how to hide strings data in my applications?

[ossama]

hello,
when i write a program that contains this line:

Code Select Expand


  MyString db "this is a string",0


and diss-assemble it using any software out there,i will find that string "this is a string"
is there a wjay to hide my strings from diss-assemblers.

thank you in advance. :bg

[Ehtyar]

A simple encryption will hide it from the noobs, but any pro will easily disassemble your decryption routine. A stream cipher would probably be the best; xor or RC4 would be my choice. Keep in mind that the harder your decryption key is to find the more time will be required to find it.

Ehtyar.

[raymond]

In addition, no more than 10-20% of those encrypted strings should be in the .data section. Preferably intersperse the others throughout your code section (but not in between procedures where they could easily be spotted as possible extraneous data). Just to make things more annoying, also intersperse some junk random data.

[ossama]

please, can you poste a simple code ?

[jj2007]

Take a fat executable, disassemble it, and scan it systematically for character sequences that seem to be meaningful code. That should cheat the disassembler... I am just wondering whether what you want to do is compliant with the forum's rules...?

[raymond]

please, can you poste a simple code ?

Code Select Expand

MyProc proc

   ... some code
   jmp  @F
   db  0BFh, 9Eh,0BAh,48h,74h   ;HELLO xor'ed with F7,DB,F6,04,3B
@@:
   ... more code
   ret

MyProc endp

You should be able to inovate even more on your own.

[ossama]

I am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

[ossama]

raymond , if there is a macro to daclare/use strings like that it will be very good, i am new in writing macro to do pre-processing.
thank you, it is a good idea (xor bytes of the string),but how can i use it in my application (ie, messagebox for example)?

[hutch--]

Application protection systems are no problem in terms of the forum rules, it is a perfectly valid task to help prevent illegal cracking of the application. We will keep an eye on the alternative though and expect that protection systems will not be used as a vehicle for introducing cracking techniques.

[raymond]

but how can i use it in my application (ie, messagebox for example)?

As the programmer, you know how you encrypted the string you want to hide. When you want to display it, simply decrypt it into a buffer and display it from there.

Raymond

[ossama]

i know that using local variables (in procedures) is a method to hide string data ,read this:
http://www.masm32.com/board/index.php?topic=8531.0
i wonder if we can write a macro that declare global variables and does the same work as in the above link?

[ossama]

i dont know lot of things about macros in masm,
can you write a macro that encrypt/decrypt strings WITHOUT using runtime variables(ie,only the pre-processor local variables):
for example,if you want to declare a string,you have to do this:

Code Select Expand


.data
    ENCRYPT_MACRO     string1,"hello,how are you!!",ENCRYPTION_METHOD
.code
  .
  .
  .
     invoke MessageBox,NULL,DECRYPT_MACRO(string1,ENCRYPTION_METHOD),NULL,MB_OK
  .
  .
  .

where ENCRYPT_MACRO will declare string1 as the bytes "hello,how are you!!" encrypted with some method lets say XOR bytes with some thing

is it possible to do this?

thank you in advance.

[hutch--]

ossama,

You need to understand how a stack frame is constructed to do what you are after with string data embedded in the code section. If you note the code sub esp, 96 you will understand how the space is allocated. Where you will have a problem with a normal higher level "PROC" is working out what the byte total is for this allocation.

If you can work out how to do this the rest is easy, start at [ebp-96] and write the text data from that address onwards. As normal you would ensure that te stack allocation is large enough to hold your text data.

Code Select Expand


  ; ---------------------------------------------------------
  ; this example assumes no arguments passed to the procedure
  ; ---------------------------------------------------------

procname:
    push ebp            ; set up a stack frame
    mov ebp, esp
    sub esp, 96         ; allocate 96 bytes of stack space for locals
  ; -------------------------------------------

  ; write your procedure code here

  ; -------------------------------------------
    leave               ; exit the stack frame
    retn                ; make a NEAR return


[jj2007]

I am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?

[ossama]

I am just wondering whether what you want to do is compliant with the forum's rules...?

i dont think that protecting my application is against forum rules  :naughty:

If it's to prevent users from changing your strings, create a checksum. I have difficulties to imagine an application that needs to block users reading your internal strings; can you elaborate?

i dont want my users see my strings data,because in my application i have some strings that represent registry keys and files where i save informations like passwords,serials,....
this is why i dont want users to see my application strings
so is there a method to do this?