From: Jef Poskanzer <jef@ee.lbl.gov>
To: Derek Atkins <cypherpunks@toad.com
Message Hash: bd1e24d844b8a5d4609090a734fb388ccc25338120e886bbc81d07b33d11943a
Message ID: <199412200132.RAA12865@hot.ee.lbl.gov>
Reply To: N/A
UTC Datetime: 1994-12-20 01:33:22 UTC
Raw Date: Mon, 19 Dec 94 17:33:22 PST
From: Jef Poskanzer <jef@ee.lbl.gov>
Date: Mon, 19 Dec 94 17:33:22 PST
To: Derek Atkins <cypherpunks@toad.com
Subject: Re: Hiding strings in objects code
Message-ID: <199412200132.RAA12865@hot.ee.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain
>I assume you mean so that running "strings" on the binary will not
>lead you to anything, right? You can use an XOR with some weird value
>to hide the strings. Just make sure the value you use will, for
>example, set the high bit on the string bytes...
>
>Its is a cheap, free way to hide strings. It is, by no means, secure.
When rtm used this technique in his worm I'm sure a lot of people,
such as myself, spent the five minutes necessary to hack up a program
that tries XORing the input with all 256 possible bytes. I had the
program pipe the output of each try through strings and wc, to check
whether any significant text was uncovered. Only 0x00 and the single
now-forgotten value he used got hits - no second XOR value.
Anyway the point is it's *really* by no means secure, and you can do
much better with a few minutes thought. Set up a basic framework
using a Makefile that takes a file of
MNEMONIC "text string"
and runs it through an encoding program to produce a .h file of
static char* text[] = {
...
#define MNEMONIC 17
"vb4hv7789sd",
Then in your actual program you just call decode(text[MNEMONIC]);
Given that simple framework you can experiment with lots of different
encoding and decoding functions.
---
Jef
Return to December 1994
Return to “Jim Gillogly <jim@acm.org>”