hiding #define and const string value

Discussion in 'C++' started by sam, May 19, 2005.

  1. sam

    sam Guest

    Hi,

    Is there any way I can prevent people use some binary disambler (eg.
    strings in unix) to view the const string value in a compiled C++ program?

    Sam.
     
    sam, May 19, 2005
    #1
    1. Advertisements

  2. sam

    Howard Guest

    One way would be to encode the string somehow, so that it doesn't appear as
    anything useful. Then, in your code somewhere, take that string and decode
    it to some useful value. I've done this before, by running an external
    program to encode the string, then typing in the encoded string as a
    constant in my application. Not foolproof, but at least it makes the string
    look like garbage and less likely to be fooled with by hackers.

    -Howard
     
    Howard, May 19, 2005
    #2
    1. Advertisements

  3. sam

    sam Guest

    But the key used to decode teh encoded string is a plain text and must
    be written somewhere in the code, unless the program ask for user input
    password, in this case, the password is a plain text and is not written
    in the code.

    Sam
     
    sam, May 20, 2005
    #3
  4. sam

    Kai-Uwe Bux Guest

    There is a minor misconception: the key used to encode the string does not
    need to be a string, it can be a number or just some 128bit key for some
    block cypher. That would most certainly look like some random data.

    However, there is a major issue: why do you want to hide the strings in
    your program in the first place? All you can do without hardware support is
    to obfuscate your strings a little bit. A determined attacker, however,
    will always be able to get at the information as long as it is given to
    him. It does not really matter whether you just write it out or provide it
    within your program as an intermediate result of some computation. Careful
    use of a debugger will enable any cracker to get at your data. Embedding
    passwords in programs and giving the programs away is equivalent to giving
    the passwords away. So, again, why do you want to hide the strings in the
    first place?


    Best

    Kai-Uwe Bux
     
    Kai-Uwe Bux, May 20, 2005
    #4
  5. sam

    sam Guest

    Yeah, you are right. Unless use a hardware base crypto card or smartcard
    for authentication, the private key and password embedded in a program
    and delivered to third-party can be definitely seen by others.
    Thanks
    Sam.
     
    sam, May 20, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.