the clients wouldn't need to have the connection string at all.

    I hope that info might help!

    Jessica Ramos | Product Support Engineer | Redgate Software

    Have you visited our Help Center?


Sign In or Register to comment.