Hide A Passw string in code

**marce002** · November 30th, 2004, 04:27 PM

Hello

Where can I hide a password string inside a vc++ code, to not have it displayed in an hexa editor. If I make a simple:
char key[5]="pepe"
The hexa editor simple shows it unchanged.

What about placing it in a string table in resource editor?

What is safer option?

Thanks

**TSYS** · November 30th, 2004, 04:57 PM

You'll have to encode it somehow. You could invert the bits for each character; you could add some number to each character and store the result as an integer; etc.

Putting it in a string table won't do much to protect it.

**raghupathys** · December 1st, 2004, 07:30 AM

You could try it this way

char code[6] = {'H','E','L','L','O',0};

String table would still show under a hex editor

**TSYS** · December 1st, 2004, 08:14 AM

You could try it this way

char code[6] = {'H','E','L','L','O',0};

Given the way the compiler allocates memory, I think your solution will produce code that is identical to specifying a string, which would stand out when displayed by a hex editor.

**raghupathys** · December 1st, 2004, 11:44 PM

I just checked, in both debug and release builds.

char code[6] = {'H','E','L','L','O',0}; // Does not show up in a hex editor (Release or debug build).

char code[6] = "HELLO"; // Shows up in a hex editor in debug build, but not in release build

The second scenario was pretty surprising actually, as i thought "HELLO" would be stored in the PE files data segment!!!

Any ideas why not?

**cilu** · December 2nd, 2004, 03:42 AM

What about this:

Code:

char code[6] = {73,70,77,77,80,0};

(I hope I did put the correct codes.)

**gstercken** · December 2nd, 2004, 04:00 AM

Originally Posted by raghupathys

char code[6] = "HELLO";
char code[6] = {'H','E','L','L','O',0};

Originally Posted by cilu

char code[6] = {73,70,77,77,80,0};

All of these lines will produce exactly the same compiled code, regardless of a debug or release build, when you declare it static or outside any block scope (not on the stack). It will always show in a hex editor. As for declaring it on the stack: It will we compiler dependent what happens here: The compiler might generate single instructions to push the characters on the stack, or a contiguous block which is copied - so you can't rely on that technique for effectively hiding the string. As TSYS said, you will need to encode the string in some way.

Originally Posted by raghupathys

The second scenario was pretty surprising actually, as i thought "HELLO" would be stored in the PE files data segment!!!

The reason it didn't show up in a release build is most probably that you declared it, but never used it, so the data was optimized away in a release build.

**Kheun** · December 2nd, 2004, 04:08 AM

Beside encoding your string to make it not displayable on hex editor, you can divide your string into several parts and spread them all over your code. You then need a function to gather and reconstruct them back to the original string.

Thread: Hide A Passw string in code

Thread Tools

Display

Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Re: Hide A Passw string in code

Posting Permissions