The MASM Forum Archive 2004 to 2012

hello,
when i write a program that contains this line:

  MyString db "this is a string",0


and diss-assemble it using any software out there,i will find that string "this is a string"
is there a wjay to hide my strings from diss-assemblers.

thank you in advance. :bg

A simple encryption will hide it from the noobs, but any pro will easily disassemble your decryption routine. A stream cipher would probably be the best; xor or RC4 would be my choice. Keep in mind that the harder your decryption key is to find the more time will be required to find it.

Ehtyar.

In addition, no more than 10-20% of those encrypted strings should be in the .data section. Preferably intersperse the others throughout your code section (but not in between procedures where they could easily be spotted as possible extraneous data). Just to make things more annoying, also intersperse some junk random data.

please, can you poste a simple code ?

Take a fat executable, disassemble it, and scan it systematically for character sequences that seem to be meaningful code. That should cheat the disassembler... I am just wondering whether what you want to do is compliant with the forum's rules...?

Quote from: ossama on January 14, 2008, 05:20:06 PM
please, can you poste a simple code ?

MyProc proc

   ... some code
   jmp  @F
   db  0BFh, 9Eh,0BAh,48h,74h   ;HELLO xor'ed with F7,DB,F6,04,3B
@@:
   ... more code
   ret

MyProc endp

You should be able to inovate even more on your own.

QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

raymond , if there is a macro to daclare/use strings like that it will be very good, i am new in writing macro to do pre-processing.
thank you, it is a good idea (xor bytes of the string),but how can i use it in my application (ie, messagebox for example)?

Application protection systems are no problem in terms of the forum rules, it is a perfectly valid task to help prevent illegal cracking of the application. We will keep an eye on the alternative though and expect that protection systems will not be used as a vehicle for introducing cracking techniques.

Quotebut how can i use it in my application (ie, messagebox for example)?

As the programmer, you know how you encrypted the string you want to hide. When you want to display it, simply decrypt it into a buffer and display it from there.

Raymond

i know that using local variables (in procedures) is a method to hide string data ,read this:
http://www.masm32.com/board/index.php?topic=8531.0
i wonder if we can write a macro that declare global variables and does the same work as in the above link?

i dont know lot of things about macros in masm,
can you write a macro that encrypt/decrypt strings WITHOUT using runtime variables(ie,only the pre-processor local variables):
for example,if you want to declare a string,you have to do this:

.data
    ENCRYPT_MACRO     string1,"hello,how are you!!",ENCRYPTION_METHOD
.code
  .
  .
  .
     invoke MessageBox,NULL,DECRYPT_MACRO(string1,ENCRYPTION_METHOD),NULL,MB_OK
  .
  .
  .

where ENCRYPT_MACRO will declare string1 as the bytes "hello,how are you!!" encrypted with some method lets say XOR bytes with some thing

is it possible to do this?

thank you in advance.

ossama,

You need to understand how a stack frame is constructed to do what you are after with string data embedded in the code section. If you note the code sub esp, 96 you will understand how the space is allocated. Where you will have a problem with a normal higher level "PROC" is working out what the byte total is for this allocation.

If you can work out how to do this the rest is easy, start at [ebp-96] and write the text data from that address onwards. As normal you would ensure that te stack allocation is large enough to hold your text data.


  ; ---------------------------------------------------------
  ; this example assumes no arguments passed to the procedure
  ; ---------------------------------------------------------

procname:
    push ebp            ; set up a stack frame
    mov ebp, esp
    sub esp, 96         ; allocate 96 bytes of stack space for locals
  ; -------------------------------------------

  ; write your procedure code here

  ; -------------------------------------------
    leave               ; exit the stack frame
    retn                ; make a NEAR return


Quote from: ossama on January 15, 2008, 09:45:17 AM

QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?

