Is .NET Reactor of any use, against dotPeek?

Question

I made a "Hello World" blazor application, with .NET Core hosted server, and a Shared project, shared by the server and client projects.

When I add the following class to the Shared project, and then protect (using maximal protection) the compiled dll file with Reactor, I can still easily view the source code (from the dll output to /{my_project}_Secure/) using dotPeek.

namespace BlazorAppCoreHosted.Shared
{
    public class ConfigStuff
    {
        public string ConfigurationKey = "abcd";
        public string ConfigurationKey2 = "efg";
        private string ConfigurationKey3 = "soda";
    }
}

What am I doing wrong?

I am using the latest version of .NET Reactor, version 6.9.8.0. My project uses .NET 7.

Is dotPeek too smart for .NET Reactor?

Answer 1

Often, it appears that dotPeek can extract the full source code from protected files. However, dotPeek utilizes your program database files (.pdb) to reconstruct the source code. You should delete the .pdb files. Alternatively, in dotPeek, you can navigate to 'Tools' -> 'Options' -> 'Decompiler' and uncheck 'Use sources from symbol files when available'. This action forces dotPeek to decompile your assembly, resulting in the true decompiled output.

Answer 2

It's advisable to steer clear of generating .pdb files and ensure that you've installed the TrimHelper nuget package.

To be completely frank, it would be quite beneficial if .NET Reactor incorporated a feature to safeguard .pdb files with a password, similar to the "Babel software." It is my hope that this particular option will be included in forthcoming releases.