Best way to hide a string?

[ricardo]

Hi,

Im coding some program but don't want that any body can see the string i am using.

Which is the best way to hide strings to average user, not a hacker.

Best Regards

[Jagermeister]

If it's a StringGadget, use #PB_String_Password flag.

[BarryG]

He means inside the executable, so it doesn't show up in a binary file search with a hex editor.

[Caronte3D]

Which is the best way to hide strings to average user, not a hacker.

Simpy put this snippet of code at beginning of your source code (ASM backend):

Code: Select all

  !macro ppublic name{
    !if name eq _SYS_StaticStringEnd
    !repeat $-_SYS_StaticStringStart
    !load zczc from _SYS_StaticStringStart+%-1
    !store zczc xor 137 at _SYS_StaticStringStart+%-1
    !end repeat
    !end if
    !public name}
    !public fix ppublic
    CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
      !mov edi,_SYS_StaticStringStart
      !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[edi],137
      !inc edi
      !dec ecx
    CompilerElse
      !mov rdi,_SYS_StaticStringStart
      !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[rdi],137
      !inc rdi
      !dec rcx
    CompilerEndIf
    !jnz @b

This way you don't need to do anything, everything is done on the fly

[BarryG]

Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!

[ricardo]

Which is the best way to hide strings to average user, not a hacker.

Simpy put this snippet of code at beginning of your source code (ASM backend):

Code: Select all

  !macro ppublic name{
    !if name eq _SYS_StaticStringEnd
    !repeat $-_SYS_StaticStringStart
    !load zczc from _SYS_StaticStringStart+%-1
    !store zczc xor 137 at _SYS_StaticStringStart+%-1
    !end repeat
    !end if
    !public name}
    !public fix ppublic
    CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
      !mov edi,_SYS_StaticStringStart
      !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[edi],137
      !inc edi
      !dec ecx
    CompilerElse
      !mov rdi,_SYS_StaticStringStart
      !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[rdi],137
      !inc rdi
      !dec rcx
    CompilerEndIf
    !jnz @b

This way you don't need to do anything, everything is done on the fly

Great, it does the job.

Thanks!!

[Caronte3D]

Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!

Thanks, but credits goes to: User_Russian
https://www.purebasic.fr/english/viewto ... 52#p468652

[chi]

Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory

[Caronte3D]

Yes, thi's thi's only to evite to show the strings on the exe and be changed by an hex editor.
If you need a way to not discover the strings at runtime, you need to keep them ofuscated until they are used.
Anyway if security is a must, is better if the strings keep encrypted instead of only obfuscated

[NicTheQuick]

If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.

[Bitblazer]

If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.

Yes, don't get too enthusiastic about static XOR methods. It is long known how to automatically decipher them if you start using them on larger text. A static XOR is pretty comparable (by efficiency) to one of the oldest encryption methods - the cesar cipher.

You could go one step further to counter that, by using a random generator, initialize the generator with a specific value and XOR the data (your text) with the generated random stream. But that (again) can be simply broken by reverse engineering

It's a bit of a rat race ...

[Jagermeister]

He means inside the executable, so it doesn't show up in a binary file search with a hex editor.

*bonk*

Yes. I remember reading about this in the SoftIce days. I used AnalogX TextScan to browse strings (it's still available and free).

If the dev wasn't using exe protection like Armadillo or PELock, the next best method was to make a string look like garbage or another common string already in the executable At least then the unobfuscated string in memory would be camouflaged.

[BarryG]

Is there a way to do this without ASM, so I can compile my app with the C backend?

[BarryG]

Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory

Just tried that, and it doesn't show many of them. My app has literally thousands of strings, and ProcessExplorer only showed about 150 of them, and those were only the short ones (about 50 characters). It didn't show any long ones (100+ characters).

[Quin]

Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory

Just tried that, and it doesn't show many of them. My app has literally thousands of strings, and ProcessExplorer only showed about 150 of them, and those were only the short ones (about 50 characters). It didn't show any long ones (100+ characters).

Interestingly enough, when I try this on my app with similar numbers of strings, I see the giant blocks of text data embedded with IncludeBinary (although I might see those with normal strings anyways), and strings around 30 characters or so. I have yet to see one greater than 30 characters, but some strings in my app are greater than 400.