Announcement

Collapse

Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less

Easy hide strings from casual viewing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Easy hide strings from casual viewing

    Sometimes we need to hide certain sensitive strings in our programs to slow crackers down a bit as well as prevent casual viewing (in a hex editor for example). We could use advanced encryption algorithms for this purpose, and thanks to the work of several people - most notably Greg Turgeon - there are many powerful algorithms ready for us to "plug'n'play", including all three AES final candidates.

    However, seeing as encrypted strings can be intercepted at the time of decryption regardless of the algorithm used that is often overkill. Or perhaps we're just creating a simple program and we just want to scramble a couple of strings ... again, using a strong encryption algorithm would be overkill.

    Sometimes a simple scramble is all that's needed.

    One thing with scrambling or encrypting strings is that you need to write a separate program to encrypt the strings, regardless of whether you use an advanced encryption algorithm or a simple REPLACE$() statement.

    There is a very simple alternative that I often use in these situations which doesn't require any scrambling/encrypting, or a second program ... building the strings one character at a time, at run-time. The plaintext strings can be intercepted at the point where they've been put together, but actually from a cracking perspective that is no different to intercepting strings at the point where they've been decrypted, regardless of what encryption algorithm was used.

    First lets consider a simple program with a string that we want to protect ...
    Code:
    #COMPILE EXE
    FUNCTION PBMAIN () AS LONG
    MSGBOX "The key is: ADMIN"
    END FUNCTION
    Here's how the string looks inside the compiled executable when seen through the eyes of a hex editor:


    Lets say we just want to hide "ADMIN" part of the string - we'll leave the rest alone for comparison. I'll simply break that part of the string up into individual characters: "A"&"D"&"M"&"I"&"N", which - in the eyes of the compiler - is 5 separate strings. However that on its own still isn't quite enough to obfuscate the text:


    Now before we go on there are just two points that should be made in regards to how the compiler stores strings...
    1 - Only one instance of each string is stored. The string "a"&"a"&"a" - which actually consists of three strings - is stored simply as one "a", with the code referencing that one string three times consecutively.
    2 - The compiler scans through source files and stores strings in a top-to-bottom manner.

    So now, keeping those two points in mind, lets see what happens when we add a dummy alphabet to the TOP of our source file (that is, before any other strings) ... here is the code:
    Code:
    #COMPILE EXE
     
    SUB Alphabet
    LOCAL alpha AS STRING
    alpha="A"&"B"&"C"&"D"&"E"&"F"&"G"&"H"&"I"&"J"&"K"&"L"&"M"&"N"&"O"&"P"&"Q"&"R"&"S"&"T"&"U"&"V"&"W"&"X"&"Y"&"Z"
    END SUB
     
    FUNCTION PBMAIN () AS LONG
    MSGBOX "The key is: " & "A"&"D"&"M"&"I"&"N"
    END FUNCTION
    And voila, our "ADMIN" string is now gone ...


    If you're worried about overhead, don't be ... the PB compilers are quite optimised remember? Each single character only adds 15 bytes to your code.

    So for example, MSGBOX "The key is ADMIN" compiles to this:
    Code:
    BA 04264000   mov edx, 00402604    // "The key is: ADMIN"
    E8 2C080000   call 00401AD3
    31C0          xor eax, eax
    E8 39080000   call 00401AE7
    E8 22050000   call 004017D5
    Whereas MSGBOX "The key is " & "A"&"D"&"M"&"I"&"N" compiles to this:
    Code:
    BA 04264000   mov edx, 00402604    // "The key is: "
    E8 6C080000   call 00401B13        // Load string
    BA 34254000   mov edx, 00402534    // "A"
    E8 62080000   call 00401B13        // Load string
    E8 24070000   call 004019DA        // Append string
    BA 4C254000   mov edx, 0040254C    // "D"
    E8 53080000   call 00401B13
    E8 15070000   call 004019DA
    BA 94254000   mov edx, 00402594    // "M"
    E8 44080000   call 00401B13
    E8 06070000   call 004019DA
    BA 74254000   mov edx, 00402574    // "I"
    E8 35080000   call 00401B13
    E8 F7060000   call 004019DA
    BA 9C254000   mov edx, 0040259C    // "N"
    E8 26080000   call 00401B13
    E8 E8060000   call 004019DA
    31C0          xor eax, eax
    E8 2E080000   call 00401B27
    E8 17050000   call 00401815
    Attached Files
    Last edited by Wayne Diamond; 8 Jul 2008, 01:50 AM.
    -

  • #2
    Cool idea Wayne, that beats my old method. In PBDOS I used to hide with CHR$(...) which seems to hide things somewhat by converting to numbers, etc. Then I used various XOR "encryption" methods since they can be reversed easily.

