Hiding text strings in my program from hex/text editors

Dear Experts,

I know that with the use of text or hex editors, strings can be seen inside compliled exe files, even when compiled to native code.

To avoid giving unnecessary clues about the workings of my software to hackers, rather than actually write the strings inside quotes, what if I convert them to the ASCI codes e.g., Chr(52)+Chr(53) instead of "45". Can this be detected? Do I need to use encryption? If so, suggestions please.

Are there any tools that make decompiling a VB6 program more difficult?

Thanks!
ttobin333Asked:
Who is Participating?
 
JimBrandleyConnect With a Mentor Commented:
Sorry - I'm not well acquainted with VB. In C#,

byte[] inputBytes = ASCIIEncoding.ASCII.GetBytes(inputString);

will generate a byte array from a string.

Jim
0
 
JimBrandleyCommented:
A good hex editor would display the ASCII characters as well as the list of bytes, so that approach wouldn't do you much good. You could certainly encrypt them, but you would want to decrypt them only once as the application started up, or you would spend a lot of CPU cycles each time you wanted to display one of the strings.

A simple masking technique that's also quick involves the use of the Xor (Exclusive OR) operator. To do this,
1. Create a random array of bytes that's at least as long as your longest string. Call it mask.
2. convert a plaintext string to a byte array. Call it source.
3. Create a third array the same length as the source array. Call it masked.
3. Iterate over the source array. For each,
      masked[i] = source[i] Xor mask[i]
4 Save the masked array for inclusion in your source code.

To convert back to the original string at runtime, for each byte,
      plainText[i] = masked[i] Xor mask[i]

This is very fast.

Jim
0
 
ttobin333Author Commented:
Thanks Jim! Sounds excellent. Would you please give a brief working example of this to illustrate?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
JimBrandleyCommented:
The first step is to select some number of relatively random bytes, at least as long as your longest string. Here's a set that's composed of the first 32 bits of the mantissas of the cube roots of the first 64 prime numbers:

0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Now save those bytes as the mask in your program and possibly a simple utility to create the masked byte arrays from the strings you need in your program. Say one of your strings is "FRED". The corresponding bytes are:
0x46 0x52 0x45 ox 44
Then create the maskd bytes by:
masked[0] = 0x46 Xor 0x42
masked[1] = 0x52 Xor 0x8a
masked[2] = 0x45 Xor 0x2f
masked[3] = 0x44 Xor 0x98

Then Masked = 0x04 0xd8 0x6a 0xdc

Do that for each of your strings, and stored the masked strings in your code. To revert to plaintext, just use the same mask bytes with the masked bytes, as:
plain[0] = 0x04 Xor 0x42
plain[1] = 0xd8 Xor 0x8a
plain[2] = 0x6a Xor 0x2f
plain[3] = 0xdc Xor 0x98

Then plain = 0x46 0x52 0x45 0x44 = "FRED".

Jim
0
 
ttobin333Author Commented:
Jim, I'm new to encryption, so here's a dumb question for you: how do I convert a character to a byte? I couldn't find a VB function that does this.

Thanks,
Tobin
0
 
ttobin333Author Commented:
Jim, thank you. I will try to take it from here...you have gotton me off to a good start.
0
 
JimBrandleyCommented:
My pleasure. Good luck.

Jim
0
All Courses

From novice to tech pro — start learning today.