Best way to hide a string?
Best way to hide a string?
Hi,
Im coding some program but don't want that any body can see the string i am using.
Which is the best way to hide strings to average user, not a hacker.
Best Regards
Im coding some program but don't want that any body can see the string i am using.
Which is the best way to hide strings to average user, not a hacker.
Best Regards
ARGENTINA WORLD CHAMPION
-
- Enthusiast
- Posts: 136
- Joined: Thu Nov 15, 2012 11:38 pm
- Location: Los Angeles
Re: Best way to hide a string?
If it's a StringGadget, use #PB_String_Password flag.
Re: Best way to hide a string?
He means inside the executable, so it doesn't show up in a binary file search with a hex editor.
Re: Best way to hide a string?
Simpy put this snippet of code at beginning of your source code (ASM backend):
Code: Select all
!macro ppublic name{
!if name eq _SYS_StaticStringEnd
!repeat $-_SYS_StaticStringStart
!load zczc from _SYS_StaticStringStart+%-1
!store zczc xor 137 at _SYS_StaticStringStart+%-1
!end repeat
!end if
!public name}
!public fix ppublic
CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
!mov edi,_SYS_StaticStringStart
!mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
!@@:
!xor byte[edi],137
!inc edi
!dec ecx
CompilerElse
!mov rdi,_SYS_StaticStringStart
!mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
!@@:
!xor byte[rdi],137
!inc rdi
!dec rcx
CompilerEndIf
!jnz @b
Re: Best way to hide a string?
Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!
Re: Best way to hide a string?
Great, it does the job.Caronte3D wrote: ↑Tue May 24, 2022 10:45 amSimpy put this snippet of code at beginning of your source code (ASM backend):
This way you don't need to do anything, everything is done on the flyCode: Select all
!macro ppublic name{ !if name eq _SYS_StaticStringEnd !repeat $-_SYS_StaticStringStart !load zczc from _SYS_StaticStringStart+%-1 !store zczc xor 137 at _SYS_StaticStringStart+%-1 !end repeat !end if !public name} !public fix ppublic CompilerIf #PB_Compiler_Processor = #PB_Processor_x86 !mov edi,_SYS_StaticStringStart !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart !@@: !xor byte[edi],137 !inc edi !dec ecx CompilerElse !mov rdi,_SYS_StaticStringStart !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart !@@: !xor byte[rdi],137 !inc rdi !dec rcx CompilerEndIf !jnz @b
Thanks!!
ARGENTINA WORLD CHAMPION
Re: Best way to hide a string?
Re: Best way to hide a string?
Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory
Et cetera is my worst enemy
Re: Best way to hide a string?
Yes, thi's thi's only to evite to show the strings on the exe and be changed by an hex editor.
If you need a way to not discover the strings at runtime, you need to keep them ofuscated until they are used.
Anyway if security is a must, is better if the strings keep encrypted instead of only obfuscated
If you need a way to not discover the strings at runtime, you need to keep them ofuscated until they are used.
Anyway if security is a must, is better if the strings keep encrypted instead of only obfuscated
- NicTheQuick
- Addict
- Posts: 1226
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: Best way to hide a string?
If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Re: Best way to hide a string?
Yes, don't get too enthusiastic about static XOR methods. It is long known how to automatically decipher them if you start using them on larger text. A static XOR is pretty comparable (by efficiency) to one of the oldest encryption methods - the cesar cipher.NicTheQuick wrote: ↑Tue May 24, 2022 2:53 pm If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.
You could go one step further to counter that, by using a random generator, initialize the generator with a specific value and XOR the data (your text) with the generated random stream. But that (again) can be simply broken by reverse engineering
It's a bit of a rat race ...
-
- Enthusiast
- Posts: 136
- Joined: Thu Nov 15, 2012 11:38 pm
- Location: Los Angeles
Re: Best way to hide a string?
*bonk*
Yes. I remember reading about this in the SoftIce days. I used AnalogX TextScan to browse strings (it's still available and free).
If the dev wasn't using exe protection like Armadillo or PELock, the next best method was to make a string look like garbage or another common string already in the executable At least then the unobfuscated string in memory would be camouflaged.
Re: Best way to hide a string?
Is there a way to do this without ASM, so I can compile my app with the C backend?