Solved

Help with my simple encryption code

Posted on 2013-06-17
5
391 Views
Last Modified: 2013-06-18
This is a simple character substitution encryption program I am writing. My main goal is to avoid a cracker from de-compiling and seeing the correct password in the de-compiled code.

Programs such as OLLY and IDA will provide a list of strings used in a program, and I want to avoid this.

My program will ultimately compare the correct password ENCRYPTED to what the user entered. So if decompiled, they will see the ENCRYPTED string, not the correct password.

How my encryption works: Get the user entered character, find it in cypherPhrase. Then user keyPhrase[index of cypherPhrase] as the encrypted character.

That being said, I am getting this error: INVALID TYPES CHAR[INT] FOR ARRAY SUBSCRIPT on line 97:

userCombination[xx] = keyPhrase[found];

Open in new window


My source is commented fairly well, here it is:

#include <windows.h>
#include "resource.h"
#include <string>
// +---------------------------------------------------------------------------+
// | Simple Character Encryption                                               |
// +---------------------------------------------------------------------------+
// | main.cpp                                                                  |
// |                                                                           |
// | This program demonstrates how to encrypt and decrypt using                |
// | simple character substitution                                             |
// +---------------------------------------------------------------------------+
// | Acknowledgements:                                                         |
// |                                                                           |
// | Authors: John                                                   |
// |                                                                           |
// +---------------------------------------------------------------------------+


//---------------------------------------------------------------------------
// Function Protypes Defined
//---------------------------------------------------------------------------

LRESULT CALLBACK DlgProc(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);

//---------------------------------------------------------------------------
// Define Global Variables
//---------------------------------------------------------------------------

HWND hWnd;

//---------------------------------------------------------------------------
// WinMain: Application Entry Point
//---------------------------------------------------------------------------

INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
				   LPSTR lpCmdLine, int nCmdShow)
{
	DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG1),
	          hWnd, reinterpret_cast<DLGPROC>(DlgProc));

	return FALSE;
}
//---------------------------------------------------------------------------
// Dialog Procedure
//---------------------------------------------------------------------------
LRESULT CALLBACK DlgProc(HWND hWndDlg, UINT Msg, WPARAM wParam, LPARAM lParam)
{
        
    /* Local Variables */
    char szbuffer[255], szbuffer2[255];
    char szusercombo[80] = {'/0'};
    
    // This is the word 'crackme' encrypted!!
    std::string encrypted("eeheqij");
    int stringLength;
    
    // The word "crackme" encrypted  = e   e   h   e   q   i   j    
    
    //                               1         2         3        
    //                     01234567890123456789012345678901234
    char keyPhrase[]    = "thequickbrownfoxjumpsoverthelazydog";
    char cypherPhrase[] = "packmyboxwithfivedozenliguorjugs";
    
	switch(Msg)
	{
	case WM_INITDIALOG:
		return TRUE;

	case WM_COMMAND:
		switch(wParam)
		{
		case IDOK:
            // Move users answer to szbuffer 
            GetDlgItemText(hWndDlg, IDC_EDIT1, szbuffer, 80);
            
            // Get length of user string entered
            stringLength = strlen(szbuffer);
            
            // Loop through every character
            for(int xx=0; xx<stringLength; xx++){
                        // Isolate single character
                        char currentCharacter = szbuffer[xx];
                        
                        // Locate character in cypherPhrase
                        std::string strCypherPhrase(cypherPhrase);
                        
                        // Get Position of current character in cypherPhrase
                        // Note: The character should always be found
                        //       because every letter is in cypherPhrase
                        size_t found = strCypherPhrase.find(currentCharacter);
                        
                        // Now get keyPhrase[FOUND] and add to final userCombination buffer
                        userCombination[xx] = keyPhrase[found];
                        
                        // Move current encrypted character to buffer2 ( for MessageBox debugging )    
                        //wsprintf(szbuffer2,"%c", keyPhrase[found]);
                        //MessageBox ( NULL, szbuffer2, "Encrypted Character is...", MB_OK | MB_ICONINFORMATION );
                }
                // Debug Encrypted String
                // Should output: e   e   h   e   q   i 
                MessageBox ( NULL, userCombination, "Encrypted String Debug", MB_OK | MB_ICONINFORMATION );
               
               
               // Now check to see if they entered the correct answer
               // if userCombination == 'eeheqij' 
               //     correct
                
			EndDialog(hWndDlg, 0);
			return TRUE;
		}
		break;
	}

	return FALSE;
}
//---------------------------------------------------------------------------
// Application Functions
//---------------------------------------------------------------------------
// NONE YET

Open in new window

0
Comment
Question by:edvinson
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
Zoppo earned 500 total points
ID: 39255357
Hi edvinson,

how is userCombination declared?

ZOPPO
0
 
LVL 1

Author Comment

by:edvinson
ID: 39255372
WOW I got it!

I added:

char userCombination[80] = {'/0'};

Open in new window


and it works! So cool, my first encryption program! And I decompiled it, and it's perfect. Nowhere in the decompiled dump is the correct password.
0
 
LVL 30

Expert Comment

by:Zoppo
ID: 39255377
Fine, that's great ...

Regards,

ZOPPO
0
 
LVL 40

Expert Comment

by:evilrix
ID: 39255402
This isn't meant to be an answer to your question but just a friendly caution...

This isn't really encryption. At best it is obfuscation and is in no way secure. If this code is meant to secure a password I'm afraid it really won't do what you intend. In general it is a bad idea to try and implement your own "encryption" as it is almost certainly not going to be strong enough.

Why is this obfuscation and not encryption? Simple, your code contains both the algorithm and the key. In other words, everything required to decrypt is available to anyone who has your binary. It's like going out the front door, locking it and putting the key under the mat. Anyone who knows where to look will be able to access your house.

Hope this is helpful.
0
 
LVL 1

Author Comment

by:edvinson
ID: 39255429
Thanks EvilRix,

I appreciate your comments. It makes sense. This is a portion of my program I am writing to submit to a contest, where beginners learning Assembly try to reverse your password algorithm.

I am writing the program to mirror my own abilities in Assembly - I want to be able to decypher my own code, you know. It's a win win, as I get to learn C++ and Assembly at the same time.

As my C++ and Assembly skills grow, my algorithms will undoubtedly get tougher to crack!

This is my first submission, I will let you know how it goes.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now