Connecting Tech Pros Worldwide Help | Site Map
bytes > topic > c > answers

hiding #define and const string value

sam
Guest
  
Posts: n/a
#1: Jul 23 '05
Hi,

Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?

Sam.
Howard
Guest
  
Posts: n/a
#2: Jul 23 '05

re: hiding #define and const string value


"sam" <root@localhost.com> wrote in message
news:d6ifbt$ekc$1@news.hgc.com.hk...[color=blue]
> Hi,
>
> Is there any way I can prevent people use some binary disambler (eg.
> strings in unix) to view the const string value in a compiled C++ program?
>
> Sam.[/color]

One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.

-Howard
sam
Guest
  
Posts: n/a
#3: Jul 23 '05

re: hiding #define and const string value

Howard wrote:
[color=blue]
> "sam" <root@localhost.com> wrote in message
> news:d6ifbt$ekc$1@news.hgc.com.hk...
>[color=green]
>>Hi,
>>
>>Is there any way I can prevent people use some binary disambler (eg.
>>strings in unix) to view the const string value in a compiled C++ program?
>>
>>Sam.[/color]
>
>
> One way would be to encode the string somehow, so that it doesn't appear as
> anything useful. Then, in your code somewhere, take that string and decode
> it to some useful value. I've done this before, by running an external
> program to encode the string, then typing in the encoded string as a
> constant in my application. Not foolproof, but at least it makes the string
> look like garbage and less likely to be fooled with by hackers.
>[/color]
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.

Sam
[color=blue]
> -Howard
>
>
>[/color]
Kai-Uwe Bux
Guest
  
Posts: n/a
#4: Jul 23 '05

re: hiding #define and const string value

sam wrote:
[color=blue]
> Howard wrote:
>[color=green]
>> "sam" <root@localhost.com> wrote in message
>> news:d6ifbt$ekc$1@news.hgc.com.hk...
>>[color=darkred]
>>>Hi,
>>>
>>>Is there any way I can prevent people use some binary disambler (eg.
>>>strings in unix) to view the const string value in a compiled C++
>>>program?
>>>
>>>Sam.[/color]
>>
>>
>> One way would be to encode the string somehow, so that it doesn't appear
>> as
>> anything useful. Then, in your code somewhere, take that string and
>> decode
>> it to some useful value. I've done this before, by running an external
>> program to encode the string, then typing in the encoded string as a
>> constant in my application. Not foolproof, but at least it makes the
>> string look like garbage and less likely to be fooled with by hackers.
>>[/color]
> But the key used to decode teh encoded string is a plain text and must
> be written somewhere in the code, unless the program ask for user input
> password, in this case, the password is a plain text and is not written
> in the code.
>[/color]

There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.

However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?


Best

Kai-Uwe Bux
sam
Guest
  
Posts: n/a
#5: Jul 23 '05

re: hiding #define and const string value

Kai-Uwe Bux wrote:
[color=blue]
> sam wrote:
>
>[color=green]
>>Howard wrote:
>>
>>[color=darkred]
>>>"sam" <root@localhost.com> wrote in message
>>>news:d6ifbt$ekc$1@news.hgc.com.hk...
>>>
>>>
>>>>Hi,
>>>>
>>>>Is there any way I can prevent people use some binary disambler (eg.
>>>>strings in unix) to view the const string value in a compiled C++
>>>>program?
>>>>
>>>>Sam.
>>>
>>>
>>>One way would be to encode the string somehow, so that it doesn't appear
>>>as
>>>anything useful. Then, in your code somewhere, take that string and
>>>decode
>>>it to some useful value. I've done this before, by running an external
>>>program to encode the string, then typing in the encoded string as a
>>>constant in my application. Not foolproof, but at least it makes the
>>>string look like garbage and less likely to be fooled with by hackers.
>>>[/color]
>>
>>But the key used to decode teh encoded string is a plain text and must
>>be written somewhere in the code, unless the program ask for user input
>>password, in this case, the password is a plain text and is not written
>>in the code.
>>[/color]
>
>
> There is a minor misconception: the key used to encode the string does not
> need to be a string, it can be a number or just some 128bit key for some
> block cypher. That would most certainly look like some random data.
>
> However, there is a major issue: why do you want to hide the strings in
> your program in the first place? All you can do without hardware support is
> to obfuscate your strings a little bit. A determined attacker, however,
> will always be able to get at the information as long as it is given to
> him. It does not really matter whether you just write it out or provide it
> within your program as an intermediate result of some computation. Careful
> use of a debugger will enable any cracker to get at your data. Embedding
> passwords in programs and giving the programs away is equivalent to giving
> the passwords away. So, again, why do you want to hide the strings in the
> first place?
>[/color]
Yeah, you are right. Unless use a hardware base crypto card or smartcard
for authentication, the private key and password embedded in a program
and delivered to third-party can be definitely seen by others.
Thanks
Sam.
[color=blue]
>
> Best
>
> Kai-Uwe Bux[/color]
Closed Thread

« previous question | next question »

Similar C / C++ bytes

/bytes/development

/bytes/it

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,295 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved