Constant Encryption
Protection ID: constants_protection
This protection encodes and compresses the constants (numbers, strings and initializers) in the code.
This protection is available in the editions:
Scale Enterprise
How It Works
Constant encryption transforms literals in your code (strings, numbers, and other constants) into encrypted or encoded values that are only decrypted at runtime. This prevents attackers from easily identifying important values like API keys, license keys, URLs, and other sensitive information during static analysis.
The protection replaces direct constant references with calls to decoding methods, effectively hiding the actual values in the decompiled code. Depending on the edition and mode used, it can provide different levels of protection.
With the © Smart Integrity Protection System mode, the constants are decrypted with the module verification sum, ensuring the integrity of the applications.
Parameters
Elements string : Determine what type of constants will be encoded. This option is only available in the Scale and Enterprise editions.
- Strings default : Protect all the strings, constants and fields of your application, also those of the metadata.
- Numeric: Protects all application integers.
- Primitives: Protects all data of primitive types.
- Arrays: Encrypts application arrays.
Rules configuration
shield.config.json
{
"protections": {
"constants_protection": {
"elements": "strings|arrays|numeric" // string with the selected elements separated by a vertical bar
}
}
}
Modes
Advanced: Scale Protect the constants with the checksum of the method and its name.
© Smart Integrity Protection System: Enterprise Protect the constants with the verification sum of the method and its name using native functions that prevent the constants from being debited or decryption methods invoked. Ensures the integrity of the code, after this protection you will not be able to modify the code or rename the methods.
Code example
- Before:
var key = "https://www.bytehide.com";
string password = "admin";
Console.WriteLine($"key: {key}, password: {password}");
Console.ReadKey();
- After:
string text = <Module>.get_Condition(VARFLAG_FREPLACEABLE[(94010 < 500724) ? 0 : 537936],unchecked(checked(unchecked(570830 - -870451) + ConcurrentDictionary__2.TargetedPatchingOptOutAttribute);
<Module>.init(text,(Convert.ToInt32( " 1000011100000110110 ", 2) | 250883 * 2) ^ Marshal.SizeOf(typeof(MoveBufferArea)));
string text2 = <Module>.get_Condition((int) array2[((62301 < 630141) ? -255426 : -270726) + (83010 | 172416)],(ConcurrentDictionary__2.add_ReflectionOnlyNamespaceResolve * checked((array[6] >>
(6 | 4)) - unchecked(833425 + -830673) * Convert.ToInt32( " 334 ", 8)));
<Module>.init(text2,((18665 % 7466 > Convert.ToInt32( " fffd0bb9 ", 16)) ? 1 : 0) == 0 / 2133));
Console.WriteLine($" 864 {text}, 022: {text2} ");
Console.ReadKey();
Exclusions
- Exclude with attribute
Include this attribute in your source code:
[Obfuscation(Exclude = false, Feature = "-constants_protection")]
- Exclude from the interface
You can exclude this protection from methods or classes you want using the Shield configuration interface.
When to Use
Constant encryption enhances application security in these key scenarios:
- Security-sensitive values: Applications containing API keys, credentials, or license validation strings
- Algorithm parameters: Applications with important numeric constants used in algorithms
- Configuration data: Hard-coded configuration values that should be protected
- Business rule constants: Applications with important constants that represent business rules or thresholds
- Any application with sensitive string literals: Provides foundational protection for any application containing confidential text
Shield automatically adjusts the encryption intensity and strategies based on your application type and target platform, ensuring optimal protection without manual configuration. This optimization happens transparently, allowing you to focus on your application logic while Shield handles the security aspects.
When using constant encryption, Shield intelligently identifies and protects the most sensitive values in your code. For optimal security, Shield automatically combines constant encryption with other protections like control flow obfuscation to create multiple layers of defense.
Compatibility
| Framework | Compatibility | Comments |
|---|---|---|
| .NET Core | ✔ | |
| .NET Framework | ✔ | |
| .NET (up to 8 version) | ✔ | |
| .NET Standard | ✔ | |
| Xamarin IOS | ✔ | |
| Xamarin Android | ✔ | |
| Xamarin MacOs | ✔ | |
| WPF | ✔ | |
| Blazor | ✔ | |
| .NET Maui | ✔ | |
| Unity | ✔ | |
| ASP | ✔ | |
| Silverlight | ✔ | |
| VBa (Visual Basic) or C# (CSharp) | ✔ | |
| WinRT | ✔ |
Shield is compatible with all versions of .NET. It automatically adapts to your specific framework, whether you're using .NET 2.0, .NET 4.7, .NET Core 2.1, or Xamarin.Forms 5.0.