    This adds little overhead too. I've often seen other apps when looking at them with a HEX editor contain the complete alphabet, number sequences, days of the week, month names, etc. The compilers may do this to only store whatever the user puts in once, and could even be doing what you mentioned to speed up normal processes.
    sigpic
    Mobile Solutions
    Sys Analyst and Development

    Comment


    • #3
      Here is a ready-made sub with chrs from 32 to 126:
      Code:
      SUB str()
         LOCAL a AS STRING
         a = " "&"!"&"#"&"$"&"%"&"&"&"'"&"("&")"&"*"&"+"&","&"-"&"."&"/"&"0"& _
             "1"&"2"&"3"&"4"&"5"&"6"&"7"&"8"&"9"&":"&";"&"<"&"="&">"&"?"&"@"& _
             "A"&"B"&"C"&"D"&"E"&"F"&"G"&"H"&"I"&"J"&"K"&"L"&"M"&"N"&"O"&"P"& _
             "Q"&"R"&"S"&"T"&"U"&"V"&"W"&"X"&"Y"&"Z"&"["&"\"&"]"&"^"&"_"&"`"& _
             "a"&"b"&"c"&"d"&"e"&"f"&"g"&"h"&"i"&"j"&"k"&"l"&"m"&"n"&"o"&"p"& _
             $DQ&"q"&"r"&"s"&"t"&"u"&"v"&"w"&"x"&"y"&"z"&"}"&"|"&"{"&"~"
      END SUB
      'this would allow for most other commonly used chrs, eg.
          x = "the password is: " & ","&"3"&"("&")"&"d"&"s"&"n"&$DQ
      added: another thought: since it is somewhat difficult to type your strings you want to hide in the format above, copy the actual strings above and put in your own letters.
      I'll test the theory now:
      Code:
             "y"&"e"&"p"&" "&"t"&"h"&"i"&"s"&" "&"i"&"s"&" "&"n"&"o"&"t"&" "& _
             "t"&"o"&"o"&" "&"h"&"a"&"r"&"d"&" "&"t"&"o"&" "&"d"&"o"
      and it'd be even easier if the INSERT key worked like it does in the PB editor.
      Last edited by John Gleason; 8 Jul 2008, 08:34 PM. Reason: added an idea

      Comment


      • #4
        Very simple string encoding/decoding functions.

        Encoded string properties are:
        1. Lenght multiplied by 2
        2. Char code range between 32 and 126. (like MIME/UUE)


        PHP Code:
        ' Decode string
        '
        FUNCTION DE_SS (BYVAL e AS STRING) AS STRING
            LOCAL u
        AS BYTE PTRi,l,j,AS LONG
            l 
        LEN(e)
            
        l/2
            DIM rez
        (0 TO j) AS BYTE
            u 
        VARPTR(rez(0))
            
        STRPTR(e)
            
        0
            
        FOR 0 TO j-1
                rez
        (i) = @p[k]
                ! 
        inc k
                
        inc k
            NEXT i
            
        FUNCTION = PEEK$( u)
        END FUNCTION

        ' Encode string
        '
        FUNCTION EN_SS (BYVAL e AS STRING ) AS STRING
            LOCAL i
        ,j,l,AS LONGu,AS BYTE PTRAS BYTE

            RANDOMIZE TIMER
            l 
        LEN(e)
            
        2
            DIM rez
        (0 TO j) AS BYTE
            u 
        VARPTR(rez(0))
            
        STRPTR(e)
            
        0
            
        FOR 0 TO L 1
                n      
        RND(33126)
                
        rez(k) = @p[i]
                ! 
        inc k
                rez
        (k) = n
                
        inc k
            NEXT i
            
        FUNCTION = PEEK$( u)
        END FUNCTION 
        Code:
        Input String: The key is: ADMIN
        Result:       S3ggd|>j)doxN[[email protected]$CgLHH%MG

        Comment


        • #5
          Aslan, nice, but that requires a second program to do the encrypting, which is what I was trying to avoid

          And if using a second program to do the encryption I'd go with a stronger algorithm, although I guess it doesn't matter so much seeing as any string can be intercepted at the point it has been decrypted, regardless of the encryption algorithm used, which is why I build the strings at runtime - it's really no less secure than encrypted strings because of that fact that they can both be intercepted at the point where they've been decrypted/rebuilt.
          Last edited by Wayne Diamond; 8 Jul 2008, 08:38 AM.
          -

          Comment


          • #6
            Agree.
            I'm also researching for methods to avoiding second subs.
            How about this piece of code? String bytes pushed onto stack...

