Hiding ascii text in memcpy?

[Dave]

Hi,

Is possible that memcpy can be used to hide const string value?

D

 

[Jacques Labuschagne]

Hi,

Is possible that memcpy can be used to hide const string value?

You're going to have to tell us more about what you consider "hiding".

Jacques.

 

[Dave]

You're going to have to tell us more about what you consider "hiding".

After the program is compiled, the assign valued of a string object
still can be viewed by some binary decoder eg. a strings program in Unix.

I m wondering if I can avoid the value of a string be seen by this kind
of tool if I use memcpy.

D

 

[Jacques Labuschagne]

After the program is compiled, the assign valued of a string object
still can be viewed by some binary decoder eg. a strings program in Unix.

I m wondering if I can avoid the value of a string be seen by this kind
of tool if I use memcpy.

There's nothing special about memcpy, it just copies bytes from A to B.
You can always break your string up into several little pieces and then
reassemble it by hand...

For example, with the following:

#include <iostream>
using namespace std;

int main(){
cout << "Hi!" << endl;
}

I can see "Hi!" lurking in the binary;

00000940 55 89 e5 53 e8 00 00 00 00 5b 81 c3 ff 11 00 00
|U..S.....[......|
00000950 50 e8 de fc ff ff 59 5b c9 c3 00 00 03 00 00 00
|P.....Y[........|
00000960 01 00 02 00 48 69 21 00 01 1b 03 3b 30 00 00 00
|....Hi!....;0...|
00000970 05 00 00 00 2c fd ff ff 50 00 00 00 28 fe ff ff
|....,...P...(...|
00000980 6c 00 00 00 86 fe ff ff 8c 00 00 00 c4 fe ff ff
|l...............|

But with the following, (which gives exactly the same output), I don't:

#include <iostream>
using namespace std;

int main(){
char H = 0x10;
H<<=2;
H|=0x08;
char i = 0x60;
i|=0x08;
++i;
cout << H << i << "!" << endl;
}

Of course, this requires some assumptions about the character set you're
using. I know my machine's on ISO-8859-1, so I can use the character
codes for 'H' and 'i' to create the right glyphs.

If the string ever appears as a literal then it'll show up in the
binary. (Unless you're using a deathstation 9000, maybe.) The only way
to get around this is to avoid using nice complete literals like that.

Happy obfuscating,
Jacques.

 

[rossum]

After the program is compiled, the assign valued of a string object
still can be viewed by some binary decoder eg. a strings program in Unix.

I m wondering if I can avoid the value of a string be seen by this kind
of tool if I use memcpy.

D

Another suggestion: don't have the actual strings in your compiled
program, put encrypted copies in your source code. Include a
decryption function in your program to decrypt the strings before you
use them.

e.g. Source code:

string mySecretMessage = "Khoor Zruog";
string myRealMessage = Decrypt(mySecretMessage);
DoSomeWork(myRealMessage);

The decryption function just replaces each character with the one
three places earlier in the alphabet. The real text of the message
will only exist at runtime, and will not be present in the executable
file on disk.

HTH

rossum


The ultimate truth is that there is no ultimate truth