Skip to content

Constants Protection

Sam Harwood edited this page Jul 21, 2018 · 1 revision

ID: constants
Preset: Normal

This protection encodes and compresses constants (numbers, strings, and initializers) in the code.

Parameters

mode: This parameter define the way ConfuserEx encode the constants. Supported values are:

  • normal: Neo ConfuserEx would use static algorithms with random parameters to encode the constants.

  • dynamic: Neo ConfuserEx would use dynamically generated algorithms to encode the constants.

  • x86: Neo ConfuserEx would use dynamically generated native x86 expressions to encode the constants. (Produces unverifiable modules)

Default is normal.

decoderCount: This parameter is an integer value defining how many constant decoder Neo ConfuserEx would generate. Default is 5.

Since each decoder has slight differences, more decoders would make manual decoding of constants by attackers more annoying, but the result file size would increase.

elements: This parameter defines what type of constants would be encoded. Possible values are a combination of:

  • S: String constants (excluding primitive constants)

  • N: Numeric constants (excluding primitive constants)

  • P: Primitive constants (empty strings and commonly used numbers, e.g. 0, -1, 1, 2, etc.)

  • I: Array initializer (Those using RuntimeHelpers.InitializeArray)

The value is case-insensitive. For example, a value of "SI" indicates non-empty strings and initializers should be encoded. Default is "SI".

cfg: This parameter is a boolean value whether decoding of constants are based on a control flow dependent state variable. Default is false.

Enabling it would greatly enhance the strength of protection but the runtime performance may have a impact.

Usage in CLI

<protection id="constants">
  <argument name="mode" value="x86" />
  <argument name="decoderCount" value="10" />
  <argument name="cfg" value="true" />
  <argument name="elements" value="SNPI" />
</protection>

Where value is one of Anti Debug Protection modes.