如何隐藏二进制代码中的字符串？ [英] How to hide a string in binary code?

问题描述

有时，从二进制（可执行文件）文件中隐藏字符串很有用。
例如，隐藏加密密钥从二进制文件是有意义的。

当我说隐藏时，我的意思是使字符串更难在编译的二进制。

例如，此代码：

  const char * encryptionKey =我的强加密密钥; 
 //编译后使用键
  

生成一个包含以下内容的可执行文件

  4D 79 20 73 74 72 6F 6E-67 20 65 6E 63 72 79 70 |我的强encryp | 
 74 69 6F 6E 20 6B 65 79 | tion key | 
  

您可以看到我们的秘密字符串可以轻松找到和/或修改。

我可以隐藏字符串...

  char encryptionKey [30] 
 int n = 0; 
 encryptionKey [n ++] ='M'; 
 encryptionKey [n ++] ='y'; 
 encryptionKey [n ++] =''; 
 encryptionKey [n ++] ='s'; 
 encryptionKey [n ++] ='t'; 
 encryptionKey [n ++] ='r'; 
 encryptionKey [n ++] ='o'; 
 encryptionKey [n ++] ='n'; 
 encryptionKey [n ++] ='g'; 
 encryptionKey [n ++] =''; 
 encryptionKey [n ++] ='e'; 
 encryptionKey [n ++] ='n'; 
 encryptionKey [n ++] ='c'; 
 encryptionKey [n ++] ='r'; 
 encryptionKey [n ++] ='y'; 
 encryptionKey [n ++] ='p'; 
 encryptionKey [n ++] ='t'; 
 encryptionKey [n ++] ='i'; 
 encryptionKey [n ++] ='o'; 
 encryptionKey [n ++] ='n'; 
 encryptionKey [n ++] =''; 
 encryptionKey [n ++] ='k'; 
 encryptionKey [n ++] ='e'; 
 encryptionKey [n ++] ='y'; 
  

...但这不是一个好的方法。任何更好的想法？

PS：我知道只有隐藏的秘密不能对一个确定的攻击者工作，但它比没有什么更好...

此外，我知道非对称加密，但在这种情况下是不可接受的。我重构了一个现有的应用程序，它使用Blowfish加密并将加密的数据传递到服务器（服务器用相同的密钥解密数据）。

t 更改加密算法，因为我需要提供向后兼容性。

解决方案

正如在pavium的< a href =http://stackoverflow.com/questions/1356896/how-to-hide-a-string-in-binary-code/1356915#1356915> answer ，您有两种选择：

• 保护密钥


• 保护解密算法

不幸的是，如果你必须求助于在代码中嵌入密钥和算法，这两个都不是真正的秘密，所以你留下了（远弱）的替代安全性通过模糊。换句话说，正如你所提到的，你需要一个聪明的方法在可执行文件中隐藏它们之一或两者。

这里有一些选项， 根据任何加密最佳做法，这些都不是真正安全的，每个都有其缺点：

1. 一个例子是 printf（）语句的格式字符串，这种语句往往具有数字，字母和标点符号。


2. Hash 部分或全部代码或数据段，并将其用作键。 （你需要对此有点聪明，以确保密钥不会意外更改！）这有一个潜在的理想的副作用，验证代码的哈希部分每次运行。


3. 在运行时生成密钥从系统中唯一的（并且在系统中保持不变），例如通过对网络适配器的MAC地址进行哈希处理。


4. 通过从其他数据中选择字节来创建密钥。如果您有静态或全局数据，不管类型如何（ int char ，等），在每个变量初始化之后从某处获取一个字节（当然是非零值）




请告诉我们如何解决问题！





修改：您已评论过您正在重构现有代码，因此我假设您不一定自己选择密钥。在这种情况下，请按照以下两个步骤：使用上述方法之一对密钥本身进行加密，然后使用键来解密用户的数据。




Sometimes, it is useful to hide a string from a binary (executable) file. For example, it makes sense to hide encryption keys from binaries.

When I say "hide", I mean making strings harder to find in the compiled binary.

For example, this code:

const char* encryptionKey = "My strong encryption key";
// Using the key

after compilation produces an executable file with the following in its data section:

4D 79 20 73 74 72 6F 6E-67 20 65 6E 63 72 79 70   |My strong encryp|
74 69 6F 6E 20 6B 65 79                           |tion key        |

You can see that our secret string can be easily found and/or modified.

I could hide the string…

char encryptionKey[30];
int n = 0;
encryptionKey[n++] = 'M';
encryptionKey[n++] = 'y';
encryptionKey[n++] = ' ';
encryptionKey[n++] = 's';
encryptionKey[n++] = 't';
encryptionKey[n++] = 'r';
encryptionKey[n++] = 'o';
encryptionKey[n++] = 'n';
encryptionKey[n++] = 'g';
encryptionKey[n++] = ' ';
encryptionKey[n++] = 'e';
encryptionKey[n++] = 'n';
encryptionKey[n++] = 'c';
encryptionKey[n++] = 'r';
encryptionKey[n++] = 'y';
encryptionKey[n++] = 'p';
encryptionKey[n++] = 't';
encryptionKey[n++] = 'i';
encryptionKey[n++] = 'o';
encryptionKey[n++] = 'n';
encryptionKey[n++] = ' ';
encryptionKey[n++] = 'k';
encryptionKey[n++] = 'e';
encryptionKey[n++] = 'y';

…but it's not a nice method. Any better ideas?

PS: I know that merely hiding secrets doesn't work against a determined attacker, but it's much better than nothing…

Also, I know about assymetric encryption, but it's not acceptable in this case. I am refactoring an existing appication which uses Blowfish encryption and passes encrypted data to the server (the server decrypts the data with the same key).

I can't change the encryption algorithm because I need to provide backward compatibility. I can't even change the encryption key.

解决方案

As noted in the comment to pavium's answer, you have two choices:

• Secure the key
• Secure the decryption algorithm

Unfortunately, if you must resort to embedding both the key and the algorithm within the code, neither is truly secret, so you're left with the (far weaker) alternative of security through obscurity. In other words, as you mentioned, you need a clever way to hide either or both of them inside your executable.

Here are some options, though you need to remember that none of these is truly secure according to any cryptographic best practices, and each has its drawbacks:

1. Disguise your key as a string that would normally appear within the code. One example would be the format string of a printf() statement, which tends to have numbers, letters, and punctuation.
2. Hash some or all of the code or data segments on startup, and use that as the key. (You'll need to be a bit clever about this to ensure the key doesn't change unexpectedly!) This has a potentially desirable side-effect of verifying the hashed portion of your code each time it runs.
3. Generate the key at run-time from something that is unique to (and constant within) the system for example, by hashing the MAC address of a network adapter.
4. Create the key by choosing bytes from other data. If you have static or global data, regardless of type (int, char, etc.), take a byte from somewhere within each variable after it's initialized (to a non-zero value, of course) and before it changes.

Please let us know how you solve the problem!

Edit: You commented that you're refactoring existing code, so I'll assume you can't necessarily choose the key yourself. In that case, follow a 2-step process: Use one of the above methods to encrypt the key itself, then use that key to decrypt the users' data.

这篇关于如何隐藏二进制代码中的字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！