-1

Can I encrypt a Visual Basic project so it can't be decompiled by dotPeek or any other software? I have done some research and I can't find anything.

Nacimota
  • 22,395
  • 6
  • 42
  • 44
TheSpiralNetwork
  • 25
  • 6
  • 2
    If some part of your application's security relies on obfuscating a portion of source code, then your approach to security is likely flawed. What exactly is it that you want to protect? – Luke Joshua Park May 14 '17 at 03:07
  • 1
    I Need The Application To Not be Decompileble By A Vb Decompiler So No one Can See The Source code – TheSpiralNetwork May 14 '17 at 03:57
  • Yeah... I gathered that from your original question. We could likely help you further if you can tell us exactly what in your source code is valuable? Is there an encryption key or API key? Normally you protect source code with a legal licence. – Luke Joshua Park May 14 '17 at 04:12
  • There Is An API Key – TheSpiralNetwork May 14 '17 at 04:17

1 Answers1

1

The question you have asked is an excellent example of The XY Problem, where you have problem X, come up with solution Y, and then ask how to perform or implement Y. I shall answer Y first and advise you on X, which is what you really should have asked, e.g. "If I have an API key in my source code, how can I keep it safe?".

The answer to Y is kind-of yes. You can obfuscate your .NET assemblies in such a way that it becomes moderately difficult to determine exactly what the source code does. However, constant values, such as your API key, will be significantly easier to retrieve since it is a constant string value. The important thing to remember here is that obfuscation is not security, the API key most definitely can still be retrieved.

The answer to X (the question you should have asked), and the advice that you should follow, is to not store the API key in your application at all. Have an external server that you can send requests to that will in turn use the API key to retrieve relevant data and perform operations. Having your own server as a middle-man means that you can ratelimit requests and authenticate users yourself if you choose to. API keys should never be stored in client-side code (unless you have things like public and private API keys, which I believe Stripe, among others, use).

Luke Joshua Park
  • 9,527
  • 5
  • 27
  • 44