hiding #define and const string value

S

sam

Hi,

Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?

Sam.
 
H

Howard

sam said:
Hi,

Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?

Sam.

One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.

-Howard
 
S

sam

Howard said:
One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.

Sam
 
K

Kai-Uwe Bux

sam said:
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.

There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.

However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?


Best

Kai-Uwe Bux
 
S

sam

Kai-Uwe Bux said:
sam wrote:




There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.

However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?
Yeah, you are right. Unless use a hardware base crypto card or smartcard
for authentication, the private key and password embedded in a program
and delivered to third-party can be definitely seen by others.
Thanks
Sam.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top