EvilZone
Other => Found it on the Webs => : Kulverstukas March 14, 2014, 07:49:36 PM
-
I was going to do intense research and write a tutorial, but doing a bit of research I found nice articles that would pretty much cover what I would write, so instead of writing a tutorial, I'll drop a bunch of links that has a lot of information about it.
Some things I learned, is that you cannot have a secure setup if you distribute the password with your shit, there is no fool-proof way to hide it, only mere obfuscation... sadly.
If my programs have to communicate with web/DB, I always make a PHP backend/API to which I send appropriate commands and get the output instead of just connecting straight to the DB or sending raw SQL commands even to the backend... security through obscurity (http://en.wikipedia.org/wiki/Security_through_obscurity) is the only way to go :-/
Here are the links:
A discussion about theoretical string hiding: http://stackoverflow.com/questions/1356896/how-to-hide-a-string-in-binary-code
Some tutorial-ish writeup with C code: http://create.stephan-brumme.com/hide-strings-executable/
The most informative article from MS, however includes lots of WinAPI, probably not recommended for Linuxfags: http://msdn.microsoft.com/en-us/magazine/cc164054.aspx
Some example code: http://etutorials.org/Programming/secure+programming/Chapter+12.+Anti-Tampering/12.11+Hiding+Strings/
Another informative article, probably the best one, however only with C++ code: http://www.codeproject.com/Articles/502283/Strings-Obfuscation-System
If anyone has their own methods or at least ideas to discuss to go about hiding strings in code, please share :)