问题
Just a quick question in relation to SmartAssembly and .NET applications. - I am experimenting with the software at the moment and it seems to be obfuscating code but My.Settings is still visible in plain text?
So previous to obfucating my code (using .NET reflector) I could literally see almost everything. Including the My.Settings class containing lots of info such as passwords, ip's, MySQL connection strings etc..
So I obfuscated the code using RedGate's SmartAssembly and sure enough all the classes/functions etc appeared with random symbols, however several items (again including My.Settings) remained untouched?
SmartAssembly Screenshot
Obfuscated result in .NET reflector
回答1:
There are limitations to what most obfuscation tools can do, and this is one of them. Settings values are not stored as string literals or in backing fields, but as an attribute value:
Global.System.Configuration.DefaultSettingValueAttribute("bar")> _
Public Property Foo() As String
Get
Return CType(Me("Foo"), String)
End Get
Set(value As String)
Me("Foo") = value
End Set
End Property
VB/VS generates the Property getter/setter, but as you can see it uses an attribute to store the initial value as opposed to:
Private _foo As String = "bar"
In most cases there is no reason to hide the string content used in Attributes because they are usually instructions to the compiler about the class or property:
<Description("Bar String")>
<DefaultValue("bar")>
<DesignerSerializationVisibility(DesignerSerializationVisibility.Visible)>
Property BarString As String
None of these Attribute literals needs to be hidden because most Attributes contains neither runtime data nor sensitive information. As a result, My.Settings is a fringe case and is the result of how it is implemented. Note that this only applies to the default, initial values you enter in the IDE. If you update them at runtime, they are not written back to the Attributes, but saved to a file.
Since you have a trivial number of settings there, just write a small class to manage them yourself and save to a file in Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData)
来源:https://stackoverflow.com/questions/24530708/net-obfuscation-smartassembly