LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices



Reply
 
Search this Thread
Old 04-04-2011, 06:21 PM   #1
Nathan.eth0
LQ Newbie
 
Registered: Apr 2011
Posts: 21

Rep: Reputation: 2
Exclamation How do I hide my C++ codes in an executable file?


Hello World!
I wrote a c++ program but for security reasons I need to make sure that no one can read my codes by my ".out" files. I did everything I could. But everyone can see it by "strings Alpha.cpp".
I heard that g++ has some options to do so.
Please if anyone can help me hide my contents, reply.


Last edited by Nathan.eth0; 04-04-2011 at 06:22 PM.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-04-2011, 06:35 PM   #2
dugan
Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 5,005

Rep: Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560
Quote:
Originally Posted by Nathan.eth0 View Post
I need to make sure that no one can read my codes by my ".out" files. I did everything I could. But everyone can see it by "strings Alpha.cpp".
Then don't distribute Alpha.cpp with your a.out file! People don't need access to your source code to run your executables.

If you're asking how to prevent people from reverse-engineering your executables, you're out of luck. The binary code can always be disassembled; the disassembled code can always be analyzed with a debugger. If what you intend to protect is worth protecting, then it's worth someone's time to reverse engineer. That's why you can find keygens for all shareware programs that use registration keys. It's also how the "undocumented" Windows API was discovered.

You definitely want to get a copy of this book, to understand the angles of attack:

http://www.amazon.com/Reversing-Secr...dp/0764574817/

Last edited by dugan; 04-04-2011 at 07:24 PM.
 
2 members found this post helpful.
Old 04-05-2011, 12:23 AM   #3
Nathan.eth0
LQ Newbie
 
Registered: Apr 2011
Posts: 21

Original Poster
Rep: Reputation: 2
I'm writing an encryption system, I need to hide my key, So it's stupid to have my key to spare by my encryptor. Do you have any idea how do I keep a hidden library for my key?

Thanks for answering
 
Old 04-05-2011, 01:11 AM   #4
Sergei Steshenko
Senior Member
 
Registered: May 2005
Posts: 4,481

Rep: Reputation: 453Reputation: 453Reputation: 453Reputation: 453Reputation: 453
Quote:
Originally Posted by dugan View Post
... the disassembled code can always be analyzed with a debugger. ...
It is not that simple. I.e. there are measures making running under a debugger quite problematic, though technically, of course, one can run code through a debugger. The question is how much misleading the debug traces become.

More powerful "guns" than just a debugger might be needed.
 
Old 04-05-2011, 03:29 AM   #5
Nathan.eth0
LQ Newbie
 
Registered: Apr 2011
Posts: 21

Original Poster
Rep: Reputation: 2
I still have no idea what to do, It may be difficult but still it's not impossible. Is there a way to hide my encryption key in another way, other than hard-coding it?
 
Old 04-05-2011, 06:17 AM   #6
JohnGraham
Member
 
Registered: Oct 2009
Posts: 467

Rep: Reputation: 138Reputation: 138
Quote:
Originally Posted by Nathan.eth0 View Post
Is there a way to hide my encryption key in another way, other than hard-coding it?
Have a program to generate a key and place it in a text file (that only you have permission read) and use it from there. If your key is symmetric (i.e. you use the same key for both encryption and decryption), you'll need to find a secure way of getting it to whoever you want to be able to encrypt/decrypt data - otherwise, both of you can just use the program to generate your own private+public key pairs and then send the public ones to each other.
 
1 members found this post helpful.
Old 04-05-2011, 12:22 PM   #7
Nathan.eth0
LQ Newbie
 
Registered: Apr 2011
Posts: 21

Original Poster
Rep: Reputation: 2
That's actually a good idea; BTW how do iterate a text file in C++?
Sorry I keep asking questions, I'm a newbie
 
Old 04-05-2011, 01:25 PM   #8
Nominal Animal
Senior Member
 
Registered: Dec 2010
Location: Finland
Distribution: Xubuntu, CentOS, LFS
Posts: 1,723
Blog Entries: 3

Rep: Reputation: 943Reputation: 943Reputation: 943Reputation: 943Reputation: 943Reputation: 943Reputation: 943Reputation: 943
Quote:
Originally Posted by Nathan.eth0 View Post
Is there a way to hide my encryption key in another way, other than hard-coding it?
Yes, you can "hide" it in many ways[*], but it is still easily discovered: Just run your program in a debugger or emulator, stop it just before it starts the encryption, and read the key from the key buffer. The encryption routines are quite easy to find even from disassembly, since they look nothing like ordinary code, so this is not at all that difficult one might think.

You can rewrite the encryption algorithm to not hold the key in a buffer, but that is at least an order of magnitude more difficult -- and even then, the entire encryption code and all data it refers to can be lifted as-is, and used by somebody else.

I don't know if this is feasible for you, since I don't know what you actually do with the key, but I'd recommend a fundamentally different approach: use a public key encryption algorithm. That way encryption and decryption use different keys.

For example, if you wanted to store an unique serial number in your application, you would store two copies of it, encrypted using a public key algorithm, within the code as constants, and use two totally different keys. The decryption keys for the serial numbers would be stored in plain view also. Your program would use the decryption keys to decrypt and verify the serial numbers match. A nefarious user can copy a serial number to another copy of the application, but that would be exactly the same as copying the entire application. They cannot create a fake one, without first obtaining the other halves of the keys -- which are not included in the applications, and are in your possession only. Still, users can just modify the application binary to skip the checks, so even this is not absolutely secure. Nothing is.

Similarly, if you communicate with an another party -- either via the network, or via files, or some other means --, use a different public key in each direction, with each party knowing only half of each key. If you yourself are the other party, and you keep your halves of the keys secure, with each application having their own key pairs, you can easily authenticate each application. (Or, in the case of files, either authenticate the application used to create the files, or note that the authentication bits were removed after saving the file by other means.)

In the end, you'll find out that you must trust the user to a degree. I'd recommend picking the degree such that you don't hinder the users' activities, or they will either break the security, or use another application. Consider what would be acceptable to you yourself, if you were the user of your application.
[*] In the early nineties, I hid a copy of the applications serial number into the relocation data, overwriting another copy of the serial number when the application is loaded into memory. (This was with old-type EXE files that contained their own relocation code; I replaced that with a home-grown one.) Even changing the serial number in the file would not change it, since it was regenerated when the program was loaded into memory. All copies of the application were different at the binary level, so comparing the memory image to the file would be a tedious job.
In short, the trick was to make it more work to disable or hide the serial number, than to rewrite the application from scratch. Normal users were totally unaware of this feature, since it did not hinder their actions in any way.
 
2 members found this post helpful.
  


Reply

Tags
encryption


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to compile .jar Java byte-codes into native machine codes? ilgaar Linux - Software 1 08-30-2010 01:52 AM
How to compile .jar Java byte-codes into native machine codes? ilgaar Linux - Software 6 08-29-2010 12:20 AM
how to hide a file using file permissions in linux without using dot davender84 Linux - General 4 03-26-2009 01:13 AM
How to hide or unexpose source codes. SPo2 Linux - General 8 01-28-2006 02:21 PM
Are the hex codes for colors in a jpg the same codes as used in html? abefroman Linux - Security 3 07-31-2005 04:21 PM


All times are GMT -5. The time now is 11:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration