Boost logo

Boost :

Subject: Re: [boost] [encrypted strings]
From: Edouard A. (edouard_at_[hidden])
Date: 2009-04-27 13:20:58


On Mon, 27 Apr 2009 13:00:44 -0400, "Sid Sacek" <ssacek_at_[hidden]>
wrote:

> I don't mind. I would simply like to make a binary more opaque to
> snoopers. A binary may contain server names, registry keys,
> configuration settings, etc... Anything that's string-based could pique
> someone's curiosity.
>
> I realize it wouldn't truly secure a program to have strings be
> obfuscated, but if a first-glance at the binary contains no visible
> text, then the snooper may not even bother going on to the next level of
> snooping.

It only depends on the value of what you are protecting and against who you
want to protection. You need to assess this before doing anything.

If you cipher the strings of your binary image but decipher them at the
process' start-up, process explorer (in Windows) will be able to show them.

Ciphering and deciphering strings as they are acceded by encapsulating
std::string (or whatever you're using) is probably a bit better but will
impact performances. For the cipher, something simple and fast like RC4 is
sufficient. RC4 can be written in few lines of C++
(http://en.wikipedia.org/wiki/RC4#Implementation) without any dependencies
and is better than a trivial byte to byte obfuscation that will not hide
the patterns the attacker may be looking for (ie. path with '/' or '\').
For extra security you can even compress the strings with a simple LZW
compression.

But in the end it's probably better to go for a full fledged protection,
knowing that the protection is far from being bulletproof (but it can be ok
if you're not protecting something very valuable). Binary protections may
however provoke incompatibilities problems.

Don't forget that most operating systems provide protected areas where you
can store more sensitive information. For example, if your program is a
service running as a privileged users, you can store the "important stuff"
in a configuration file that a regular user cannot access. You can even
protect this configuration file with a run time parameter for extra
security or the user's encryption certificate if the OS provides you with
one.

Hope this helps.

-- 
EA

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk