Boost logo

Boost :

Subject: Re: [boost] [encrypted strings]
From: Sid Sacek (ssacek_at_[hidden])
Date: 2009-04-27 15:37:14


> If you cipher the strings of your binary image but decipher them at
the
> process' start-up, process explorer (in Windows) will be able to show
them.

You make some good points. I think the strings need to stay obfuscated
until they're used and then discarded immediately afterwards.

> For the cipher, something simple and fast like RC4 is sufficient. RC4
can
> be written in few lines of C++
(http://en.wikipedia.org/wiki/RC4#Implementation)
> without any dependencies and is better than a trivial byte to byte
> obfuscation that will not hide the patterns the attacker may be
looking
> for (ie. path with '/' or '\').

I will look into that.

Thanks for the suggestions.
-Sid


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk