- Forum
- Windows Programming
- MySQL protection agains disassemble
MySQL protection agains disassemble
Hello, exists any way, how can i use fully functional mysql commands etc with connection, where connection string is not included in my project? I want to make one project (website app is done), and i want make one C# desktop and one android c# xamarin app, but here is one problem, big problem, c# desktop i can ecnrypt with Themida, it's good software, but risk is still here, but on android C# don't know. How can i use mysql in my application without making it vulnerable to see connection strings etc. Thanks a lot :)
Maybe this is solution? http://www.c-sharpcorner.com/UploadFile/528a80/create-rest-api-for-android-app-using-php-and-mysql/
And i need use json library for format json output from php in c# right?
And i need use json library for format json output from php in c# right?
Sorry to break it to you but there's nothing you can do to fully protect your software from reverse engineering - especially from people like me with malware reversing experience and especially if you are working with the .NET framework.
You see, .NET software (MSIL assemblies) are vulnerable to decompilation back to readable human-level .NET-based source code... Nothing you can do about that. Sure, you can use protection like Themida, but I'll bypass it if I really want too and it's not even difficult work, it'll take a few seconds or minutes to do it.
You can add layered protection via utilisation of different anti-reversing methods (both static and dynamic) however you can never fully eliminate the chance to reverse the software, that would be impossible.
If you are using native languages like C/C++ which go through a compiler like they do and don't work with a runtime (e.g. like .NET uses the CLR run-time and MSIL is based on byte-code, the compiler is JIT) then most human-readable data will be stripped out of the PE when you compile so reversing is more difficult to obtain details if you put in some work... But it won't eliminate the problem fully still, because that cannot be done. Hell, you could use Assembly and you'll still be vulnerable to reverse engineering!
Regarding your strings, you can encrypt the string and use a strong algorithm to decrypt the string. Therefore, if an attacker wants the string, they'd have to reverse the function (after finding it) used for the string encryption/decryption will add to the time needed to do the job... If your software requires an active internet connection to work you could store it on a server and securely access it.
However a determined attacker will never give up so if they are determined enough to reverse your product of find specific details which are available somehow then they will become successful eventually, believe me.
You see, .NET software (MSIL assemblies) are vulnerable to decompilation back to readable human-level .NET-based source code... Nothing you can do about that. Sure, you can use protection like Themida, but I'll bypass it if I really want too and it's not even difficult work, it'll take a few seconds or minutes to do it.
You can add layered protection via utilisation of different anti-reversing methods (both static and dynamic) however you can never fully eliminate the chance to reverse the software, that would be impossible.
If you are using native languages like C/C++ which go through a compiler like they do and don't work with a runtime (e.g. like .NET uses the CLR run-time and MSIL is based on byte-code, the compiler is JIT) then most human-readable data will be stripped out of the PE when you compile so reversing is more difficult to obtain details if you put in some work... But it won't eliminate the problem fully still, because that cannot be done. Hell, you could use Assembly and you'll still be vulnerable to reverse engineering!
Regarding your strings, you can encrypt the string and use a strong algorithm to decrypt the string. Therefore, if an attacker wants the string, they'd have to reverse the function (after finding it) used for the string encryption/decryption will add to the time needed to do the job... If your software requires an active internet connection to work you could store it on a server and securely access it.
However a determined attacker will never give up so if they are determined enough to reverse your product of find specific details which are available somehow then they will become successful eventually, believe me.
Last edited on
Topic archived. No new replies allowed.