How to integrate ByteHide Shield with .NET projects?

Install the ByteHide.Shield.Integration NuGet package, configure your project token, and build your project. Protection applies automatically during MSBuild compilation.

Which .NET frameworks are supported by Shield?

Shield supports .NET Framework 4.0+, .NET Core 2.0+, .NET 5-8+, .NET Standard, Xamarin, MAUI, Unity, Blazor, ASP.NET, WPF, and WinRT.

How to configure Shield protection settings?

Configure Shield through MSBuild properties, environment variables, or the bytehide.json configuration file. Set protection levels, exclusions, and runtime options.

How to troubleshoot Shield integration issues?

Enable verbose logging, check build output for error messages, verify project token configuration, and ensure compatible .NET version and MSBuild tools.

How to exclude specific assemblies from protection?

Use the ExcludeAssemblies MSBuild property or add exclusion rules in bytehide.json configuration file to skip protection for specific assemblies or namespaces.

How to verify Shield protection was applied?

Check MSBuild output for Shield processing messages, examine protected assembly metadata, or use reflection tools to verify obfuscation was applied.

How to configure Shield for Unity projects?

Install Shield Unity package, configure project token in Unity settings, enable IL2CPP backend, and ensure compatible Unity version (2019.4+).

How to set up Shield in CI/CD pipelines?

Set project token as environment variable, ensure NuGet package restore, configure MSBuild parameters, and handle licensing for build agents.

String Encryption

Protection ID: string_encryption

String Encryption encrypts all string literals embedded in your application binary so they cannot be extracted by simply scanning the file. Strings are decrypted at runtime in an optimized manner when accessed by your code.

Configuration

JSON

{
  "protections": {
    "string_encryption": true
  }
}

{
  "protections": {
    "string_encryption": true
  }
}

For additional options:

JSON

{
  "protections": {
    "string_encryption": {
      "enabled": true,
      "algorithm": "xor",
      "exclude": ["http://*", "https://*"]
    }
  }
}

{
  "protections": {
    "string_encryption": {
      "enabled": true,
      "algorithm": "xor",
      "exclude": ["http://*", "https://*"]
    }
  }
}

How It Works

Unprotected iOS binaries contain all string literals in plain text within the __cstring and __ustring sections of the Mach-O file. Anyone can extract them with a simple strings command, immediately revealing API endpoints, error messages, database queries, encryption keys, feature flags, and other sensitive information.

String Encryption transforms these plain text strings into encrypted data in the binary. When your code accesses a string at runtime, it is decrypted transparently. The process is optimized so there is no noticeable performance impact.

Before Shield

Bash

$ strings MyApp | grep -i "api"
https://api.example.com/v2/payments
Authorization: Bearer
api_secret_key_production

$ strings MyApp | grep -i "api"
https://api.example.com/v2/payments
Authorization: Bearer
api_secret_key_production

After Shield

Bash

$ strings MyApp | grep -i "api"
# (no readable results)

$ strings MyApp | grep -i "api"
# (no readable results)

Algorithm Options

Algorithm	Description
`xor`	Fast encryption suitable for most applications (default)
`aes`	Stronger encryption for applications requiring maximum security

Exclusions

You can exclude specific strings from encryption using wildcard patterns. This is useful for strings that need to remain readable for debugging tools or network monitoring:

JSON

{
  "string_encryption": {
    "enabled": true,
    "exclude": ["http://*", "https://*", "ftp://*"]
  }
}

{
  "string_encryption": {
    "enabled": true,
    "exclude": ["http://*", "https://*", "ftp://*"]
  }
}

When to Use

String encryption is recommended for all production applications. It is one of the highest-value protections because string extraction is the simplest and most common first step in reverse engineering an application. It is essential for applications containing API keys or endpoint URLs, database connection strings, error messages that reveal internal logic, feature flags or configuration values, and encryption keys or secrets.

Resource Encryption - Encrypt bundled assets
Symbol Renaming - Rename identifiers
Protections Overview - All available protections

Configuration

How It Works

Before Shield

After Shield

Algorithm Options

Exclusions

When to Use

Related