Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?
Sam.
4  2773 
"sam" <ro**@localhost.com> wrote in message
news:d6**********@news.hgc.com.hk... Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.
-Howard
Howard wrote: "sam" <ro**@localhost.com> wrote in message
news:d6**********@news.hgc.com.hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++ program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear as
anything useful. Then, in your code somewhere, take that string and decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the string
look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.
Sam
-Howard
sam wrote: Howard wrote:
"sam" <ro**@localhost.com> wrote in message
news:d6**********@news.hgc.com.hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++
program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear
as
anything useful. Then, in your code somewhere, take that string and
decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the
string look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.
There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.
However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?
Best
Kai-Uwe Bux
Kai-Uwe Bux wrote: sam wrote:
Howard wrote:
"sam" <ro**@localhost.com> wrote in message
news:d6**********@news.hgc.com.hk...
Hi,
Is there any way I can prevent people use some binary disambler (eg.
strings in unix) to view the const string value in a compiled C++
program?
Sam.
One way would be to encode the string somehow, so that it doesn't appear
as
anything useful. Then, in your code somewhere, take that string and
decode
it to some useful value. I've done this before, by running an external
program to encode the string, then typing in the encoded string as a
constant in my application. Not foolproof, but at least it makes the
string look like garbage and less likely to be fooled with by hackers.
But the key used to decode teh encoded string is a plain text and must
be written somewhere in the code, unless the program ask for user input
password, in this case, the password is a plain text and is not written
in the code.
There is a minor misconception: the key used to encode the string does not
need to be a string, it can be a number or just some 128bit key for some
block cypher. That would most certainly look like some random data.
However, there is a major issue: why do you want to hide the strings in
your program in the first place? All you can do without hardware support is
to obfuscate your strings a little bit. A determined attacker, however,
will always be able to get at the information as long as it is given to
him. It does not really matter whether you just write it out or provide it
within your program as an intermediate result of some computation. Careful
use of a debugger will enable any cracker to get at your data. Embedding
passwords in programs and giving the programs away is equivalent to giving
the passwords away. So, again, why do you want to hide the strings in the
first place?
Yeah, you are right. Unless use a hardware base crypto card or smartcard
for authentication, the private key and password embedded in a program
and delivered to third-party can be definitely seen by others.
Thanks
Sam.
Best
Kai-Uwe Bux This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Lorenzo Villari |
last post by:
I premise I don't know C++ well but... I wondered what is this data hiding
thing... I mean, if I can look at the header (and i need it beacuse of the
class), then what's hidden?
Can someone give...
|
by: John Ratliff |
last post by:
Let's say I had a program which uses some constants. Would it be
"better" to declare them like this:
#ifndef __MY_HDR_FILE
#define __MY_HDR_FILE
#define STRING_CONST "some string..."
#define...
|
by: Rayer |
last post by:
I have got some project src, and find it out that there is no ppl using
"const" to define a constance, but using #define still more. Discussing
with my friend, he said 1. #define is much easier in...
|
by: Dave |
last post by:
Hi,
Is possible that memcpy can be used to hide const string value?
D
|
by: yancheng.cheok |
last post by:
Recently, I try to replace #define with const in header file. However,
there are concerns on, multiple const object will be created, if the
header file is included in multiple cpp files.
For...
|
by: sofeng |
last post by:
I'm not sure if "data hiding" is the correct term, but I'm trying to
emulate this object-oriented technique. I know C++ probably provides
much more than my example, but I'd just like some feedback...
|
by: alan |
last post by:
Hello world, I'm wondering if it's possible to implement some sort of
class/object that can perform mapping from class types to strings?
I will know the class type at compile time, like so:...
|
by: viki |
last post by:
We have zillion of instances inf instance->m_member in the code.
We are going introduce the 'accessors' Get() and Set() for m_member,
and
m_member going private (and renamed, too). We would like...
|
by: sophia |
last post by:
Dear all,
the following are the differences b/w #define and typedef ,which i
have seen in Peter van der lindens book. is there any other difference
between thes two ?
The right way to...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
