Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?
Sam. 4 2793
"sam" <ro**@localhost .com> wrote in message
news:d6******** **@news.hgc.com .hk... Hi,
Is there any way I can prevent people use some binary disambler (eg. strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.
-Howard
Howard wrote: "sam" <ro**@localhost .com> wrote in message news:d6******** **@news.hgc.com .hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg. strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as anything useful. Then, in your code somewhere, take that string and decode it to some useful value. I've done this before, by running an external program to encode the string, then typing in the encoded string as a constant in my application. Not foolproof, but at least it makes the string look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.
Sam
-Howard
sam wrote: Howard wrote:
"sam" <ro**@localhost .com> wrote in message news:d6******** **@news.hgc.com .hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg. strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as anything useful. Then, in your code somewhere, take that string and decode it to some useful value. I've done this before, by running an external program to encode the string, then typing in the encoded string as a constant in my application. Not foolproof, but at least it makes the string look like garbage and less likely to be fooled with by hackers. But the key used to decode teh encoded string is a plain text and must be written somewhere in the code, unless the program ask for user input password, in this case, the password is a plain text and is not written in the code.
There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.
However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?
Best
Kai-Uwe Bux
Kai-Uwe Bux wrote: sam wrote:
Howard wrote:
"sam" <ro**@localhost .com> wrote in message news:d6***** *****@news.hgc. com.hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg. strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as anything useful. Then, in your code somewhere, take that string and decode it to some useful value. I've done this before, by running an external program to encode the string, then typing in the encoded string as a constant in my application. Not foolproof, but at least it makes the string look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must be written somewhere in the code, unless the program ask for user input password, in this case, the password is a plain text and is not written in the code.
There is a minor misconception: the key used to encode the string does not need to be a string, it can be a number or just some 128bit key for some block cypher. That would most certainly look like some random data.
However, there is a major issue: why do you want to hide the strings in your program in the first place? All you can do without hardware support is to obfuscate your strings a little bit. A determined attacker, however, will always be able to get at the information as long as it is given to him. It does not really matter whether you just write it out or provide it within your program as an intermediate result of some computation. Careful use of a debugger will enable any cracker to get at your data. Embedding passwords in programs and giving the programs away is equivalent to giving the passwords away. So, again, why do you want to hide the strings in the first place?
Yeah, you are right. Unless use a hardware base crypto card or smartcard
for authentication, the private key and password embedded in a program
and delivered to third-party can be definitely seen by others.
Thanks
Sam. Best
Kai-Uwe Bux This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Lorenzo Villari |
last post by:
I premise I don't know C++ well but... I wondered what is this data hiding
thing... I mean, if I can look at the header (and i need it beacuse of the
class), then what's hidden?
Can someone give me an example of something hidden from the user?
|
by: John Ratliff |
last post by:
Let's say I had a program which uses some constants. Would it be
"better" to declare them like this:
#ifndef __MY_HDR_FILE
#define __MY_HDR_FILE
#define STRING_CONST "some string..."
#define INT_CONSTANT 4852
#endif
|
by: Rayer |
last post by:
I have got some project src, and find it out that there is no ppl using
"const" to define a constance, but using #define still more. Discussing
with my friend, he said 1. #define is much easier in modify values in
program for several propose, and 2. const takes memory but #define not.
However, most modern textbook (for example, C++ Primal Plus 4/e) still
suggest to use const to replace #define. I know that use #define will
have some...
|
by: Dave |
last post by:
Hi,
Is possible that memcpy can be used to hide const string value?
D
|
by: yancheng.cheok |
last post by:
Recently, I try to replace #define with const in header file. However,
there are concerns on, multiple const object will be created, if the
header file is included in multiple cpp files.
For example:
In version.h
------------
#ifndef VERSION
#define VERSION
| |
by: sofeng |
last post by:
I'm not sure if "data hiding" is the correct term, but I'm trying to
emulate this object-oriented technique. I know C++ probably provides
much more than my example, but I'd just like some feedback to find out
if I've done anything wrong. Also, I am working on this for an
embedded environment, so if there are great inefficiencies with this
code, I'd like to know that also. I realize there is overhead with
using an "accessor" function.
...
|
by: alan |
last post by:
Hello world, I'm wondering if it's possible to implement some sort of
class/object that can perform mapping from class types to strings?
I will know the class type at compile time, like so:
const char *s = string_mapper<thetype>();
However I do not know the string to be associated with the type at
compile time, and will need a way to set up the mapping, to be created
at run time, possibly like so:
void foo(char*...
|
by: viki |
last post by:
We have zillion of instances inf instance->m_member in the code.
We are going introduce the 'accessors' Get() and Set() for m_member,
and
m_member going private (and renamed, too). We would like to leave, if
possible,
refs inst->m_member in the code, but make compiler translate
it to inst->Get() invisily, and without using macros. Let's assume T
is
a type of m_member.
|
by: sophia |
last post by:
Dear all,
the following are the differences b/w #define and typedef ,which i
have seen in Peter van der lindens book. is there any other difference
between thes two ?
The right way to think about typedef as being a complete encapsulated
type - you can't add to it after you have declared it.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |