How to store salt (secret key) invisible for decompilers

Hello, developers. I need a solution to hide salt variable or it’s value from decompilers like Ilspy. I’m using salt to test md5 hashes with data provided from web player.


It is impossible to place a key in an application that is invisible to an end-user. The key has to be readable from the application so that it can be used (e.g. in making requests). If the application can read the key, and therefore the system running the application can read the key, a user can read the key.

Obfuscation is the solution here: Try a salt that’s generated at runtime using a variable that no one would guess. For instance:

string actual_data = "your data here";

string md5_result = md5( actual_data + xSpeed.ToString() );

In this case, (going by your source code) the ‘salt’ would be the string ‘300.0’.