4.10. Resource Encryption
4.10.1. Introduction
Resource encryption feature allows to encrypt and optionally compress the embedded resources of an assembly.
Eazfuscator.NET encapsulates encrypted resources within dedicated resource assemblies, each containing multiple encrypted entries. These assemblies are embedded into the output assembly and are automatically loaded at runtime when a contained resource is requested.
4.10.2. Instructions
To enable resource encryption, you should apply an attribute to your assembly. In order to do that, you can use the instructions below.
Instructions on enabling resource encryption
-
Open obfuscatable project inside the IDE
-
Add new source file to the project and call it
ObfuscationSettings.cs(for C#) orObfuscationSettings.vb(for Visual Basic .NET). You may prefer to use another name instead ofObfuscationSettings.csorObfuscationSettings.vb -
Fill
ObfuscationSettings.cswith the following content (C#):using System;using System.Reflection;[assembly: Obfuscation(Feature = "encrypt resources", Exclude = false)]For Visual Basic .NET, fill
ObfuscationSettings.vbwith the following content:Imports SystemImports System.Reflection<Assembly: Obfuscation(Feature:="encrypt resources", Exclude:=False)>
If you want to encrypt resources stored in satellite assemblies, use the following directive from the assemblies embedding feature:
[assembly: Obfuscation(Feature = "embed satellites", Exclude = false)]
4.10.3. Tuning
The complete syntax of a custom attribute for resource encryption is as follows:
[assembly: Obfuscation(Feature = "encrypt resources [flags] [resource-selector]", Exclude = false)]
where [flags] is an optional list of space-separated flags, and [resource-selector] is an optional resource name or wildcard pattern.
The list of available flags is presented in the table below.
Table 4.12. The list of flags for resource encryption directive
Flag | Description |
|---|---|
compress | Enables compression of embedded resources |
file-signing=off | Disables signing of generated resource assemblies |
partition-size=<size> | Specifies the preferred size of a resource partition. The value must be a number followed by a unit with no space (b, kb, mb, gb). The default value is |
Assembly resources are not compressed by default. To reduce the size of the output assembly, you can enable resource compression. The [compress] flag enables compression when specified, as shown in the example below.
Example 4.35. Encrypt and compress all resources
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources [compress]", Exclude = false)]
As described earlier in this article, Eazfuscator.NET uses dedicated resource assemblies to store encrypted resources. If a signing configuration is present, these assemblies are automatically signed.
In some cases, you may want to disable this behavior using [file-signing=off] flag. See the example below.
Example 4.36. Disable automatic signing of encrypted resource assemblies
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources [file-signing=off]", Exclude = false)]
The [partition-size] flag controls how encrypted resources are split into partitions. Each partition is represented by a separate resource assembly. This approach improves access efficiency and reduces memory overhead at runtime.
The default partition size is 1 MB and, in most cases, should not be changed.
However, there are scenarios where it may be useful, such as when using a cloud-based signing service to sign embedded files. Such services are often billed per signing operation. In this case, you may reasonably increase the partition size to reduce the overall build cost.
To configure partition size, see the example below.
Example 4.37. Configuring partition size for resource encryption
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources [partition-size=3mb]", Exclude = false)]
Sometimes it may be beneficial to encrypt just some resources while leaving the others intact. The Exclude attribute property set to true can be used in order to do that, as shown in the sample below.
Example 4.38. Encrypt all resources except .png files
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources", Exclude = false)]
[assembly: Obfuscation(Feature = "encrypt resources *.png", Exclude = true)]
It may be profitable to go other way around by explicitly specifying just those resources that should be encrypted. This technique is shown in the sample below.
Example 4.39. Encrypt secret.txt and all .sql resources; the others are left intact
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources secret.txt", Exclude = false)]
[assembly: Obfuscation(Feature = "encrypt resources *.sql", Exclude = false)]
Notice how both examples use the concept of a glob mask to target multiple resources at once.
The given options can be combined in a free way giving you the power to choose the best combination for performance, security, and possibly obscurity to mislead intruders.
If you are not sure which combination to choose then just go with a simplest one: encrypt all resources.
If you know what you are doing then you can end up with something like that:
Example 4.40. Advanced resource encryption configuration
using System;
using System.Reflection;
[assembly: Obfuscation(Feature = "encrypt resources", Exclude = false)]
[assembly: Obfuscation(Feature = "encrypt resources License.txt", Exclude = true)]
[assembly: Obfuscation(Feature = "encrypt resources CommandLineOptions.txt", Exclude = true)]
[assembly: Obfuscation(Feature = "encrypt resources [compress] *.dat", Exclude = false)]
[assembly: Obfuscation(Feature = "encrypt resources [compress] *.sql", Exclude = false)]