Best way to hide a string?

Just starting out? Need help? Post your questions and find answers here.
ricardo
Addict
Addict
Posts: 2402
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Best way to hide a string?

Post by ricardo »

Hi,

Im coding some program but don't want that any body can see the string i am using.

Which is the best way to hide strings to average user, not a hacker.

Best Regards
ARGENTINA WORLD CHAMPION
Jagermeister
Enthusiast
Enthusiast
Posts: 136
Joined: Thu Nov 15, 2012 11:38 pm
Location: Los Angeles

Re: Best way to hide a string?

Post by Jagermeister »

If it's a StringGadget, use #PB_String_Password flag.
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Best way to hide a string?

Post by BarryG »

He means inside the executable, so it doesn't show up in a binary file search with a hex editor.
User avatar
Caronte3D
Addict
Addict
Posts: 1027
Joined: Fri Jan 22, 2016 5:33 pm
Location: Some Universe

Re: Best way to hide a string?

Post by Caronte3D »

ricardo wrote: Sun May 22, 2022 11:16 pm Which is the best way to hide strings to average user, not a hacker.
Simpy put this snippet of code at beginning of your source code (ASM backend):

Code: Select all

  !macro ppublic name{
    !if name eq _SYS_StaticStringEnd
    !repeat $-_SYS_StaticStringStart
    !load zczc from _SYS_StaticStringStart+%-1
    !store zczc xor 137 at _SYS_StaticStringStart+%-1
    !end repeat
    !end if
    !public name}
    !public fix ppublic
    CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
      !mov edi,_SYS_StaticStringStart
      !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[edi],137
      !inc edi
      !dec ecx
    CompilerElse
      !mov rdi,_SYS_StaticStringStart
      !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[rdi],137
      !inc rdi
      !dec rcx
    CompilerEndIf
    !jnz @b
This way you don't need to do anything, everything is done on the fly
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Best way to hide a string?

Post by BarryG »

Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!
ricardo
Addict
Addict
Posts: 2402
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Re: Best way to hide a string?

Post by ricardo »

Caronte3D wrote: Tue May 24, 2022 10:45 am
ricardo wrote: Sun May 22, 2022 11:16 pm Which is the best way to hide strings to average user, not a hacker.
Simpy put this snippet of code at beginning of your source code (ASM backend):

Code: Select all

  !macro ppublic name{
    !if name eq _SYS_StaticStringEnd
    !repeat $-_SYS_StaticStringStart
    !load zczc from _SYS_StaticStringStart+%-1
    !store zczc xor 137 at _SYS_StaticStringStart+%-1
    !end repeat
    !end if
    !public name}
    !public fix ppublic
    CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
      !mov edi,_SYS_StaticStringStart
      !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[edi],137
      !inc edi
      !dec ecx
    CompilerElse
      !mov rdi,_SYS_StaticStringStart
      !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
      !@@:
      !xor byte[rdi],137
      !inc rdi
      !dec rcx
    CompilerEndIf
    !jnz @b
This way you don't need to do anything, everything is done on the fly
Great, it does the job.

Thanks!!
ARGENTINA WORLD CHAMPION
User avatar
Caronte3D
Addict
Addict
Posts: 1027
Joined: Fri Jan 22, 2016 5:33 pm
Location: Some Universe

Re: Best way to hide a string?

Post by Caronte3D »

BarryG wrote: Tue May 24, 2022 11:03 am Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!
Thanks, but credits goes to: User_Russian :wink:
https://www.purebasic.fr/english/viewto ... 52#p468652
User avatar
chi
Addict
Addict
Posts: 1028
Joined: Sat May 05, 2007 5:31 pm
Location: Linz, Austria

Re: Best way to hide a string?

Post by chi »

Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory
Et cetera is my worst enemy
User avatar
Caronte3D
Addict
Addict
Posts: 1027
Joined: Fri Jan 22, 2016 5:33 pm
Location: Some Universe

Re: Best way to hide a string?

Post by Caronte3D »

Yes, thi's thi's only to evite to show the strings on the exe and be changed by an hex editor.
If you need a way to not discover the strings at runtime, you need to keep them ofuscated until they are used.
Anyway if security is a must, is better if the strings keep encrypted instead of only obfuscated :wink:
User avatar
NicTheQuick
Addict
Addict
Posts: 1224
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: Best way to hide a string?

Post by NicTheQuick »

If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Bitblazer
Enthusiast
Enthusiast
Posts: 733
Joined: Mon Apr 10, 2017 6:17 pm
Location: Germany
Contact:

Re: Best way to hide a string?

Post by Bitblazer »

NicTheQuick wrote: Tue May 24, 2022 2:53 pm If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.
Yes, don't get too enthusiastic about static XOR methods. It is long known how to automatically decipher them if you start using them on larger text. A static XOR is pretty comparable (by efficiency) to one of the oldest encryption methods - the cesar cipher.

You could go one step further to counter that, by using a random generator, initialize the generator with a specific value and XOR the data (your text) with the generated random stream. But that (again) can be simply broken by reverse engineering ;)

It's a bit of a rat race ...
webpage - discord chat links -> purebasic GPT4All
Jagermeister
Enthusiast
Enthusiast
Posts: 136
Joined: Thu Nov 15, 2012 11:38 pm
Location: Los Angeles

Re: Best way to hide a string?

Post by Jagermeister »

BarryG wrote: Mon May 23, 2022 10:02 pm He means inside the executable, so it doesn't show up in a binary file search with a hex editor.
*bonk*

Yes. I remember reading about this in the SoftIce days. I used AnalogX TextScan to browse strings (it's still available and free).

If the dev wasn't using exe protection like Armadillo or PELock, the next best method was to make a string look like garbage or another common string already in the executable 8) At least then the unobfuscated string in memory would be camouflaged.
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Best way to hide a string?

Post by BarryG »

Is there a way to do this without ASM, so I can compile my app with the C backend?
Post Reply