Solved

Help with my simple encryption code

Posted on 2013-06-17
5
393 Views
Last Modified: 2013-06-18
This is a simple character substitution encryption program I am writing. My main goal is to avoid a cracker from de-compiling and seeing the correct password in the de-compiled code.

Programs such as OLLY and IDA will provide a list of strings used in a program, and I want to avoid this.

My program will ultimately compare the correct password ENCRYPTED to what the user entered. So if decompiled, they will see the ENCRYPTED string, not the correct password.

How my encryption works: Get the user entered character, find it in cypherPhrase. Then user keyPhrase[index of cypherPhrase] as the encrypted character.

That being said, I am getting this error: INVALID TYPES CHAR[INT] FOR ARRAY SUBSCRIPT on line 97:

userCombination[xx] = keyPhrase[found];

Open in new window


My source is commented fairly well, here it is:

#include <windows.h>
#include "resource.h"
#include <string>
// +---------------------------------------------------------------------------+
// | Simple Character Encryption                                               |
// +---------------------------------------------------------------------------+
// | main.cpp                                                                  |
// |                                                                           |
// | This program demonstrates how to encrypt and decrypt using                |
// | simple character substitution                                             |
// +---------------------------------------------------------------------------+
// | Acknowledgements:                                                         |
// |                                                                           |
// | Authors: John                                                   |
// |                                                                           |
// +---------------------------------------------------------------------------+


//---------------------------------------------------------------------------
// Function Protypes Defined
//---------------------------------------------------------------------------

LRESULT CALLBACK DlgProc(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);

//---------------------------------------------------------------------------
// Define Global Variables
//---------------------------------------------------------------------------

HWND hWnd;

//---------------------------------------------------------------------------
// WinMain: Application Entry Point
//---------------------------------------------------------------------------

INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
				   LPSTR lpCmdLine, int nCmdShow)
{
	DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG1),
	          hWnd, reinterpret_cast<DLGPROC>(DlgProc));

	return FALSE;
}
//---------------------------------------------------------------------------
// Dialog Procedure
//---------------------------------------------------------------------------
LRESULT CALLBACK DlgProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lParam)
{
        
    /* Local Variables */
    char szbuffer[255], szbuffer2[255];
    char szusercombo[80] = {'/0'};
    
    // This is the word 'crackme' encrypted!!
    std::string encrypted("eeheqij");
    int stringLength;
    
    // The word "crackme" encrypted  = e   e   h   e   q   i   j    
    
    //                               1         2         3        
    //                     01234567890123456789012345678901234
    char keyPhrase[]    = "thequickbrownfoxjumpsoverthelazydog";
    char cypherPhrase[] = "packmyboxwithfivedozenliguorjugs";
    
	switch(Msg)
	{
	case WM_INITDIALOG:
		return TRUE;

	case WM_COMMAND:
		switch(wParam)
		{
		case IDOK:
            // Move users answer to szbuffer 
            GetDlgItemText(hWndDlg, IDC_EDIT1, szbuffer, 80);
            
            // Get length of user string entered
            stringLength = strlen(szbuffer);
            
            // Loop through every character
            for(int xx=0; xx<stringLength; xx++){
                        // Isolate single character
                        char currentCharacter = szbuffer[xx];
                        
                        // Locate character in cypherPhrase
                        std::string strCypherPhrase(cypherPhrase);
                        
                        // Get Position of current character in cypherPhrase
                        // Note: The character should always be found
                        //       because every letter is in cypherPhrase
                        size_t found = strCypherPhrase.find(currentCharacter);
                        
                        // Now get keyPhrase[FOUND] and add to final userCombination buffer
                        userCombination[xx] = keyPhrase[found];
                        
                        // Move current encrypted character to buffer2 ( for MessageBox debugging )    
                        //wsprintf(szbuffer2,"%c", keyPhrase[found]);
                        //MessageBox ( NULL, szbuffer2, "Encrypted Character is...", MB_OK | MB_ICONINFORMATION );
                }
                // Debug Encrypted String
                // Should output: e   e   h   e   q   i 
                MessageBox ( NULL, userCombination, "Encrypted String Debug", MB_OK | MB_ICONINFORMATION );
               
               
               // Now check to see if they entered the correct answer
               // if userCombination == 'eeheqij' 
               //     correct
                
			EndDialog(hWndDlg, 0);
			return TRUE;
		}
		break;
	}

	return FALSE;
}
//---------------------------------------------------------------------------
// Application Functions
//---------------------------------------------------------------------------
// NONE YET

Open in new window

0
Comment
Question by:edvinson
  • 2
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Zoppo earned 500 total points
ID: 39255357
Hi edvinson,

how is userCombination declared?

ZOPPO
0
 
LVL 1

Author Comment

by:edvinson
ID: 39255372
WOW I got it!

I added:

char userCombination[80] = {'/0'};

Open in new window


and it works! So cool, my first encryption program! And I decompiled it, and it's perfect. Nowhere in the decompiled dump is the correct password.
0
 
LVL 31

Expert Comment

by:Zoppo
ID: 39255377
Fine, that's great ...

Regards,

ZOPPO
0
 
LVL 40

Expert Comment

by:evilrix
ID: 39255402
This isn't meant to be an answer to your question but just a friendly caution...

This isn't really encryption. At best it is obfuscation and is in no way secure. If this code is meant to secure a password I'm afraid it really won't do what you intend. In general it is a bad idea to try and implement your own "encryption" as it is almost certainly not going to be strong enough.

Why is this obfuscation and not encryption? Simple, your code contains both the algorithm and the key. In other words, everything required to decrypt is available to anyone who has your binary. It's like going out the front door, locking it and putting the key under the mat. Anyone who knows where to look will be able to access your house.

Hope this is helpful.
0
 
LVL 1

Author Comment

by:edvinson
ID: 39255429
Thanks EvilRix,

I appreciate your comments. It makes sense. This is a portion of my program I am writing to submit to a contest, where beginners learning Assembly try to reverse your password algorithm.

I am writing the program to mirror my own abilities in Assembly - I want to be able to decypher my own code, you know. It's a win win, as I get to learn C++ and Assembly at the same time.

As my C++ and Assembly skills grow, my algorithms will undoubtedly get tougher to crack!

This is my first submission, I will let you know how it goes.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
Have you thought about creating an iPhone application (app), but didn't even know where to get started? Here's how: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Important pre-programming comments: I’ve never tri…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now