Obfuscate'ing a.out ???

**newbie01.others** · 05-27-2010

Hi all,

Am a C newbie ... mainly wanting to use it for the meantime to execute my UNIX scripts via the system command ... :-)

Eventually, I will want to do more C programming if I can ...

Anyway, I just want to know if it is possible to further obfuscate the a.out

Presently, I have a very simple .c file as below:

Code:

#include<stdio.h>

main()
{
   printf("Hello World !!! \n");
   system("x1.pl");
   system("pwd");
}

I compile it as cc x.c which produces the default a.out output. If I run strings a.out it shows the following:

Code:

/lib64/ld-linux-x86-64.so.2
_Jv_RegisterClasses
__gmon_start__
libc.so.6
printf
system
__libc_start_main
GLIBC_2.2.5
Hello World !!!
x1.pl

Is it possible to hide or at least "scramble" it so that the strings command will show gibberish? Any advise will be very much appreciated. FYI, OS is Linux and Solaris.

Thanks in advance.

**EVOEx** · 05-27-2010

You could make a simple function that decodes a string, then encode the strings so that they are decoded properly into their originals, and then use the decoded versions. Fairly easy with only a small amount of knowledge on C.

Though it's still fairly easy to circumvent.

**itCbitC** · 05-27-2010

You'll need to encrypt the a.out file.

**cpjust** · 05-27-2010

Add 128 to each character in your "Hello World" string?
Unless you've got someone with nothing better to do with their time, they'll just see garbage and forget about it.

**newbie01.others** · 05-30-2010

Originally Posted by itCbitC

You'll need to encrypt the a.out file.

Hi,

I believe this is what I wanted, i.e. just to encrypt the a.out file.

I tried it out using gpg but unfortunately, it is asking for a pass phrase when I run it. is there any way to encrypt it where a pass phrase is not required.

FYI, when I strings a.out, it shows something like below:

Code:

[oracle scripts]$ strings a.out
/lib64/ld-linux-x86-64.so.2
_Jv_RegisterClasses
__gmon_start__
libc.so.6
system
__libc_start_main
GLIBC_2.2.5
sqlplus system/oracle@test

This is from the C source that simply contains:

Code:

#include<stdio.h>

main()
{
   /* system("monitor_standby_physical.sh"); */

  system("sqlplus system/oracle@test");
}

system/oracle is the username/password.

Eventually, hopefully, I want to make username and password as C string constants ... unless someone from the forum is kind enough to code the whole lot as my introductory "gift" to C programming ... :-)

I suppose if I have the username and password as C constants and compile it, it will not show up when you do a strings in which case, I don't need to encrypt a.out anymore.

For now, until I get more into C, I want to encrypt the a.out file but one where I don't have to specify a pass phrase 'coz some of them will have to run via cron.

Any other suggestions will be very much appreciated.

Thanks in advance

**Bayint Naung** · 05-30-2010

I found something similar at stackoverflow

**EVOEx** · 05-30-2010

Originally Posted by cpjust

Add 128 to each character in your "Hello World" string?
Unless you've got someone with nothing better to do with their time, they'll just see garbage and forget about it.

With nothing better to do with their time? I believe it would be "cracked" with:
ltrace programname | grep system

Not too difficult, is it ;-)?

Thread: Obfuscate'ing a.out ???

Thread Tools

Search Thread

Display

Obfuscate'ing a.out ???

Similar Threads

Mixing C And C++ Code

* glibc detected * a.out: realloc()

a.out remains unchanged

General a.out redirection question under Linux

overgrown .exe files