http://www.purebasic.com
https://www.purebasic.fr/english/
Simpy put this snippet of code at beginning of your source code (ASM backend):ricardo wrote: Sun May 22, 2022 11:16 pm Which is the best way to hide strings to average user, not a hacker.
Code: Select all
!macro ppublic name{
!if name eq _SYS_StaticStringEnd
!repeat $-_SYS_StaticStringStart
!load zczc from _SYS_StaticStringStart+%-1
!store zczc xor 137 at _SYS_StaticStringStart+%-1
!end repeat
!end if
!public name}
!public fix ppublic
CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
!mov edi,_SYS_StaticStringStart
!mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart
!@@:
!xor byte[edi],137
!inc edi
!dec ecx
CompilerElse
!mov rdi,_SYS_StaticStringStart
!mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart
!@@:
!xor byte[rdi],137
!inc rdi
!dec rcx
CompilerEndIf
!jnz @bGreat, it does the job.Caronte3D wrote: Tue May 24, 2022 10:45 amSimpy put this snippet of code at beginning of your source code (ASM backend):ricardo wrote: Sun May 22, 2022 11:16 pm Which is the best way to hide strings to average user, not a hacker.
This way you don't need to do anything, everything is done on the flyCode: Select all
!macro ppublic name{ !if name eq _SYS_StaticStringEnd !repeat $-_SYS_StaticStringStart !load zczc from _SYS_StaticStringStart+%-1 !store zczc xor 137 at _SYS_StaticStringStart+%-1 !end repeat !end if !public name} !public fix ppublic CompilerIf #PB_Compiler_Processor = #PB_Processor_x86 !mov edi,_SYS_StaticStringStart !mov ecx,_SYS_StaticStringEnd-_SYS_StaticStringStart !@@: !xor byte[edi],137 !inc edi !dec ecx CompilerElse !mov rdi,_SYS_StaticStringStart !mov rcx,_SYS_StaticStringEnd-_SYS_StaticStringStart !@@: !xor byte[rdi],137 !inc rdi !dec rcx CompilerEndIf !jnz @b
Thanks, but credits goes to: User_RussianBarryG wrote: Tue May 24, 2022 11:03 am Wow, Caronte3D - that works great! I'm amazed. Thanks for sharing!
Yes, don't get too enthusiastic about static XOR methods. It is long known how to automatically decipher them if you start using them on larger text. A static XOR is pretty comparable (by efficiency) to one of the oldest encryption methods - the cesar cipher.NicTheQuick wrote: Tue May 24, 2022 2:53 pm If I read that correctly the string are only XORed byte by byte with 137. So not that complicated to reverse engineer but at least it's something.
*bonk*BarryG wrote: Mon May 23, 2022 10:02 pm He means inside the executable, so it doesn't show up in a binary file search with a hex editor.
At least then the unobfuscated string in memory would be camouflaged.Just tried that, and it doesn't show many of them. My app has literally thousands of strings, and ProcessExplorer only showed about 150 of them, and those were only the short ones (about 50 characters). It didn't show any long ones (100+ characters).chi wrote: Tue May 24, 2022 2:16 pm Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory
Interestingly enough, when I try this on my app with similar numbers of strings, I see the giant blocks of text data embedded with IncludeBinary (although I might see those with normal strings anyways), and strings around 30 characters or so. I have yet to see one greater than 30 characters, but some strings in my app are greater than 400.BarryG wrote: Tue Mar 04, 2025 10:04 pmJust tried that, and it doesn't show many of them. My app has literally thousands of strings, and ProcessExplorer only showed about 150 of them, and those were only the short ones (about 50 characters). It didn't show any long ones (100+ characters).chi wrote: Tue May 24, 2022 2:16 pm Keep in mind that these strings are still clearly visible with ProcessExplorer / dblclick exe / Strings / check Memory