Hiding that string in the compiled code

[John Smith]

My program includes a use of strstr(). It looks like this:

if(strstr(*str1, *str2)
...........

After compiling the code, I opened the program with a hex editor
(this is on Windows). Sure enough, I found str2 in the compiled code.

Is there a simple alternative (preferrably still using strstr) to
achieve the same objective without revealing str2 in the compiled
code?

 

[Jack Klein]

My program includes a use of strstr(). It looks like this:

if(strstr(*str1, *str2)
..........

After compiling the code, I opened the program with a hex editor
(this is on Windows). Sure enough, I found str2 in the compiled code.

Is there a simple alternative (preferrably still using strstr) to
achieve the same objective without revealing str2 in the compiled
code?

Sure, select any mechanism you like to encrypt str2. For a simple
example, xor each character treated as an unsigned char with a
constant value, for example 0x55.

Put the result in your program as an array of unsigned char. At run
time, decrypt it before using.

For "hello", in your source do:

#include <stdio.h>

#define CRYPT 0x55

unsigned char str2 [6] = { 'h' ^ CRYPT, 'e' ^ CRYPT,
'l' ^ CRYPT, 'l' ^ CRYPT, 'o' ^ CRYPT };

int main()
{
int count;
char *cp = (char *)str2;
printf("Before decryption: %s\n", cp);
for (count = 0; count < 5; ++count)
{
str2 [count] ^= CRYPT;
}
printf("After decryption: %s\n", cp);
return 0;
}

Output:
Before decryption: =099:
After decryption: hello

Feel free to use methods other than xor with a constant. Remember to
do your encryption and decryption on unsigned chars.

Be careful in general not to depend on C string functions while your
array is in the encrypted state, as one of the real characters in the
plain text might become '\0' when encrypted. In the example xor with
0x55, the ASCII character 'U' will become '\0' when encrypted.

 

[a.dheeraj.kumar]

or just upx your executable.

 

[Jack Klein]

or just upx your executable.

Can't find any mention of "upx" in the C standard, so it is quite
off-topic here.

 

[Default User]

Sure, select any mechanism you like to encrypt str2. For a simple
example, xor each character treated as an unsigned char with a
constant value, for example 0x55.

Put the result in your program as an array of unsigned char. At run
time, decrypt it before using.

That's basically what I did for the string file for the text-adventure
game I wrote years back. To make it even more secure I used a "rolling
key" approach. There was an initial seed value for the xor crypt key,
which then incremented after each use. At startup, the game would load
all the text from the file, decrypt it, and store the resulting strings
in a table.




Brian