            Code:
            FUNCTION PBMAIN () AS LONG
            
                LOCAL a AS STRING, d AS BYTE PTR
            
                a = SPACE$(7)
                d = STRPTR(a)
            
                ! push 65
                ! push 66
                ! push 67
                ! push 68
                ! push 69
                ! push 70
                ! push 71
            
                ! mov cx, 7
                ! mov ebx, d
            
                l:
                ! pop eax
                ! mov byte ptr [ebx], al
                ! inc bl
                ! loop l
            
                ? a
            
            END FUNCTION

            Comment


            • #7
              Aslan, unfortunately the characters appear in order. Here is a copy from the compiled executable: jAjBjCjDjEjFjGjHf

              Comment


              • #8
                The example above is just a "starter code".
                Here are some ways to hide characters using this code:

                1. You can replace 1 byte values with 2 bytes -- see code below.
                2. Incremetally XOR each character and use them in PUSH, then read insode loop with XOR.
                3. Put senseless commands between PUSH. i.e. mov eax,eax etc.
                4. Create 32 and 64 bit long values and read them respectively.

                Code:
                    ! push &H410A
                    ! push &H4200
                    ! push &H4301
                    ! push &H44EB
                    ! push &H45BB
                    ! push &H46CC
                    ! push &H47EE
                
                    ! mov ecx, 7
                    ! mov ebx, d
                
                    l:
                    ! pop eax
                    ! shr eax, 8
                    ! mov byte ptr [ebx], al
                    ! inc bl
                    ! loop l

                Comment


                • #9
                  Interestingly Aslan, the compiler seems to be doing your above suggestions automatically in Wayne's
                  technique. Additionally, it likely uses a positional reference rather then the exact value, as !PUSH does.
                  The positional referencing means we can quickly add one extra pinch of obfuscation: shuffling
                  the SUB reference string (kind of a lookup table). Here are five below to pick from.
                  Code:
                  SUB obStr()
                     LOCAL a AS STRING
                     a = "m"&"/"&"~"&"P"&"*"&"X"&"-"&"{"&"l"&"g"&"%"&"i"&"N"&"R"&"C"&"5"&"j"& _
                         "V"&"S"&"@"&"M"&"o"&"+"&"#"&"_"&"'"&"Z"&"="&"H"&"$"&"["&"6"&"}"& _
                         "]"&"I"&"2"&"?"&"1"&"d"&")"&"O"&"D"&"B"&"p"&"T"&"b"&"v"&"x"&"4"& _
                         ">"&"L"&"J"&"K"&"G"&"<"&"A"&"f"&"Y"&"h"&" "&"n"&"s"&"e"&"r"&"Q"& _
                         "t"&"7"&"a"&"3"&"y"&"."&"w"&"8"&"W"&"!"&","&"U"&"&"&"c"&"F"&"|"& _
                         "`"&"9"&"u"&"z"&":"&"^"&"0"&"("&"E"&"k"&"q"&"\"&$DQ&";"
                  END SUB
                  
                  SUB obStr2()
                     LOCAL a AS STRING
                     a = "."&"i"&"T"&"#"&"W"&","&"}"&";"&"N"&"I"&"d"&"'"&"5"&"%"&"Z"&"F"&"{"& _
                         "n"&"~"&"8"&"f"&"`"&"U"&"v"&"("&"y"&"2"&"C"&"M"&"|"&"Q"&"S"&"h"& _
                         "!"&"$"&"?"&"H"&"["&"k"&"*"&"X"&"t"&"o"&"="&"R"&"j"&">"&"q"&"]"& _
                         "b"&$DQ&"z"&"P"&"0"&"V"&"1"&"/"&"a"&"x"&"7"&"\"&"l"&"m"&"g"&"G"& _
                         "J"&"9"&"&"&"D"&"L"&"A"&"K"&"_"&"+"&"w"&"^"&"p"&"3"&"r"&"e"&")"& _
                         "Y"&" "&"@"&"4"&"6"&"O"&"s"&"E"&":"&"-"&"u"&"c"&"<"&"B"
                  END SUB
                  
