Hiding that string in the compiled code

Discussion in 'C Programming' started by John Smith, Jul 2, 2005.

  1. John Smith

    John Smith Guest

    My program includes a use of strstr(). It looks like this:

    if(strstr(*str1, *str2)
    ...........

    After compiling the code, I opened the program with a hex editor
    (this is on Windows). Sure enough, I found str2 in the compiled code.

    Is there a simple alternative (preferrably still using strstr) to
    achieve the same objective without revealing str2 in the compiled
    code?
     
    John Smith, Jul 2, 2005
    #1
    1. Advertising

  2. John Smith

    Jack Klein Guest

    On Sat, 02 Jul 2005 02:58:11 GMT, John Smith <>
    wrote in comp.lang.c:

    > My program includes a use of strstr(). It looks like this:
    >
    > if(strstr(*str1, *str2)
    > ..........
    >
    > After compiling the code, I opened the program with a hex editor
    > (this is on Windows). Sure enough, I found str2 in the compiled code.
    >
    > Is there a simple alternative (preferrably still using strstr) to
    > achieve the same objective without revealing str2 in the compiled
    > code?


    Sure, select any mechanism you like to encrypt str2. For a simple
    example, xor each character treated as an unsigned char with a
    constant value, for example 0x55.

    Put the result in your program as an array of unsigned char. At run
    time, decrypt it before using.

    For "hello", in your source do:

    #include <stdio.h>

    #define CRYPT 0x55

    unsigned char str2 [6] = { 'h' ^ CRYPT, 'e' ^ CRYPT,
    'l' ^ CRYPT, 'l' ^ CRYPT, 'o' ^ CRYPT };

    int main()
    {
    int count;
    char *cp = (char *)str2;
    printf("Before decryption: %s\n", cp);
    for (count = 0; count < 5; ++count)
    {
    str2 [count] ^= CRYPT;
    }
    printf("After decryption: %s\n", cp);
    return 0;
    }

    Output:
    Before decryption: =099:
    After decryption: hello

    Feel free to use methods other than xor with a constant. Remember to
    do your encryption and decryption on unsigned chars.

    Be careful in general not to depend on C string functions while your
    array is in the encrypted state, as one of the real characters in the
    plain text might become '\0' when encrypted. In the example xor with
    0x55, the ASCII character 'U' will become '\0' when encrypted.

    --
    Jack Klein
    Home: http://JK-Technology.Com
    FAQs for
    comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
    comp.lang.c++ http://www.parashift.com/c -faq-lite/
    alt.comp.lang.learn.c-c++
    http://www.contrib.andrew.cmu.edu/~ajo/docs/FAQ-acllc.html
     
    Jack Klein, Jul 2, 2005
    #2
    1. Advertising

  3. John Smith

    Guest

    or just upx your executable.
     
    , Jul 2, 2005
    #3
  4. John Smith

    Jack Klein Guest

    Jack Klein, Jul 2, 2005
    #4
  5. John Smith

    Default User Guest

    Jack Klein wrote:
    > On Sat, 02 Jul 2005 02:58:11 GMT, John Smith <>
    > wrote in comp.lang.c:
    >
    > > My program includes a use of strstr(). It looks like this:
    > >
    > > if(strstr(*str1, *str2)
    > > ..........
    > >
    > > After compiling the code, I opened the program with a hex editor
    > > (this is on Windows). Sure enough, I found str2 in the compiled code.
    > >
    > > Is there a simple alternative (preferrably still using strstr) to
    > > achieve the same objective without revealing str2 in the compiled
    > > code?

    >
    > Sure, select any mechanism you like to encrypt str2. For a simple
    > example, xor each character treated as an unsigned char with a
    > constant value, for example 0x55.
    >
    > Put the result in your program as an array of unsigned char. At run
    > time, decrypt it before using.



    That's basically what I did for the string file for the text-adventure
    game I wrote years back. To make it even more secure I used a "rolling
    key" approach. There was an initial seed value for the xor crypt key,
    which then incremented after each use. At startup, the game would load
    all the text from the file, decrypt it, and store the resulting strings
    in a table.




    Brian
     
    Default User, Jul 6, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Klaus Schneider
    Replies:
    1
    Views:
    574
    Rolf Magnus
    Dec 2, 2004
  2. Marc
    Replies:
    3
    Views:
    666
    Anand Pillai
    Dec 19, 2003
  3. Pieter Claerhout
    Replies:
    2
    Views:
    569
  4. lander
    Replies:
    5
    Views:
    617
    bruce barker
    Mar 5, 2008
  5. Ste
    Replies:
    41
    Views:
    855
    Thomas 'PointedEars' Lahn
    Aug 1, 2007
Loading...

Share This Page