On Mon, 27 Apr 2009 13:00:44 -0400, "Sid Sacek" <ssacek@securewatch24.com> wrote:
I don't mind. I would simply like to make a binary more opaque to snoopers. A binary may contain server names, registry keys, configuration settings, etc... Anything that's string-based could pique someone's curiosity.
I realize it wouldn't truly secure a program to have strings be obfuscated, but if a first-glance at the binary contains no visible text, then the snooper may not even bother going on to the next level of snooping.
It only depends on the value of what you are protecting and against who you want to protection. You need to assess this before doing anything. If you cipher the strings of your binary image but decipher them at the process' start-up, process explorer (in Windows) will be able to show them. Ciphering and deciphering strings as they are acceded by encapsulating std::string (or whatever you're using) is probably a bit better but will impact performances. For the cipher, something simple and fast like RC4 is sufficient. RC4 can be written in few lines of C++ (http://en.wikipedia.org/wiki/RC4#Implementation) without any dependencies and is better than a trivial byte to byte obfuscation that will not hide the patterns the attacker may be looking for (ie. path with '/' or '\'). For extra security you can even compress the strings with a simple LZW compression. But in the end it's probably better to go for a full fledged protection, knowing that the protection is far from being bulletproof (but it can be ok if you're not protecting something very valuable). Binary protections may however provoke incompatibilities problems. Don't forget that most operating systems provide protected areas where you can store more sensitive information. For example, if your program is a service running as a privileged users, you can store the "important stuff" in a configuration file that a regular user cannot access. You can even protect this configuration file with a run time parameter for extra security or the user's encryption certificate if the OS provides you with one. Hope this helps. -- EA