How to hide a string in C, so it is not readable in compiled code?

Navigation
4

I have a string Hello World , but I do not want to save it as Hello World in C, I would like to save it as some base64, aes or binary value, or similar, so that it would not be readable in code .

How can I save this string, and return its value in a print for example?

    
asked by anonymous 21.07.2016 / 20:45

2 answers

7

This is definitely not a good practice. It is a false sense of security to believe that no one will be able to read a data just because it was stored using a different representation.

However, it follows a (tested) code capable of decoding a base64 string: 

#include <stdlib.h>
#include <stdio.h>
#include <string.h>


static const unsigned char pr2six[256] =
{
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
    52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
    64,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
    15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
    64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
    41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
};


int Base64decode( char * bufplain, const char * bufcoded )
{
    int nbytesdecoded;
    register const unsigned char *bufin;
    register unsigned char *bufout;
    register int nprbytes;

    bufin = (const unsigned char *) bufcoded;
    while (pr2six[*(bufin++)] <= 63);
    nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
    nbytesdecoded = ((nprbytes + 3) / 4) * 3;

    bufout = (unsigned char *) bufplain;
    bufin = (const unsigned char *) bufcoded;

    while (nprbytes > 4)
    {
        *(bufout++) = (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
        *(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
        *(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
        bufin += 4;
        nprbytes -= 4;
    }

    if (nprbytes > 1)
    {
        *(bufout++) = (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
    }

    if (nprbytes > 2)
    {
        *(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
    }

    if (nprbytes > 3)
    {
        *(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
    }

    *(bufout++) = '
$ gcc base64.c -o base64

';
    nbytesdecoded -= (4 - nprbytes) & 3;

    return nbytesdecoded;
}


int main( void )
{
    char * encoded = "SGVsbG8gV29ybGQh";
    char decoded[ 100 ] = {0};

    Base64decode( decoded, encoded );

    printf("String codificada  : %s\n", encoded );
    printf("String decodificada: %s\n", decoded );

    return 0;
}

/* fim-de-arquivo */

Compiling (gcc / linux): 

$ ./base64 
String codificada  : SGVsbG8gV29ybGQh
String decodificada: Hello World!

Output: 

#include <stdlib.h>
#include <stdio.h>
#include <string.h>


static const unsigned char pr2six[256] =
{
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
    52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
    64,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
    15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
    64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
    41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
    64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
};


int Base64decode( char * bufplain, const char * bufcoded )
{
    int nbytesdecoded;
    register const unsigned char *bufin;
    register unsigned char *bufout;
    register int nprbytes;

    bufin = (const unsigned char *) bufcoded;
    while (pr2six[*(bufin++)] <= 63);
    nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
    nbytesdecoded = ((nprbytes + 3) / 4) * 3;

    bufout = (unsigned char *) bufplain;
    bufin = (const unsigned char *) bufcoded;

    while (nprbytes > 4)
    {
        *(bufout++) = (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
        *(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
        *(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
        bufin += 4;
        nprbytes -= 4;
    }

    if (nprbytes > 1)
    {
        *(bufout++) = (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
    }

    if (nprbytes > 2)
    {
        *(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
    }

    if (nprbytes > 3)
    {
        *(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
    }

    *(bufout++) = '
$ gcc base64.c -o base64

';
    nbytesdecoded -= (4 - nprbytes) & 3;

    return nbytesdecoded;
}


int main( void )
{
    char * encoded = "SGVsbG8gV29ybGQh";
    char decoded[ 100 ] = {0};

    Base64decode( decoded, encoded );

    printf("String codificada  : %s\n", encoded );
    printf("String decodificada: %s\n", decoded );

    return 0;
}

/* fim-de-arquivo */

I hope I have helped!

    
21.07.2016 / 22:22
4

To "hide" the string you can apply the rot13 

#include <string.h> // para strchr()

// aplica rot13 a src e mete o resultado em dst
// se dst nao tiver tamanho suficiente invoca UB
// devolve dst
char *rot13(const char *src, char *dst) {
    static char alpha[] = "abcdefghijklmnopqrstuvwxyzabcdefghijklm"
                          "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLM";
    char *bak = dst;
    char *pa;
    while (*src) {
        if ((pa = strchr(alpha, *src)) != NULL) {
            *dst = pa[13];
        } else {
            *dst = *src;
        }
        dst++;
        src++;
    }
    *dst = 0;
    return bak;
}

You can apply this function in your program, for example 

#include <stdio.h>
#include "rot13.h"

int main(void) {
    char x[] = "Uryyb, Jbeyq!";
    printf("rot13: %s\n", rot13(x, x));
    return 0;
}
    
22.07.2016 / 10:35
How to compare 2 Arrays with Assert.Equals? AJAX with HTML data return