Quote from: jj2007 on January 16, 2008, 12:51:04 PM

Quote from: ossama on January 15, 2008, 09:45:17 AM

QuoteI am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?

i dont want my users see my strings data,because in my application i have some strings that represent registry keys and files where i save informations like passwords,serials,....
this is why i dont want users to see my application strings
so is there a method to do this?

Hello,
Without searching to crypt them (windows has a set of function to do it) a simple decalage (shl 1) can mask the letters.You can also add a rol to this.Write your path and key in unicode (two bytes instead of one) and there is plenty of simple methods you can used.

How much data are you trying to hide?  This will determine an appropiate response to what you are asking.

Like if it's a bunch of strings, encryption in the resource section is one option.

Regards,  P1   :8)

Quote from: P1 on January 16, 2008, 03:47:00 PM
Like if it's a bunch of strings, encryption in the resource section is one option.

how can i encrypt the resource section? i am sorry , i am newbie  :bg

Quote from: ossama on January 16, 2008, 04:16:06 PM
how can i encrypt the resource section? i am sorry , i am newbie  :bg

if you encrypt resources (not whole section!), you must handle them using your own code, no more system LoadString API - do it via LoadResource / LockResource manually

anyway I really do not recommend to touch resource section while you're newbie.

If you want to protect your file - use commercial protectors available on market.
You may use UPX to pack your file and check at runtime file size and CRC to be sure that file is packed.
But if one need to unpack your app, he will do it even if you spend many time to create protection.
The best method against static analysis - it's decryption on request using dynamic key. Decryption routine must located in allocated memory (not as code in code section).
generic method:
crypt you code that will decrypt later your string data
at runtime allocate memory via VirtualAlloc (don't forget that allocated memory must be executable), decrypt encrypted decryptor (ooooof!) there and call it to decrypt strings data.

encrypting resource section seems ok to me.
i have my strings in a STRING TABLE in the resource,can i encrypt only STRING-TABLE in the resource section (i mean the other types like menu,dialog,icon,...are not encrypted)?

Quote from: Jupiter on January 16, 2008, 11:10:25 PManyway I really do not recommend to touch resource section while you're newbie.

I'll be blunt, there is nothing 'newbie' about the techniques he wants to used.

He is joining the Programming Polar Bear club, no matter how cold the water ( programming ) gets, he wants the experience.

Regards,  P1   :8)

hi P1,
can you show me how to encrypt resource section and if it is possibe to encrypt only STRING-TABLE in the resource?
thank you

Oh well...


.686
.model flat,stdcall

option casemap:none
include \masm32\include\windows.inc

include \masm32\include\kernel32.inc
include \masm32\include\user32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib

xorstr macro str:req,key:req

local i,l,p,c

i = 2
l sizestr <str>
c equ <>

repeat l - 2

p substr <str>,i,1
p catstr <'>,p,<'>
c catstr c,<,>,%(p xor key)

i = i + 1

endm

l sizestr c
c substr c,2,l-1

exitm c

endm

xormem macro var:req,len:req,key:req

local i

i = 0

repeat (len) / 4

xor dword ptr var[i],(key shl 24) or (key shl 16) or (key shl 8) or key
i = i + 4

endm

while i lt len

xor byte ptr var[i],key
i = i + 1

endm

endm

.data

text db xorstr("xorstr,xormem macros",45),0

.code

start:

xormem text,20,45
invoke MessageBox,0,addr text,addr text,0

invoke ExitProcess,0
ret

end start


Quote from: ossama on January 17, 2008, 06:03:04 AM
encrypting resource section seems ok to me.
i have my strings in a STRING TABLE in the resource,can i encrypt only STRING-TABLE in the resource section (i mean the other types like menu,dialog,icon,...are not encrypted)?

You pre-encrypt the string as inserted into the resource section at build time.  Then decrypt them as you use them.

Regards,  P1   :8)

xmetal , good idea, i will use it (with some modifications)

hi ossama

i have this hidden string algo from CyberDoom
i hope it´s help you

greets
ragdog

[attachment deleted by admin]