Click here to Skip to main content
13,298,965 members (41,451 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as

Stats

5.7K views
204 downloads
11 bookmarked
Posted 12 Oct 2017

Small String Obfuscator

, 12 Oct 2017
Rate this:
Please Sign up or sign in to vote.
When you need encrypt/obfuscate strings in your program so that they don't just show up with a strings or hex tool when your executable is examined, this tool can be useful.

Introduction

The purpose of obfuscators in general is to hide program code, flow, and functionality. If your program uses an algorithm that is a trade secret, obfuscation will make it harder to reverse engineer it and reveal this trade secret. Some time you need encrypt/obfuscate strings in your program and don't want to bother using expensive and complex obfuscation tools. In such case, the following source code level string obfuscator can be useful.

Background

If you take a typical executable and dive into it using any hex editor or even Notepad, you may find among the binary data many strings that reveal trade secrets, passwords, etc. The purpose of my tool is to hide these.

Using the Tool

I have wrote about string obfuscation in the past, so what makes this article unique is the easy method for obfuscating strings in your source code. There is no need to run any tool or scan your project. Instead, you copy and paste your sensitive string (for example "my secret password") and name the variable you plan to use (by default, that would be wchar_t, to support UNICODE), and you will get initilization source code to use.

Then instead using this

//
// WCHAR pwd[] = L"my secret password"
//

You run this tool...

and enter the string and the variable name and then copy the result:

WCHAR pwd[36];
 pwd[7] = L't' - 15;
 pwd[24] = L'H' + 3;
 pwd[9] = L'=' + -29;
 pwd[11] = 97;
 pwd[1] = 76 + 45;
 pwd[10] = 112;
 pwd[4] = L'o' - 10;.,
 pwd[34] = L'o' - 21;
 pwd[26] = 81;
 pwd[3] = L'w' - 4;
 pwd[21] = 100;
 pwd[13] = 121 - 6;
 pwd[8] = L'z' - 6;
 pwd[0] = L'H' + 37;
 pwd[16] = L'y' - 7;
 pwd[25] = L'C' + 6;
 pwd[29] = 73 + 5;
 pwd[28] = L'C' + 10;
 pwd[17] = L'p' - 12;
 pwd[14] = 122 - 3;
 pwd[33] = 77 + 6;
 pwd[2] = 32;
 pwd[30] = L'M' - 3;
 pwd[19] = 122 - 3;
 pwd[32] = 103;
 pwd[12] = 74 + 41;
 pwd[31] = L'Q' + 33;
 pwd[23] = 112;
 pwd[35] = 78;
 pwd[5] = L'n' - 11;
 pwd[18] = 0;
 pwd[27] = 114 - 13;
 pwd[22] = L'@' + 35;
 pwd[20] = 102 - 5;
 pwd[6] = L'z' - 8;
 pwd[15] = 87 + 24;

You can test each of these options by building an executable and searching for the string "my secret password" (or "m y  s e c r e t  p a s s w o r d" if you use UNICODE). When the obfuscated verison is used, the string won't be found. Now, let's say your software sends emails (using your own SMTP server with your credentials), or connects to a server. You can mask and hide the sensitive data that way. 

The Source Code - The Building Blocks

Random Characters and Digits

First we need to be able to generate random characters and random digits. I have created the following macros:

#define RANDOM_DIGIT (rand() % 10 + 1)
#define RANDOM_WCHAR ((WCHAR)(('z' - 65 + 1) * rand() / (RAND_MAX + 1)) + 65)
#define RANDOM_INT_LARGER_THAN(n) ((int)(('z' - (n)) * rand() / (RAND_MAX + 1)) + (n+1))
#define RANDOM_INT_SMALLER_THAN(n) ((int)(((n) - 64 + 1) * rand() / (RAND_MAX + 1)) + 64)

Shuffle Elements

When we convert the string into an array we first wish to shuffle it so the order will be (almost) random. That makes it harder to analize. One of the methods to decrypt encrypted data is to examine what you expect to be the logical order and when you suffle that order its harder to guess what is the encrypted data.

void shuffle(int array[], const int size)
{
    const int n_size = size;
    int temp[1028];
    std::vector<int> indices;

    for (int i(0); i < size; ++i)
        temp[i] = array[i];

    int index = rand() % size;
    indices.push_back(index);

    for (int i = 0; i < size; ++i)
    {
        if (i == 0)
            array[i] = temp[index];
        else
        {
            while (find(indices, index))
                index = rand() % size;

            indices.push_back(index);
            array[i] = temp[index];
        }
    }

}

Adding Junk

Another method of concealing the content is adding random junk data in between the real data. Since the result is a NULL terminated array, that's easy. You place the NULL at the end of the string and the junk after the NULL but since we later convert each value into a formula (instead of "72" we may put "100 - 28") this method is good enough for our purpose. 

