▒█▀▀█ █▀▀ █░░█ ▒█▀▀█ █░░█ ░▀░ █▀▀█
▒█▄▄█ ▀▀█ █▄▄█ ▒█░░░ █▀▀█ ▀█▀ █░░█
▒█░░░ ▀▀▀ ▄▄▄█ ▒█▄▄█ ▀░░▀ ▀▀▀ █▀▀▀
In terms of computing everything is about bit banging. If you know where the PE file starts, where it ends, you can easily extract resources from them. If you know which method used to compress them, you can easily uncompress them.
Well, that was 90's. Nobody gives a shit about desktop apps today. Even big tech companies doesn't hesitate to release a full metal 1gb web browser bundle for their 10kb chat app.
The thing is today they're storing secrets in their own servers. You just have to ask them nicely. Most companies just relying on TLS/SSL and appending their api keys to HTTP headers. If you eavesdrop their communication such a methods like MiTM or DLL Injection with your own socket hook functions, you can extract their static key and do custom api requests to their servers.
Most of distributable software including the mobile apps bring their own CA certificate in order to prevent MiTM based http sniffing. In that case TLS handshake will fail if you use a custom CA certificate on your OS. This is where your oldschool skills came in, unpack the app, replace the certificate with your own and do your usual MiTM sniffing.
How to secure your handshakes
Technically no system is secure, even a single bit can be changed on transport due to a neutrino from some solar storm or a galactic explosion but that's another topic that a youtuber might scretch into eleven video series. If you know the steps of an app, you can reproduce them. Most common one is hashing a static key with device fingerprint and sending to server, server rehashing that key with it's own device id and sending back to you in order to use it in your next request.
Another technique is time mapping like WW2 military handshakes, soldiers were using a word for every day of week and that wordlist was changing periodically. Computers can do this in nanoseconds precision but not all computers have the same clock due to general relativity so software engineers divide the time into specific pieces like 5 minutes or 3 hours. That's why you can't watch cat videos at youtube when your BIOS battery died out.
My personal method is asking a galactic constant like square root of PI, autobiographical or a self-descriptive number. You can sniff out the constants but not the if else statements of the code, well you can but that requires a lot of effort which is questionable to worth it. Lion stops chasing gazelle if it's spent more energy than that meat provides.
Maybe one more method is, diversion. If you can't hide something from enemy, confuse them. I was compressing my applications with UPX but renaming PE sections to .aspack
(another PE compression tool) but was it worth it to spend days just to protect those productions for all costs, that's also questionable. I was assuming we're going to use windows OS in our pockets in future but that didn't happened. Microsoft is kinda a relic now, future is all about scripting