Hiding that string in the compiled code

Discussion in 'C Programming' started by John Smith, Jul 2, 2005.

  1. John Smith

    John Smith Guest

    My program includes a use of strstr(). It looks like this:

    if(strstr(*str1, *str2)
    ...........

    After compiling the code, I opened the program with a hex editor
    (this is on Windows). Sure enough, I found str2 in the compiled code.

    Is there a simple alternative (preferrably still using strstr) to
    achieve the same objective without revealing str2 in the compiled
    code?
     
    John Smith, Jul 2, 2005
    #1
    1. Advertisements

  2. John Smith

    Jack Klein Guest

    Sure, select any mechanism you like to encrypt str2. For a simple
    example, xor each character treated as an unsigned char with a
    constant value, for example 0x55.

    Put the result in your program as an array of unsigned char. At run
    time, decrypt it before using.

    For "hello", in your source do:

    #include <stdio.h>

    #define CRYPT 0x55

    unsigned char str2 [6] = { 'h' ^ CRYPT, 'e' ^ CRYPT,
    'l' ^ CRYPT, 'l' ^ CRYPT, 'o' ^ CRYPT };

    int main()
    {
    int count;
    char *cp = (char *)str2;
    printf("Before decryption: %s\n", cp);
    for (count = 0; count < 5; ++count)
    {
    str2 [count] ^= CRYPT;
    }
    printf("After decryption: %s\n", cp);
    return 0;
    }

    Output:
    Before decryption: =099:
    After decryption: hello

    Feel free to use methods other than xor with a constant. Remember to
    do your encryption and decryption on unsigned chars.

    Be careful in general not to depend on C string functions while your
    array is in the encrypted state, as one of the real characters in the
    plain text might become '\0' when encrypted. In the example xor with
    0x55, the ASCII character 'U' will become '\0' when encrypted.
     
    Jack Klein, Jul 2, 2005
    #2
    1. Advertisements

  3. or just upx your executable.
     
    a.dheeraj.kumar, Jul 2, 2005
    #3
  4. John Smith

    Jack Klein Guest

    Can't find any mention of "upx" in the C standard, so it is quite
    off-topic here.
     
    Jack Klein, Jul 2, 2005
    #4
  5. John Smith

    Default User Guest


    That's basically what I did for the string file for the text-adventure
    game I wrote years back. To make it even more secure I used a "rolling
    key" approach. There was an initial seed value for the xor crypt key,
    which then incremented after each use. At startup, the game would load
    all the text from the file, decrypt it, and store the resulting strings
    in a table.




    Brian
     
    Default User, Jul 6, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.