This is the first blog post about shipping a secret value in a Business Central app. I have prepared an app file that contains a secret value that will be stored into Isolated Storage. But I’m not 100% if this method is secure enough, and that’s why I need your help. Please, download the app file and find the secret value. If you succeed, then I need to harden it. If nobody can find the value then that either means nobody really tried or it is secure enough. Let’s see what our community can do!
Glad you are eager to find that secret value! You can download the app file here.
Install the app in a Business Central cloud sandbox. After installation, search for the page ‘Test Secret Value’ and enter the value that you think is shipped with the app and click on Next. The page will tell you the result.
This value is not correct…
But when you enter the correct value, then you get this page.
The app that I have created can only be installed in a cloud sandbox. The reason for that is that I have used the 70-million object range. If I had created the app in the 50.000 – 99.999 range, then cracking the secret would be very simple. Please let me know in the comments below if you need an app for a local docker container and I’m happy to provide one.
I really hope some people will try to crack this. Please post your results in the comments. Or contact me directly if you think you’ve got the secret but don’t want to reveal it. In the meantime, I’ll be writing another blog post that explains the approach in more detail.
Well, you can extract the source code from the app file, can’t you? But to make it easy for you, I’ve published all source code on GitHub. Feel free to explore the code, I guess you will figure at quickly what I’ve done. Anyway, that’s for another blog post that will follow shortly. For now, I’m just sharing the app without further explanation because that comes closest to a published app that you can download from AppSource.
Good luck with cracking the secret! I’m really curious to see your results!