Difference between const and static in read-only for obfuscation of the string?


We run our .NET binaries through an obfuscator (with at least string obfuscation enabled), and later in the build process make some basic checks to validate this. I was surprised to notice that by changing strings from static readonly string to const string, the changed strings were now visible in plain text when viewing the disassembled code (via ildasm output).

With regards to string obfuscation, what is the difference between const string and static readonly string?

EDIT: For the sake of example, here's a small program:

class Program
    private const string MyConstString = "MyConstString";
    private static readonly string MyStaticReadonlyString = "MyStaticReadonlyString";

    static void Main(string[] args)
        string myLocalString = "myLocalString";


        Console.WriteLine("Hit <ENTER> to exit");

After looking at the .il code, the only value in plain text is for the const string. This is true for two different obfuscation tools:

.field private static literal string a = "MyConstString"       // using Dotfuscator
.field private static literal string '[SOH]' = "MyConstString" // using RedGate SmartAssembly

For const fields, their value simply has to be included directly in the assembly, there is no way around that. That's because the compiler has to be able to get the value of such field, without executing any of your custom code.

With static readonly fields, an obfuscator can use the static constructor to execute any code it wants, which means they can be obfuscated.