Key Protection from Reverse engineering
Posted on 2010-09-17
I've read many questions on the anti-reverse engineering, but I don’t know if they apply to my issue.
I have a C++ AES encryptor and decryptor in the same exe. Its used to encrypt and decrypt our files. Pretty straight forward and simple. We recently parted ways with a company that did some developing for us and we know they will do everything to harm, hack, crack our software. I did implement some dynamic key encryption technique using some info on the computer like hardware profiles and date and time but I don’t know if that makes a difference at all or can someone just see the dynamic procedure we have and replicate it to decrypt the data.
My questions are:
-Is there any way to hide our AES encryption and vector keys ?
-If they decompile our code to the assembly code can the read our procedure (first encrypt with AES, then Twofish, then compress, then replace As’ with Ts’) and the keys used in the process?
- Can they modify our exe and then just replace the original in the installation folder with their version?
If so then is there a solution to protect our code, i know that full protection can never be achieved but at least something to protect the key being used to encrypt files. Right now the key is in a char variable, would it be better if we hide every character from the key in a different place and then assemble them into a key or would someone be able to read that as well?
I'm kind of new at this Anti-reverse engineering so any guidance will be appreciated.