Skip to main content
Version: 2023.4

5.7. Resource Sanitization

5.7.1.  Introduction

Resource sanitization feature allows to sanitize and optionally minify the embedded resources of an assembly. Sanitization removes privacy disclosing information such as comments in XML and JSON files, EXIF tag/thumbnail headers in JPEG and PNG files etc.

Eazfuscator.NET supports a finite set of file types which can be sanitized: XML, XSD, XSLT, JSON, PNG and JPEG. All other file types are ignored and kept intact even when there is a directive that instructs to sanitize them.

Let's take a look on example.

Example 5.8. The original XML file

<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<!-- For the full list of types see https://example.net/internal/docs/contoso-protocol-doc.html -->
<type>43</type>
</request>

Example 5.9. The sanitized XML file

<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<type>43</type>
</request>

As you can see, the XML comments were pruned during sanitization.

5.7.2. Instructions

To enable resource sanitization, you should apply an attribute to your assembly. In order to do that, you can use the instructions below.

Instructions on enabling resource sanitization

  1. Open obfuscatable project inside the IDE

  2. Add new source file to the project and call it ObfuscationSettings.cs (for C#) or ObfuscationSettings.vb (for Visual Basic .NET). You may prefer to use another name instead of ObfuscationSettings.cs or ObfuscationSettings.vb

  3. Fill ObfuscationSettings.cs with the following content (C#):

    using System;
    using System.Reflection;

    [assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]

    For Visual Basic .NET, fill ObfuscationSettings.vb with the following content:

    Imports System
    Imports System.Reflection

    <Assembly: Obfuscation(Feature:="sanitize resources", Exclude:=False)>

5.7.3. Minification

Assembly resources are not minified by default. If you want to achieve smaller size and better runtime performance of an output assembly then you may consider to turn on the resource minification.

The exact minification effect depends on a file type. For example, all the redundant whitespaces in .xml files are pruned when minification is on.

Example 5.10. The sanitized XML file

<request id="1">
<reference>REQ-D2867DBE</reference>
<destination>Contoso Headquarters</destination>
<type>43</type>
</request>

Example 5.11. The sanitized and minified XML file

<request id="1"><reference>REQ-D2867DBE</reference><destination>Contoso Headquarters</destination><type>43</type></request>

The [minify] flag turns on the minification when specified as shown in the sample below:

Example 5.12. Sanitize and minify all resources

using System;
using System.Reflection;

[assembly: Obfuscation(Feature = "sanitize resources [minify]", Exclude = false)]

5.7.4. Selective Resource Sanitization

Sometimes it may be beneficial to sanitize just some resources while leaving the others intact. The Exclude attribute property set to true can be used in order to do that, as shown in the sample below.

Example 5.13. Sanitize all resources except .png files

using System;
using System.Reflection;

[assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.png", Exclude = true)]

It may be profitable to go other way around by explicitly specifying just those resources that should be sanitized. This technique is shown in the sample below.

Example 5.14. Sanitize secret.xml and all .jpg resources; the others are left intact

using System;
using System.Reflection;

[assembly: Obfuscation(Feature = "sanitize resources secret.xml", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.jpg", Exclude = false)]

Notice how both examples use the concept of a glob mask to target multiple resources at once.

5.7.5. Options are Combinable

The given options can be combined in a free way giving you the power to choose the best combination. If you are not sure which combination to choose then just go with a simplest one: sanitize all resources. If you know what you are doing then you can end up with something like that:

Example 5.15. Advanced resource sanitization configuration

using System;
using System.Reflection;

[assembly: Obfuscation(Feature = "sanitize resources", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources *.png", Exclude = true)]
[assembly: Obfuscation(Feature = "sanitize resources *.jpg", Exclude = true)]
[assembly: Obfuscation(Feature = "sanitize resources [minify] License.xml", Exclude = false)]
[assembly: Obfuscation(Feature = "sanitize resources [minify] Help.xml", Exclude = false)]