是否可以从二进制可执行文件中提取常量和其他预定义值? [英] Is it possible to extract constants and other predefined values from binary executables?

问题描述

假设我们在这里有这个程序

Let's say we have this program here

class Message{

public static SUPER_SECRET_STRING = "bar";

    public static void Main(){
        string SECRET = "foo";
        Console.Write(sha(SUPER_SECRET_STRING) + "" + sha(SECRET));
    }

}

现在，在构建此程序之后，是否可以使用十六进制编辑器或其他实用程序从已编译的二进制文件中提取值"foo"和"bar"?

Now, after building this program, is there any way using a hex editor or some other utility to extract the values "foo" and "bar" from the compiled binary file?

我们还假设不允许使用内存编辑器.

Also let's assume that memory editors are not allowed.

这是否适用于所有编译语言，例如C ++?在Java或C#等其他环境中运行的程序又如何呢?

Is this applicable to all compiled languages like C++? What about ones that are run in another environment like Java or C#?

推荐答案

是的，您可以轻松地使用反编译器来提取那些类型的常量，尤其是字符串(因为它们需要更大的内存块).这甚至可以在机器代码二进制文件中使用，并且对于Java和C#等VM语言甚至更容易.

Yes you could easily use a decompiler to extract those kinds of constants, especially strings (since they require a larger chunk of memory). This will even work in machine-code binaries and is even easier for VM-languages like Java and C#.

如果您需要在其中保留一些秘密，则需要花大力气.例如，简单地对字符串进行加密将增加一层安全性，但是对于知道自己在做什么的人来说，这并不是一个很大的障碍.例如，扫描文件中熵很少的位置可能会揭示用于加密的密钥.甚至有一些系统通过更改二进制文件中使用的低级命令来对机密进行编码.这些工具将命令的某些组合替换为其他等效命令.但是，即使很少的系统也不太难规避，因为不常见的命令组合将揭示此类工具的使用.

If you need to keep something secret in there you will need to go great lengths. Simply encrypting the string for example would add a layer of security, but for someone who knows what she does this won't be a big barrier. For example scanning the the file for places with uncommon entropy is likely to reveal the key which was used for encryption. There are even systems which encode secrets by altering the used low-level commands in the binary. Those tools replace certain combinations of commands with other equivalent commands. But even thous systems are not too hard to circumvent, as the uncommon combination of commands will reveal the use of such tools.

即使您设法通过某种形式的二进制加密来保护字符串，在某些时候您仍需要解密版本才能执行.因此，在使用字符串的时间点创建内存转储也将包含秘密值的副本.在Java中，这尤其成问题，因为您无法释放内存块，并且字符串是不可变的(这意味着对字符串的更改"将导致新的内存块).

And even if you manage to protect the string by some kind of encryption in your binary, you will at some point require a decrypted version for your execution. Creating a memory-dump at a point in time where the string is used will thus also contain a copy of the secret value. This is especially problematic in Java as you cannot deallocate a chunk of memory and a string is immutable (meaning that a "change" to the string will lead to a new chunk of memory).

如您所见，问题绝非易事.当然，也没有办法为您提供100％的安全性(考虑所有破解的游戏等等).

As you see the problem is far from trivial. And of course there is no way to give you 100% security (think of all the cracked games and so on).

可以使用公共密钥密码以安全的方式实现的事情.在这种情况下，您将需要隐藏私钥.例如，如果您可以将内容发送到服务器以对其进行加密，或者您拥有的硬件提供了平台模块.但是对于您的情况，这些事情可能并不可行.

Something that can be implemented in a secure way is using Public-key cryptography. In that case you will need to keep the private key hidden. That might be possible if you could for example send things to your server to encrypt them or you have hardware which provides a Trusted Platform Module. But those things might not be feasible for your case.

这篇关于是否可以从二进制可执行文件中提取常量和其他预定义值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！