Re: Obfuscating function names and the like inside exe file
Walter Bright Wrote:
1. make sure you're not compiling with debug info (-g) on.
Bye bye stack traces... :(
2. you can just use a bit editor to stomp on those names in the executable
(replace them with X or whatever). The exe files are not checksummed, so
this should be straightforward.
Too much manual work. Any clues how I can automate this? At least where I
should look for info?
3. rename your sensitive classes to obscure names, then alias them to a
readable
name. The alias name shouldn't appear in the executable:
class CXX97ASDFXX { }
alias CXX97ASDFXX mySensitiveName;
Nice idea. Didn't thought about it. But it won't work for external libraries.
For example if I'm using dcrypt it will be obvious I'm using one of its
supported ciphers for my encrypted data. I wouldn't wish this to be so obvious,
at least not for people without reverse-engineering skills.
Thanks.
Re: Obfuscating function names and the like inside exe file
bobef wrote: Walter Bright Wrote: 2. you can just use a bit editor to stomp on those names in the executable (replace them with X or whatever). The exe files are not checksummed, so this should be straightforward. Too much manual work. Any clues how I can automate this? At least where I should look for info? You can write a simple D program that contains a list of strings to patch. It reads the exe file, patches it, and writes it back out.
Re: Obfuscating function names and the like inside exe file
Hello bobef,
Walter Bright Wrote:
1. make sure you're not compiling with debug info (-g) on.
Bye bye stack traces... :(
Only for release builds.
2. you can just use a bit editor to stomp on those names in the
executable (replace them with X or whatever). The exe files are
not checksummed, so this should be straightforward.
Too much manual work. Any clues how I can automate this? At least
where I should look for info?
If you know what to look for, some kind of find/replace might work.
3. rename your sensitive classes to obscure names, then alias them to
a readable name. The alias name shouldn't appear in the executable:
class CXX97ASDFXX { }
alias CXX97ASDFXX mySensitiveName;
Nice idea. Didn't thought about it. But it won't work for external
libraries. For example if I'm using dcrypt it will be obvious I'm
using one of its supported ciphers for my encrypted data. I wouldn't
wish this to be so obvious, at least not for people without
reverse-engineering skills.
I'd assume anyone who can identify the cypher from function names and apply
it to strings in the file already has reverse-engineering skills. And if
you are considering the attacker knowing what cypher you are using to be
a security issue, don't bother I anyone able to think about cracking any
real cypher can get that from the binary no matter what you do.
--
... IXOYE
Re: Obfuscating function names and the like inside exe file
bobef Wrote: Hello all, I was wondering if someone know of way to obfuscate all the strings and function names and class names inside DMD Windows generated exe file. Opening the file with notepad shows all kinds of strings and names in clear text and since my application handles some sensitive data it gives me an extra feeling of insecurity. Any suggestions? Thanks Compress/encode sensitive data and give meaningless names to function/classes ? :)
Re: Obfuscating function names and the like inside exe file
On Sat, 20 Mar 2010 09:53:17 -0400, Bane wrote: Compress/encode sensitive data and give meaningless names to function/classes ? :) Bane, You have become a changed person - these days you are tolerant to a fault. Do try to keep a balance! Steve
Re: Obfuscating function names and the like inside exe file
On Sat, 20 Mar 2010 10:12:14 -0300, bobef _asd_asd_asd_asdasd_...@asdasda___dasd.com wrote: Hello all, I was wondering if someone know of way to obfuscate all the strings and function names and class names inside DMD Windows generated exe file. Opening the file with notepad shows all kinds of strings and names in clear text and since my application handles some sensitive data it gives me an extra feeling of insecurity. Any suggestions? Thanks Regarding function names/etc. I'd expect any industry standard obfuscator would scramble them for you. A bigger problem is the data segment which stores any constant strings, etc. If you really have to include them in your program, I'd recommend writing a compile time encrypt and runtime decrypt function pair. i.e. string name = rt_decrypt(ct_encrypt!important name);
Re: Obfuscating function names and the like inside exe file
On 03/20/2010 11:24 AM, Robert Jacques wrote: On Sat, 20 Mar 2010 10:12:14 -0300, bobef _asd_asd_asd_asdasd_...@asdasda___dasd.com wrote: Hello all, I was wondering if someone know of way to obfuscate all the strings and function names and class names inside DMD Windows generated exe file. Opening the file with notepad shows all kinds of strings and names in clear text and since my application handles some sensitive data it gives me an extra feeling of insecurity. Any suggestions? Thanks Regarding function names/etc. I'd expect any industry standard obfuscator would scramble them for you. A bigger problem is the data segment which stores any constant strings, etc. If you really have to include them in your program, I'd recommend writing a compile time encrypt and runtime decrypt function pair. i.e. string name = rt_decrypt(ct_encrypt!important name); Doesn't that just put important name in the mangled name of ct_encrypt (albeit in hex)?
