Resource Encryption Enterprise

Embedded resources (images, config files, data files) in .NET assemblies are stored in plain form and can be extracted with any resource viewer. Demeanor compresses and encrypts them using per-assembly keys, then injects a resolver that transparently decrypts on first access.

Usage

CLIMSBuildDefault
(enabled by default at Enterprise)(enabled by default)On
--no-resources<ObfuscateNoResources>true</ObfuscateNoResources>Disable

Before & After

BEFORE
// Resources visible in ILSpy resource viewer:
config.json          2,340 bytes
logo.png             14,208 bytes
templates.xml        8,192 bytes
// All readable with any hex editor
AFTER OBFUSCATION
// Resources in obfuscated assembly:
a                    1,847 bytes  (compressed + encrypted)
b                    11,204 bytes (compressed + encrypted)
c                    5,891 bytes  (compressed + encrypted)
// Binary content — no readable data

Resource names are renamed, content is compressed then encrypted. An injected AssemblyResolve handler transparently decrypts and decompresses on first access. ResourceManager-format .resources files are excluded (protected by string encryption instead).

When to Disable

  • Startup latency — first access to each resource has decompression overhead. For very large resources (>10 MB), consider excluding them.
  • AOT/NativeAOT compilation — resource resolver injection may conflict with AOT resource handling.

Ready to protect your .NET code?

View Pricing All Options

[email protected] · wiseowlsoftware.com