We help IT Professionals succeed at work.

Hiding text strings in my program from hex/text editors

ttobin333
ttobin333 asked
on
Dear Experts,

I know that with the use of text or hex editors, strings can be seen inside compliled exe files, even when compiled to native code.

To avoid giving unnecessary clues about the workings of my software to hackers, rather than actually write the strings inside quotes, what if I convert them to the ASCI codes e.g., Chr(52)+Chr(53) instead of "45". Can this be detected? Do I need to use encryption? If so, suggestions please.

Are there any tools that make decompiling a VB6 program more difficult?

Thanks!
Comment
Watch Question

Top Expert 2007

Commented:
A good hex editor would display the ASCII characters as well as the list of bytes, so that approach wouldn't do you much good. You could certainly encrypt them, but you would want to decrypt them only once as the application started up, or you would spend a lot of CPU cycles each time you wanted to display one of the strings.

A simple masking technique that's also quick involves the use of the Xor (Exclusive OR) operator. To do this,
1. Create a random array of bytes that's at least as long as your longest string. Call it mask.
2. convert a plaintext string to a byte array. Call it source.
3. Create a third array the same length as the source array. Call it masked.
3. Iterate over the source array. For each,
      masked[i] = source[i] Xor mask[i]
4 Save the masked array for inclusion in your source code.

To convert back to the original string at runtime, for each byte,
      plainText[i] = masked[i] Xor mask[i]

This is very fast.

Jim

Author

Commented:
Thanks Jim! Sounds excellent. Would you please give a brief working example of this to illustrate?
Top Expert 2007

Commented:
The first step is to select some number of relatively random bytes, at least as long as your longest string. Here's a set that's composed of the first 32 bits of the mantissas of the cube roots of the first 64 prime numbers:

0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Now save those bytes as the mask in your program and possibly a simple utility to create the masked byte arrays from the strings you need in your program. Say one of your strings is "FRED". The corresponding bytes are:
0x46 0x52 0x45 ox 44
Then create the maskd bytes by:
masked[0] = 0x46 Xor 0x42
masked[1] = 0x52 Xor 0x8a
masked[2] = 0x45 Xor 0x2f
masked[3] = 0x44 Xor 0x98

Then Masked = 0x04 0xd8 0x6a 0xdc

Do that for each of your strings, and stored the masked strings in your code. To revert to plaintext, just use the same mask bytes with the masked bytes, as:
plain[0] = 0x04 Xor 0x42
plain[1] = 0xd8 Xor 0x8a
plain[2] = 0x6a Xor 0x2f
plain[3] = 0xdc Xor 0x98

Then plain = 0x46 0x52 0x45 0x44 = "FRED".

Jim

Author

Commented:
Jim, I'm new to encryption, so here's a dumb question for you: how do I convert a character to a byte? I couldn't find a VB function that does this.

Thanks,
Tobin
Top Expert 2007
Commented:
Sorry - I'm not well acquainted with VB. In C#,

byte[] inputBytes = ASCIIEncoding.ASCII.GetBytes(inputString);

will generate a byte array from a string.

Jim

Author

Commented:
Jim, thank you. I will try to take it from here...you have gotton me off to a good start.
Top Expert 2007

Commented:
My pleasure. Good luck.

Jim

Explore More ContentExplore courses, solutions, and other research materials related to this topic.