News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

how to hide strings data in my applications?

Started by ossama, January 13, 2008, 05:55:07 PM

Previous topic - Next topic

ossama

hello,
when i write a program that contains this line:

  MyString db "this is a string",0


and diss-assemble it using any software out there,i will find that string "this is a string"
is there a wjay to hide my strings from diss-assemblers.

thank you in advance. :bg

Ehtyar

A simple encryption will hide it from the noobs, but any pro will easily disassemble your decryption routine. A stream cipher would probably be the best; xor or RC4 would be my choice. Keep in mind that the harder your decryption key is to find the more time will be required to find it.

Ehtyar.

raymond

In addition, no more than 10-20% of those encrypted strings should be in the .data section. Preferably intersperse the others throughout your code section (but not in between procedures where they could easily be spotted as possible extraneous data). Just to make things more annoying, also intersperse some junk random data.
When you assume something, you risk being wrong half the time
http://www.ray.masmcode.com

ossama


jj2007

Take a fat executable, disassemble it, and scan it systematically for character sequences that seem to be meaningful code. That should cheat the disassembler... I am just wondering whether what you want to do is compliant with the forum's rules...?

raymond

Quote from: ossama on January 14, 2008, 05:20:06 PM
please, can you poste a simple code ?

MyProc proc

   ... some code
   jmp  @F
   db  0BFh, 9Eh,0BAh,48h,74h   ;HELLO xor'ed with F7,DB,F6,04,3B
@@:
   ... more code
   ret

MyProc endp


You should be able to inovate even more on your own.
When you assume something, you risk being wrong half the time
http://www.ray.masmcode.com

ossama

QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

ossama

raymond , if there is a macro to daclare/use strings like that it will be very good, i am new in writing macro to do pre-processing.
thank you, it is a good idea (xor bytes of the string),but how can i use it in my application (ie, messagebox for example)?

hutch--

Application protection systems are no problem in terms of the forum rules, it is a perfectly valid task to help prevent illegal cracking of the application. We will keep an eye on the alternative though and expect that protection systems will not be used as a vehicle for introducing cracking techniques.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

raymond

Quotebut how can i use it in my application (ie, messagebox for example)?

As the programmer, you know how you encrypted the string you want to hide. When you want to display it, simply decrypt it into a buffer and display it from there.

Raymond
When you assume something, you risk being wrong half the time
http://www.ray.masmcode.com

ossama

i know that using local variables (in procedures) is a method to hide string data ,read this:
http://www.masm32.com/board/index.php?topic=8531.0
i wonder if we can write a macro that declare global variables and does the same work as in the above link?

ossama

i dont know lot of things about macros in masm,
can you write a macro that encrypt/decrypt strings WITHOUT using runtime variables(ie,only the pre-processor local variables):
for example,if you want to declare a string,you have to do this:

.data
    ENCRYPT_MACRO     string1,"hello,how are you!!",ENCRYPTION_METHOD
.code
  .
  .
  .
     invoke MessageBox,NULL,DECRYPT_MACRO(string1,ENCRYPTION_METHOD),NULL,MB_OK
  .
  .
  .

where ENCRYPT_MACRO will declare string1 as the bytes "hello,how are you!!" encrypted with some method lets say XOR bytes with some thing

is it possible to do this?

thank you in advance.

hutch--

ossama,

You need to understand how a stack frame is constructed to do what you are after with string data embedded in the code section. If you note the code sub esp, 96 you will understand how the space is allocated. Where you will have a problem with a normal higher level "PROC" is working out what the byte total is for this allocation.

If you can work out how to do this the rest is easy, start at [ebp-96] and write the text data from that address onwards. As normal you would ensure that te stack allocation is large enough to hold your text data.


  ; ---------------------------------------------------------
  ; this example assumes no arguments passed to the procedure
  ; ---------------------------------------------------------

procname:
    push ebp            ; set up a stack frame
    mov ebp, esp
    sub esp, 96         ; allocate 96 bytes of stack space for locals
  ; -------------------------------------------

  ; write your procedure code here

  ; -------------------------------------------
    leave               ; exit the stack frame
    retn                ; make a NEAR return
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

jj2007

Quote from: ossama on January 15, 2008, 09:45:17 AM
QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?

ossama

Quote from: jj2007 on January 16, 2008, 12:51:04 PM
Quote from: ossama on January 15, 2008, 09:45:17 AM
QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?


i dont want my users see my strings data,because in my application i have some strings that represent registry keys and files where i save informations like passwords,serials,....
this is why i dont want users to see my application strings
so is there a method to do this?