|
|
Boost : |
Subject: Re: [boost] [encrypted strings]
From: Raindog (raindog_at_[hidden])
Date: 2009-04-28 01:30:59
Sid Sacek wrote:
> Does boost have any compile-time classes for string encryption? Is it
> even possible?
>
>
>
> When a hacker dumps an executable, they can see all of the strings the
> program might use, and some of those strings may contain sensitive
> information. Does boost have any classes that can encode the strings at
> compile-time? Ideally, the third string in the code below would never
> compile the "secret" string into the final binary.
>
>
>
> Regards,
>
> -Sid
>
>
Sid,
I made my original suggestion based on being both a virus analyst by
profession and game hacker by hobby. No offense to the suggestions that
have been made by others on this mail list[1], but they all appear to
suffer the same problem in that laymen are suggesting solutions that not
even professionals have completely solved. I understand that you are
looking for simple techniques to "thwart noobs from haxxing your
shizzle", but in reality, anyone unable to bypass the methods suggested
would be unable to bypass a plain text target. Rolling your own solution
has so many problems that I cannot even begin to tackle them here.
You'll be much better off using an off the shelf protection mechanism.
If you're really itching to try your hand, look at pecompact which
allows you to provide your own decryption/encryption algorithm on top of
their packer.
[1]. Edouard's suggestion appears to imply that he has at least a
cursory introduction to the problems faced by anti-piracy/anti-reverse
engineering experts.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk