Encrypted BufferOther

The Encrypted Buffer module implements a compile time C/C++ buffer encryption and obfuscation. More...

Detailed Description

TL;TR

The Encrypted Buffer module implements a compile time C/C++ buffer encryption and obfuscation to hide your static C/C++ buffers such as encryption keys, primes, initialization vectors or any sort of static resources..

Every encrypted buffer uses unique generated keys and primes in every single software build. This sort of protection guarantees a high hurdle and wall against potential attackers, since the protection is unique by buffer and build.

Problem: buffers.

We are referring to a buffer as a constant and static block of memory in your program. Whenever you use such a block of memory in your application the compiler and linker will place this most likely to a constant data segment in your program. A very common use case includes storing encryption keys, hashes or signatures in your program.

The following code illustrates this.

char buf[4] = { 0x10, 0x20, 0x30, 0x40 }
int main(int argc, char**)
{
   LOG("initialize decryption");

   // Call some library function to initialize some decryption and sensitive information..
   if (!library_function_init(buf, 4)) { return -1; }
   LOG("decryption initialized");

   LOG("reading all sensitive information now")
   library_function_read_data(...)
}

As you can see - in this code we initialize some function and pass a buffer including 4 bytes. Let it be some kind of password to decrypt some very sensitive information.

How is this code an issue?

While you can do this - or similar things - and it is absolutely fine - it is easy for attackers to automatically extract your buffer that is used to decrypt your sensitive information.

This code becomes an issue because you attempted to protect your information but it is fairly simple to extract the key to decrypt the buffer.

Solution: encrypted buffers.

As discussed earlier in this page we provide a compile-time obfuscation to all kinds of static buffers.

This compile-time buffer obfuscation brings the following advantages:

  • Compiler generates code on the stack and it is obfuscated on the stack.

  • Even if you don't change your buffers' content the obfuscated buffer will change on every single compilation of your software.

  • It gives an extra hurdle to attackers since the generated code makes common disassemblers and attackers busy.

Below is a minimal example that shows how to use antispy SDK - Encrypted Buffer module.

auto buf = ANTISPY_OBFUSCATED_BUFFER("\x00\x10\x00\x30", 4)
int main(int argc, char**)
{
   LOG("initialize decryption");

   // Call some library function to initialize some decryption and sensitive information..
   if (!library_function_init(buf, 4)) { return -1; }
   LOG("decryption initialized");

   LOG("reading all sensitive information now")
   library_function_read_data(...)
}