TextWithJunk += (CString)L" ";
for (i = Length + 1; i < Length * 2; i++)
{
    WCHAR result = RANDOM_WCHAR;
    TextWithJunk += (CString)(result);
}

Replacing values with formulas

Then we randomally replace values with different types of formulas such as x=z-y or z=y+z, etc.

So when the formula is x=z-y we need z to be random but larger than y. That's why we use RANDOM_INT_LARGER().

 

switch (choice)
{
    case 10:
    case 1:
        // x = z - y
        // Calculate Z
        z = RANDOM_INT_LARGER_THAN(x);
        // Calculate the difference
        d = z-x;
        Formula.Format(L"%d - %d",z,d);
        break;
    case 2:
    case 3:
        // x = z + y
        // Calculate Z
        z = RANDOM_INT_SMALLER_THAN(x);
        // Calculate the difference
        d = x - z;
        Formula.Format(L"%d + %d", z, d);
        break;
    case 4:
    case 5:
        // x = 'z' - y
        // Calculate Z
        z = RANDOM_INT_LARGER_THAN(x);
        // Calculate the difference
        d = z - x;
        Formula.Format(L"L'%c' - %d", z, d);
        break;
    case 6:
    case 7:
        // x = 'z' + y
        // Calculate Z
        z = RANDOM_INT_SMALLER_THAN(x);
        // Calculate the difference
        d = x - z;
        Formula.Format(L"L'%c' + %d", z, d);
        break;
    case 8:
    case 9:
        // x = 'z'
        Formula.Format(L"%d",x);
        break;
}

Points of Interest

The project was created using Visual Studio 2013 Ultimate, using MFC.

 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Michael Haephrati
CEO Secured Globe, Inc.
United States United States
Michael Haephrati, is an entrepreneur, inventor and a musician. Haephrati worked on many ventures starting from HarmonySoft, designing Rashumon, the first Graphical Multi-lingual word processor for Amiga computer. During 1995-1996 he worked as a Contractor with Apple at Cupertino. Worked at a research institute made the fist steps developing the credit scoring field in Israel. He founded Target Scoring and developed a credit scoring system named ThiS, based on geographical statistical data, participating VISA CAL, Isracard, Bank Leumi and Bank Discount (Target Scoring, being the VP Business Development of a large Israeli institute).

During 2000, he founded Target Eye, and developed the first remote PC surveillance and monitoring system, named Target Eye.


Other ventures included: Data Cleansing (as part of the DataTune system which was implemented in many organizations.



You may also be interested in...

Comments and Discussions

 
QuestionConstant expressions Pin
Archie Moroz20-Nov-17 22:14
memberArchie Moroz20-Nov-17 22:14 
AnswerRe: Constant expressions Pin
Michael Haephrati24-Nov-17 21:53
professionalMichael Haephrati24-Nov-17 21:53 
GeneralRe: Constant expressions Pin
Archie Moroz26-Nov-17 21:13
memberArchie Moroz26-Nov-17 21:13 
GeneralRe: Constant expressions Pin
Michael Haephrati26-Nov-17 23:08
professionalMichael Haephrati26-Nov-17 23:08 
GeneralRe: Constant expressions Pin
Archie Moroz27-Nov-17 0:21
memberArchie Moroz27-Nov-17 0:21 
AnswerRe: Constant expressions Pin
Michael Haephrati27-Nov-17 4:07
professionalMichael Haephrati27-Nov-17 4:07 
GeneralRe: Constant expressions Pin
Archie Moroz28-Nov-17 3:52
memberArchie Moroz28-Nov-17 3:52 
AnswerRe: Constant expressions Pin
Michael Haephrati28-Nov-17 10:57
professionalMichael Haephrati28-Nov-17 10:57 
QuestionOptimizing Compilers Pin
Paramecium1315-Oct-17 9:53
professionalParamecium1315-Oct-17 9:53 
AnswerRe: Optimizing Compilers Pin
Michael Haephrati16-Oct-17 5:35
professionalMichael Haephrati16-Oct-17 5:35 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.171207.1 | Last Updated 12 Oct 2017
Article Copyright 2017 by Michael Haephrati
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid