Hiding text strings in my program from hex/text editors

Dear Experts,

I know that with the use of text or hex editors, strings can be seen inside compliled exe files, even when compiled to native code.

To avoid giving unnecessary clues about the workings of my software to hackers, rather than actually write the strings inside quotes, what if I convert them to the ASCI codes e.g., Chr(52)+Chr(53) instead of "45". Can this be detected? Do I need to use encryption? If so, suggestions please.

Are there any tools that make decompiling a VB6 program more difficult?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

A good hex editor would display the ASCII characters as well as the list of bytes, so that approach wouldn't do you much good. You could certainly encrypt them, but you would want to decrypt them only once as the application started up, or you would spend a lot of CPU cycles each time you wanted to display one of the strings.

A simple masking technique that's also quick involves the use of the Xor (Exclusive OR) operator. To do this,
1. Create a random array of bytes that's at least as long as your longest string. Call it mask.
2. convert a plaintext string to a byte array. Call it source.
3. Create a third array the same length as the source array. Call it masked.
3. Iterate over the source array. For each,
      masked[i] = source[i] Xor mask[i]
4 Save the masked array for inclusion in your source code.

To convert back to the original string at runtime, for each byte,
      plainText[i] = masked[i] Xor mask[i]

This is very fast.

ttobin333Author Commented:
Thanks Jim! Sounds excellent. Would you please give a brief working example of this to illustrate?
The first step is to select some number of relatively random bytes, at least as long as your longest string. Here's a set that's composed of the first 32 bits of the mantissas of the cube roots of the first 64 prime numbers:

0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Now save those bytes as the mask in your program and possibly a simple utility to create the masked byte arrays from the strings you need in your program. Say one of your strings is "FRED". The corresponding bytes are:
0x46 0x52 0x45 ox 44
Then create the maskd bytes by:
masked[0] = 0x46 Xor 0x42
masked[1] = 0x52 Xor 0x8a
masked[2] = 0x45 Xor 0x2f
masked[3] = 0x44 Xor 0x98

Then Masked = 0x04 0xd8 0x6a 0xdc

Do that for each of your strings, and stored the masked strings in your code. To revert to plaintext, just use the same mask bytes with the masked bytes, as:
plain[0] = 0x04 Xor 0x42
plain[1] = 0xd8 Xor 0x8a
plain[2] = 0x6a Xor 0x2f
plain[3] = 0xdc Xor 0x98

Then plain = 0x46 0x52 0x45 0x44 = "FRED".

The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

ttobin333Author Commented:
Jim, I'm new to encryption, so here's a dumb question for you: how do I convert a character to a byte? I couldn't find a VB function that does this.

Sorry - I'm not well acquainted with VB. In C#,

byte[] inputBytes = ASCIIEncoding.ASCII.GetBytes(inputString);

will generate a byte array from a string.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ttobin333Author Commented:
Jim, thank you. I will try to take it from here...you have gotton me off to a good start.
My pleasure. Good luck.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.