Encrypted StringOther

The Encrypted String module encrypts and obfuscates static C/C++ strings at compile-time, using unique keys for each build. This enhances security by making it hard for attackers to extract sensitive data like passwords and API keys. More...

Detailed Description

The Encrypted String module encrypts and obfuscates static C/C++ strings at compile-time, using unique keys for each build. This enhances security by making it hard for attackers to extract sensitive data like passwords and API keys.

TL;TR

The Encrypted String module provides a compile-time C/C++ string encryption and obfuscation mechanism to secure your static C/C++ strings such as passwords, API keys, or any sensitive static text data.

Each encrypted string uses unique keys and primes generated for every individual software build. This ensures a high level of protection, making it significantly more challenging for potential attackers, as the encryption is unique for each string and each build.

Problem: Static Strings.

In programming, a static string refers to a constant and unchanging block of memory in your program. When you use such a block in your application, the compiler and linker typically place it in a constant data segment of your program. A common scenario involves storing passwords, API keys, or other sensitive information in your program as static strings.

The following code illustrates this.

const char* password = "SuperSecretPassword";
int main(int argc, char**)
{
   LOG("Initializing decryption");

   // Call some library function to initialize decryption using the sensitive password..
   if (!library_function_init(password)) { return -1; }
   LOG("Decryption initialized");

   LOG("Reading all sensitive information now");
   library_function_read_data(...);
}

In this example, a static string containing a password is used to initialize a decryption function, which is crucial for accessing sensitive information.

Why is this code an issue?

While this approach works, it makes it easy for attackers to extract the static string used to decrypt sensitive information. The static string is vulnerable because it resides in the constant data segment of your program, making it relatively simple for attackers to locate and extract it.

Solution: Encrypted Strings.

As discussed, the Encrypted String module offers compile-time obfuscation for all types of static strings.

This compile-time string obfuscation provides the following advantages:

  • The compiler generates obfuscated code on the stack.

  • Even if the string content does not change, the obfuscated string will vary with each software compilation.

  • It adds an extra layer of difficulty for attackers, as the generated code complicates the disassembly process.

Below is a minimal example demonstrating how to use the Encrypted String module.

auto encrypted_password = ANTISPY_OBFUSCATED_STRING("SuperSecretPassword");
int main(int argc, char**)
{
   LOG("Initializing decryption");

   // Call some library function to initialize decryption using the sensitive password..
   if (!library_function_init(encrypted_password)) { return -1; }
   LOG("Decryption initialized");

   LOG("Reading all sensitive information now");
   library_function_read_data(...);
}

Disassembly

Using the default encryption strategy, the compiler generates an obfuscated string on the stack and decrypts it during access.

mov     r8d, dword ptr cs:aJcj         ; "some_obfuscated_bytes"
mov     [rsp+78h+var_54], r8d
xor     r8b, 86h                       ; decrypt 1st byte
movzx   edx, byte ptr [rsp+78h+var_54+1]
xor     dl, 86h                        ; decrypt 2nd byte
movzx   ecx, byte ptr [rsp+78h+var_54+2]
xor     cl, 86h                        ; decrypt 3rd byte
movzx   eax, byte ptr [rsp+78h+var_54+3]
xor     al, 86h                        ; decrypt 4th byte
mov     byte ptr [rsp+78h+var_58], r8b
mov     byte ptr [rsp+78h+var_58+1], dl
mov     byte ptr [rsp+78h+var_58+2], cl
mov     byte ptr [rsp+78h+var_58+3], al
mov     qword ptr [rsp+78h+var_40+8], 0Fh
mov     qword ptr [rsp+78h+var_40], 4
mov     eax, [rsp+78h+var_58]
mov     dword ptr [rsp+78h+var_50], eax
mov     byte ptr [rsp+78h+var_50+4], 0
movups  xmm0, [rsp+78h+var_50]
movups  [rsp+78h+var_30], xmm0
movups  xmm1, [rsp+78h+var_40]
movups  [rsp+78h+var_20], xmm1
xor     edi, edi
lea     rbx, [rsp+78h+var_30]
db      66h, 66h
nop     word ptr [rax+rax+00000000h]

By using the Encrypted String module, your static strings are securely obfuscated, significantly raising the bar for any potential attackers attempting to extract sensitive information from your program.