                  SUB obStr3()
                     LOCAL a AS STRING
                     a = ">"&"m"&"o"&"d"&"c"&"|"&"A"&"/"&"b"&"Y"&"I"&"6"&"."&"E"&"T"&"<"&"Z"& _
                         "U"&"V"&"("&"!"&"S"&"i"&"9"&"$"&"C"&"g"&"~"&"%"&"L"&"["&":"&"n"& _
                         "#"&"R"&"&"&"j"&","&"M"&"1"&"{"&" "&"l"&"="&"a"&"r"&"'"&"}"&"N"& _
                         "O"&"D"&"H"&"]"&"5"&"F"&"4"&"_"&"K"&"Q"&"@"&"\"&"W"&"x"&"8"&"y"& _
                         "t"&"u"&"e"&$DQ&"^"&";"&"*"&"B"&"2"&"G"&"0"&"v"&"3"&"-"&"?"&"7"& _
                         "p"&"f"&"`"&"+"&"J"&"z"&")"&"s"&"P"&"k"&"X"&"w"&"h"&"q"
                  END SUB
                  
                  SUB obStr4()
                     LOCAL a AS STRING
                     a = "9"&"i"&"!"&"{"&"n"&"j"&"W"&"\"&"q"&"("&"5"&"k"&"%"&"6"&"0"&"["&"'"& _
                         "x"&"g"&"m"&"t"&","&"b"&"Z"&"d"&"R"&"3"&"h"&"_"&"w"&"/"&"1"&"y"& _
                         "2"&"#"&"A"&"P"&"B"&"8"&"H"&"l"&"v"&"4"&"K"&"^"&"`"&"J"&"c"&"-"& _
                         "T"&"]"&" "&"~"&"C"&"7"&"S"&"Q"&"N"&"G"&"@"&";"&"V"&"E"&"+"&"a"& _
                         "?"&"r"&"o"&"<"&"Y"&$DQ&"e"&"I"&"F"&")"&":"&">"&"."&"="&"z"&"O"& _
                         "X"&"&"&"|"&"L"&"p"&"}"&"s"&"U"&"u"&"f"&"*"&"M"&"$"&"D"
                  END SUB
                  
                  SUB obStr5()
                     LOCAL a AS STRING
                     a = "/"&"?"&"*"&"G"&"F"&"X"&"v"&"R"&"f"&"A"&"1"&")"&"n"&"!"&"|"&"("&"O"& _
                         "T"&"7"&"}"&"u"&"4"&"_"&"i"&"I"&"Y"&"$"&"Z"&"^"&"j"&"U"&"8"&"l"& _
                         "t"&"x"&"s"&"<"&"Q"&";"&"S"&"d"&"M"&"K"&","&" "&"g"&"E"&"P"&"L"& _
                         "H"&"5"&"p"&"k"&"#"&"{"&"`"&"%"&"a"&"w"&"c"&"="&"0"&"b"&"e"&"y"& _
                         "@"&"z"&"r"&"2"&"q"&"."&"~"&"C"&"B"&"h"&":"&"V"&"N"&"3"&"["&"W"& _
                         "-"&"m"&"&"&$DQ&"6"&"J"&"9"&"'"&"\"&"+"&"]"&"o"&"D"&">"
                  END SUB

                  Comment


                  • #10
                    Another aspect with how the strings are stored in the exe and referenced by the code is that there is a 2 byte header before the string which specifies the length of the string.

                    When the code references a string it doesn't reference the first byte of that string, it references the first byte of that 2 byte header. The indirect result of that is that disassemblers that search for strings by reference fail to recognise it as a string.

                    For example, the following program ...
                    FUNCTION PBMAIN() AS LONG
                    STDOUT "String1"&"String2"
                    END FUNCTION


                    Here you can see how the code references the strings:

                    The first line points at 00402464 (the first byte of the 2 byte header in front of "String1"), and if you consider the data at that address as a DWORD you get 07 00 53 74, or just 07 00 if you look at it as an ASCIIZ string.

                    So you won't see any Powerbasic strings as a string reference in Ollydbg, Win32dasm, and probably most other disassemblers. Even IDA 5 doesn't quite manage the job.... it sees the first as "ing1\a", but it does find "String2" ok. However, there are no references in the code to that string - the only references are to the 2-byte length header in front of it, which it doesn't know is a length field. (It could afterall just be any WORD variable)
                    Attached Files
                    Last edited by Wayne Diamond; 10 Jul 2008, 01:27 AM.
                    -

                    Comment


                    • #11
                      while browsing I noticed today is now 6 years 3 days since i started this thread! lol

                      so i just wanted to bump this to let newer PB coders aware of this simple but handy trick in regards to how you can use the PB compiler to hide sensitive strings from appearing in your executable binary file / disassemblies, while also keeping things very simple at the source-code level </shameless bump>
                      Last edited by Wayne Diamond; 8 Jul 2014, 07:00 AM.
                      -

                      Comment


                      • #12
                        Even ...

                        Some of us 'not so new' PB coders forget things occasionally! I spent about an hour a few weeks ago coming up with a way to do this very thing!

                        BTW, nice to see you back again Wayne. It's starting to feel like old-timers day around here
                        Software makes Hardware Happen

                        Comment


                        • #13
                          Why does this seem to work?
                          Code:
                          #DIM ALL
                          #INCLUDE "win32api.inc"
                          $OutPutFile = "TEST.TXT"
                          '
                          FUNCTION PBMAIN () AS LONG 'FindString.bas
                            LOCAL s AS STRING
                            KILL $OutputFile
                            s = CHR$("W","a","y","n","e") 'Search for Wayne on disk
                            FindString s
                            FindString CHR$("M","i","k","e")
                            ShellExecute (0, "OPEN", $OutPutFile, BYVAL 0, CURDIR$, %SW_SHOWNORMAL)
                          END FUNCTION
                          '
                          FUNCTION FindString(SearchFor AS STRING) AS STRING
                          '
                            LOCAL x,hFile,TimesFound AS LONG
                            LOCAL sFileInMemory AS STRING
                            LOCAL ShortString AS STRING
                          '
                            hFile = FREEFILE
                            OPEN EXE.FULL$ FOR BINARY AS #hFile
                            GET$ #hFile, LOF(#hFile),sFileInMemory
                            CLOSE #hFile
                          '
                            hFile = FREEFILE
                            OPEN $OutPutFile FOR APPEND AS hFile
                            FOR x = 1 TO LEN(SearchFor)
                              ShortString = LEFT$(SearchFor,x)
                              TimesFound = TALLY(sFileInMemory,ShortString)
                              PRINT #hFile, ShortString; " found" + STR$(TimesFound)
                              IF TimesFound = 0 THEN EXIT FOR 'longer string won't find
                            NEXT
                            PRINT #hFile, STRING$(30,"-")
                            CLOSE #hFile
                          END FUNCTION
                          Last edited by Mike Doty; 10 Jul 2014, 12:22 PM. Reason: Formatted for easier viewing
                          How long is an idea?

                          Comment


                          • #14
                            Mike, actually your code does not work - it fails because of reasons already mentioned in this thread.

                            Namely, you failed to provide any character randomisation before searching for your chars, so whatever you search for is naturally going to be seen in "plaintext" in any hex editor, with all characters that you entered in your source code appearing IN THE SAME ORDER in the binary.
                            Last edited by Wayne Diamond; 11 Jul 2014, 02:59 AM.
                            -

                            Comment


                            • #15
                              Without encrypting or randomizing I can't find "Wayne" or "Mike" in the executable.
                              Can't even find a close match.

                              W found 101
                              Wa found 0
                              ------------------------------
                              M found 20
                              Mi found 0
                              ------------------------------
                              Last edited by Mike Doty; 10 Jul 2014, 01:00 PM.
                              How long is an idea?

                              Comment


                              • #16
                                I agree with Wayne.
                                Mike here are all of the strings from you example.

                                ....................................................P...€...`.......TEST.TXT...Ç[email protected]Ç....e.......M.......i.......k..ô....OPEN...ÿ.... found..................

                                Took 1 minute to find them.
                                Not secure. It does not take much deduction to determine that Wayne and Mike are being used for some purpose.
                                Last edited by Berkley Tate; 10 Jul 2014, 05:55 PM. Reason: spell correction
                                Work is what you are doing when you would rather be doing something else.

                                Comment


                                • #17
                                  Thank you, Wayne and Berkley!
                                  I need better eyes and a better hex editor.
                                  s = CHR$("W","a","y","n","e") also seems to work if SUB PLACE_AT_TOP_OF_PROGRAM is at top?