Re: Obfuscating function names and the like inside exe file
bobef wrote:
I was wondering if someone know of way to obfuscate all the strings and
function names and class names inside DMD Windows generated exe file. Opening
the file with notepad shows all kinds of strings and names in clear text and
since my application handles some sensitive data it gives me an extra feeling
of insecurity. Any suggestions?
1. make sure you're not compiling with debug info (-g) on.
2. you can just use a bit editor to stomp on those names in the executable
(replace them with X or whatever). The exe files are not checksummed, so
this should be straightforward.
3. rename your sensitive classes to obscure names, then alias them to a readable
name. The alias name shouldn't appear in the executable:
class CXX97ASDFXX { }
alias CXX97ASDFXX mySensitiveName;
Re: Obfuscating function names and the like inside exe file
Hello Ellery, On 03/20/2010 11:24 AM, Robert Jacques wrote: On Sat, 20 Mar 2010 10:12:14 -0300, bobef _asd_asd_asd_asdasd_...@asdasda___dasd.com wrote: Hello all, I was wondering if someone know of way to obfuscate all the strings and function names and class names inside DMD Windows generated exe file. Opening the file with notepad shows all kinds of strings and names in clear text and since my application handles some sensitive data it gives me an extra feeling of insecurity. Any suggestions? Thanks Regarding function names/etc. I'd expect any industry standard obfuscator would scramble them for you. A bigger problem is the data segment which stores any constant strings, etc. If you really have to include them in your program, I'd recommend writing a compile time encrypt and runtime decrypt function pair. i.e. string name = rt_decrypt(ct_encrypt!important name); Doesn't that just put important name in the mangled name of ct_encrypt (albeit in hex)? Use a CTFE compression function and that problem should go away (as long as you can force CTFE). -- ... IXOYE
Re: Obfuscating function names and the like inside exe file
Nick Sabalausky wrote:
3. rename your sensitive classes to obscure names, then alias them to a
readable name. The alias name shouldn't appear in the executable:
class CXX97ASDFXX { }
alias CXX97ASDFXX mySensitiveName;
Wouldn't compiler errors still refer to the obfuscated name?
Sometimes.
Re: Obfuscating function names and the like inside exe file
Walter Bright newshou...@digitalmars.com wrote in message
news:ho34du$2li...@digitalmars.com...
bobef wrote:
I was wondering if someone know of way to obfuscate all the strings and
function names and class names inside DMD Windows generated exe file.
Opening
the file with notepad shows all kinds of strings and names in clear text
and
since my application handles some sensitive data it gives me an extra
feeling
of insecurity. Any suggestions?
1. make sure you're not compiling with debug info (-g) on.
2. you can just use a bit editor to stomp on those names in the executable
(replace them with X or whatever). The exe files are not checksummed,
so this should be straightforward.
3. rename your sensitive classes to obscure names, then alias them to a
readable name. The alias name shouldn't appear in the executable:
class CXX97ASDFXX { }
alias CXX97ASDFXX mySensitiveName;
Wouldn't compiler errors still refer to the obfuscated name?
Re: Obfuscating function names and the like inside exe file
bobef wrote:
Hello all,
I was wondering if someone know of way to obfuscate all the strings and
function names and class names inside DMD Windows generated exe file. Opening
the file with notepad shows all kinds of strings and names in clear text and
since my application handles some sensitive data it gives me an extra feeling
of insecurity. Any suggestions?
Thanks
module seakrit;
char[] supar_enkript(char[] mah_secret)
{
char[] result = mah_secret.dup;
for( size_t i=0; iresult.length; ++i )
result[i] = ~result[i];
return result;
}
alias supar_enkript supar_dekript;
const supar_seakrit_password = supar_enkript(O HAI THAR);
import tango.io.Stdout;
void main()
{
Stdout(Tha supar seakrit password is: )
(supar_dekript(supar_seakrit_password)).newline;
}
Note that simply using supar_enkript(O HAI THAR) isn't sufficient; you
have to make sure you trigger compile-time evaluation or you'll end up
with the seakrit in the object file.
For extra sekuritee, put supar_enkript in another module that you never
link to.
Of course, the reason for all the bad spelling is to indicate that this
isn't really something I can imagine helping. If your program handles
sensitive data, protect the data, not your program.
If your program *contains* sensitive information, don't give it to the
wrong people.
If someone is really, seriously determined to get at that information,
there's nothing you can do to stop them.
