encrypt C++ code

This is a discussion on encrypt C++ code within the C++ Programming forums, part of the General Programming Boards category; hi guys, how can I encrypt the C++ code? when I use olly dbg or a simple hex editor, the ...

  1. #1
    Registered User
    Join Date
    Feb 2010
    Posts
    72

    encrypt C++ code

    hi guys, how can I encrypt the C++ code?

    when I use olly dbg or a simple hex editor, the program has the strings displayed, how can I prevent this from happening?

    thank you in advance

  2. #2
    Registered User
    Join Date
    Mar 2008
    Location
    Coimbra, Portugal
    Posts
    85
    I am not sure why you would want to do that.

    Yet, theoretically, I suppose that you could write an encryption/decryption algorithm. Before compiling, you'd run all your strings through it and get "encrypted strings". After that, you would need to decrypt all strings in order to use them. Yet, if it is a simple one, it will most likely easily be broken, since it isn't that hard to step through the decryption process in a debugger/disassembler.

    So, just "hypothetically", assume that you have a string "Hello!" that turns into "ar11z#" after it's been encrypted. You'd have to run the decryption function at run-time and get the resulting string, "Hello!", but the string you'd effectively "write" in C(++) code would be "ar11z#", probably with a nice comment saying what it is -- But it really would be in memory, then.
    Last edited by Jorl17; 09-11-2010 at 08:57 AM.

  3. #3
    Registered User
    Join Date
    Feb 2010
    Posts
    72
    Quote Originally Posted by Jorl17 View Post
    I am not sure why you would want to do that.

    Yet, theoretically, I suppose that you could write an encryption/decryption algorithm. Before compiling, you'd run all your strings through it and get "encrypted strings". After that, you would need to decrypt all strings in order to use them. Yet, if it is a simple one, it will most likely easily be broken, since it isn't that hard to step through the decryption process in a debugger/disassembler.

    So, just "hypothetically", assume that you have a string "Hello!" that turns into "ar11z#" after it's been encrypted. You'd have to run the decryption function at run-time and get the resulting string, "Hello!", but the string you'd effectively "write" in C(++) code would be "ar11z#", probably with a nice comment saying what it is -- But really would be in memory, then.
    thank you, I will be doing this

  4. #4
    BMJ
    BMJ is offline
    Banal internet user BMJ's Avatar
    Join Date
    Aug 2002
    Location
    Chicagoland
    Posts
    1,380
    Even if you XOR or encrypt the strings in your executable, they'll have to be loaded into memory decrypted at some point during runtime and then they'll be visible again.

  5. #5
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,598
    I have found that adding strings as resources to the exe often stores them in a different format. However, doing this hard-codes your strings into your app which isn't bad for localization and other such items so it depends on what you want to do. Not sure why you would care honestly. Just remember not to store passwords or other items in string format b/c someone can easily see these inside of a hex editor or especially inside of Olly when you search for all referenced text strings. The best way to store passwords is to let the user input it, hash it with some algorithm, and then store the hash. The same is true for login - allow the user to input the password, hash it, and check against all stored hashes.

  6. #6
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    Most obfuscators provide this feature. Unfortunately most of the obfuscators I'm familiar with are for C# or Java. I'm not wholly sure how this is done, but it's quite interesting to look into.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  7. #7
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,598
    Unfortunately most of the obfuscators I'm familiar with are for C# or Java.
    Um...probably b/c C# code is compiled to MSIL which can then be reverse engineered back to C# byte for byte. C# code that is compiled to native machine code cannot be reverse engineered but also loses the benefits of the size reduction of the final EXE. Essentially all of .NET will need to be linked to by the EXE so the EXE will be huge. Normally linking in C# is done quite differently but the downside is that pretty much anyone can read your code. You would never release your assemblies in C# without somehow obfuscating them.

  8. #8
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    That statement was only pointing out that I have no familiarity with C/C++ obfuscators. I would assume most of the techniques for bytecode languages and native-binary compilation languages are similar.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  9. #9
    Registered User
    Join Date
    Feb 2010
    Posts
    72
    Quote Originally Posted by Bubba View Post
    I have found that adding strings as resources to the exe often stores them in a different format. However, doing this hard-codes your strings into your app which isn't bad for localization and other such items so it depends on what you want to do. Not sure why you would care honestly. Just remember not to store passwords or other items in string format b/c someone can easily see these inside of a hex editor or especially inside of Olly when you search for all referenced text strings. The best way to store passwords is to let the user input it, hash it with some algorithm, and then store the hash. The same is true for login - allow the user to input the password, hash it, and check against all stored hashes.
    thanks the app has something to do with passwords etc thats why i was asking

  10. #10
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    22,165
    Quote Originally Posted by nik2
    thanks the app has something to do with passwords etc thats why i was asking
    As in you are trying to write say, a program for secure storage of the user's passwords? If so, you only need to encrypt the passwords, not the program. The user would supply the secret key (or a passphrase from which the secret key is derived) on demand to recover the passwords.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  11. #11
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,708
    Quote Originally Posted by nik2 View Post
    thanks the app has something to do with passwords etc thats why i was asking
    You could use a secure hash function to reduce the passwords to "encrypted" chunks (and compare these chunks, bit for bit, to validate). The hash function must be chosen carefully, of course!
    Code:
    #include <cmath>
    #include <complex>
    bool euler_flip(bool value)
    {
        return std::pow
        (
            std::complex<float>(std::exp(1.0)), 
            std::complex<float>(0, 1) 
            * std::complex<float>(std::atan(1.0)
            *(1 << (value + 2)))
        ).real() < 0;
    }

  12. #12
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,762
    Who exactly are you trying to defend against?

    "kid in a bedroom with basically no skills"
    "No Such Agency with more time and money than you can imagine"

    Sooner or later, the password will be revealed by running the program and watching what happens (either internally in memory, or externally through it's interfaces).
    As soon as that happens, the jig is up.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  13. #13
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    are they credentials for logging into a database? i see this all the time in webapps.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  14. #14
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    in fact, except for a few other minor precautionary measures, i don't think there's a way around that
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Enforcing Machine Code Restrictions?
    By SMurf in forum Tech Board
    Replies: 21
    Last Post: 03-30-2009, 08:34 AM
  2. Values changing without reason?
    By subtled in forum C Programming
    Replies: 2
    Last Post: 04-19-2007, 11:20 AM
  3. Obfuscated Code Contest
    By Stack Overflow in forum Contests Board
    Replies: 51
    Last Post: 01-21-2005, 04:17 PM
  4. Interface Question
    By smog890 in forum C Programming
    Replies: 11
    Last Post: 06-03-2002, 06:06 PM
  5. Replies: 0
    Last Post: 02-21-2002, 06:05 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21