                                  Code:
                                  #DIM ALL
                                  GLOBAL gOutPutFile AS STRING
                                  
                                  SUB PLACE_AT_TOP_OF_PROGRAM
                                   'Wayne Diamond 7/5/2008
                                   'http://www.powerbasic.com/support/pbforums/showthread.php?t=37873 LOCAL a AS STRING
                                   'Helper SUB by John Gleason  7/7/2008
                                    LOCAL a AS STRING
                                    a = " "&"!"&"#"&"$"&"%"&"&"&"'"&"("&")"&"*"&"+"&","&"-"&"."&"/"&"0"& _
                                         "1"&"2"&"3"&"4"&"5"&"6"&"7"&"8"&"9"&":"&";"&"<"&"="&">"&"?"&"@"& _
                                         "A"&"B"&"C"&"D"&"E"&"F"&"G"&"H"&"I"&"J"&"K"&"L"&"M"&"N"&"O"&"P"& _
                                         "Q"&"R"&"S"&"T"&"U"&"V"&"W"&"X"&"Y"&"Z"&"["&"\"&"]"&"^"&"_"&"`"& _
                                         "a"&"b"&"c"&"d"&"e"&"f"&"g"&"h"&"i"&"j"&"k"&"l"&"m"&"n"&"o"&"p"& _
                                         $DQ&"q"&"r"&"s"&"t"&"u"&"v"&"w"&"x"&"y"&"z"&"}"&"|"&"{"&"~"
                                  END SUB
                                  
                                  #INCLUDE "win32api.inc"
                                  FUNCTION PBMAIN () AS LONG 'FindStr.bas
                                    LOCAL s AS STRING, result AS LONG
                                    gOutputFile = CHR$("T","E","S","T",".","T","X","T")
                                    s = CHR$("W","a","y","n","e")
                                    FindString s
                                    FindString CHR$("M","i","k","e")
                                    result = ShellExecute (0, CHR$("O","P","E","N"), gOutPutFile+$NUL, BYVAL 0, CURDIR$, %SW_SHOWNORMAL)
                                    'result of ShellExecute (0-32 Failure)
                                  END FUNCTION
                                  
                                  FUNCTION FindString(s AS STRING) AS STRING
                                  END FUNCTION
                                  Last edited by Mike Doty; 10 Jul 2014, 03:02 PM.
                                  How long is an idea?

                                  Comment


                                  • #18
                                    There is already a very good sollution available ...
                                    Text mangling Tool for Powerbasic
                                    Last edited by Theo Gottwald; 10 Jul 2014, 05:50 PM.
                                    --Theo Gottwald
                                    ------------------------------------------------
                                    76706 Dettenheim * Germany * [email protected]
                                    ------------------------------------------------
                                    Joses Forum * Theo's Link Site * IT-Berater.org

                                    Comment


                                    • #19
                                      Mike I use HxD as my hex editor. It is available in several languages. Give it a try as I think you will like it.
                                      The English version is available here http://mh-nexus.de/en/hxd/.
                                      It is free but does have donation link available in the about window.

                                      For what it is worth PowerBASIC apparently stores all literal strings in the same region of the compilations irrespective of which SUB or FUNCTION they are in.
                                      Work is what you are doing when you would rather be doing something else.

                                      Comment


                                      • #20
                                        For what it is worth PowerBASIC apparently stores all literal strings in the same region of the compilations irrespective of which SUB or FUNCTION they are in.
                                        Correct! but the reason for having the randomised alphabet string at the very top of the source code is because of the way the PB compiler reads the source code when building the binary - storing strings in the order it finds them, and it essentially reads top-to-bottom. This trick is about exploiting the way the compiler builds its executables and stores & references strings

                                        So in other words, if you put a protected string before (higher up in the source code) the random alphabet string, the protected string will still appear readable/unprotected in the compiled exe. So, just by switching the position of two strings can dramatically change the resulting binary in regards to the strings!

                                        Example... (as they appear in the compiled exe)
                                        Code:
                                        sProtected = "a"&"d"&"m"&"i"&"n"   '// string to protect = "admin"
                                        sAlphabet = "n"&"m"&"d"&"i"&"a"    '// pretend this is the whole alphabet (each char in random order)
                                        Protected string placed BEFORE random alphabet in the source code (still insecure):
                                        a.x.....d.......m.......i..u....n

                                        Protected string placed AFTER random alphabet in the source code (now obscured):
                                        n.x.....m.......d.......i..u....a


                                        PB'ers should also be aware that each unique string is only stored once in the executable, regardless of how many times it is used; it is referenced by address.
                                        So for example, "A"&"B"&"B"&"B"&"C"&"B"&"B" would look something like "A...B...C..." in the compiled exe. This is also at the heart of this simple string-obscuring trick.
                                        Last edited by Wayne Diamond; 11 Jul 2014, 04:35 AM.
                                        -

                                        Comment

                                        Working...
                                        X