const_string.hHeader
Secure and obfuscated constant string storage for the libantispy library. More...
Defines
Type | Name |
---|---|
ANTISPY_CONST_STRING | |
ANTISPY_OBFUSCATED_STRING | |
ANTISPY_TEXT |
Detailed Description
The const_string.h file provides a template class const_string
that securely stores constant strings by encrypting them at compile time and offering various mechanisms for secure retrieval, including decryption and conversion to standard string types like std::string
, std::wstring
, and std::u32string
. This file also includes macros for creating such encrypted strings in a way that is resistant to reverse engineering.
Key Components:
A template class that stores an encrypted version of a constant string.
Provides methods for retrieving the string in different formats and accessing the encrypted data.
Supports compile-time and runtime encryption, as well as hashing for integrity checks.
ANTISPY_CONST_STRING :
- A macro that simplifies the creation of
const_string
objects, ensuring that strings are securely encrypted and stored at compile time.
- A macro that simplifies the creation of
ANTISPY_OBFUSCATED_STRING :
- A macro that introduces additional layers of security, including lazy initialization and obfuscation, to further protect the stored string.
ANTISPY_TEXT :
- A macro designed to create obfuscated and secure text strings, converting string literals into a
TCHAR*
pointer, making them resistant to static and dynamic analysis.
- A macro designed to create obfuscated and secure text strings, converting string literals into a
Detailed Description:
Class Templates:
libantispy::const_string
Purpose :
The
const_string
template class is designed to store constant strings securely by encrypting them at compile time.It provides methods to access these strings in a decrypted form, either as a
std::string
,std::wstring
, orstd::u32string
.The encryption key and the hash of the string are compile-time constants, ensuring that the string remains secure.
Template Parameters :
Key
: The encryption key used for encoding and decoding the string.Hash
: A compile-time constant representing the hash of the string, used for integrity checks or identification.N
: The size of the string (number of characters in the string).
Member Functions :
Constructor :
- Encrypts a UTF-32 string at compile time using the provided key and stores it securely.
operator std::string() const noexcept :
- Converts the encrypted string to a
std::string
by decrypting it and encoding it as UTF-8.
- Converts the encrypted string to a
operator std::wstring() const noexcept :
- Converts the encrypted string to a
std::wstring
by decrypting it and encoding it as a wide string.
- Converts the encrypted string to a
operator std::u32string() const noexcept :
- Converts the encrypted string to a
std::u32string
by decrypting it directly as UTF-32.
- Converts the encrypted string to a
raw_data() const noexcept :
- Returns a pointer to the raw encrypted data stored within the
const_string
object.
- Returns a pointer to the raw encrypted data stored within the
get_hash() const :
- Retrieves the precomputed hash value associated with the
const_string
object.
- Retrieves the precomputed hash value associated with the
initialize() const :
- Triggers any necessary initialization routines for the encrypted data stored within the
const_string
object.
- Triggers any necessary initialization routines for the encrypted data stored within the
Example Usage:
int
In this example, a UTF-32 string "SensitiveData" is encrypted at compile time using the key 1234
and stored in a const_string
object. It is later converted back to a std::string
when needed.
Macros:
ANTISPY_CONST_STRING
Purpose :
- Simplifies the creation of
const_string
objects that securely store strings encrypted at compile time.
- Simplifies the creation of
Functionality :
- Takes a string literal, encrypts it using a predefined encryption key and hash, and returns a
const_string
object.
- Takes a string literal, encrypts it using a predefined encryption key and hash, and returns a
Example Usage :
int
In this example, "SensitiveData" is encrypted and stored in a const_string
object. The original string is not exposed in plain text within the binary.
ANTISPY_OBFUSCATED_STRING
Purpose :
- Enhances the security of
const_string
objects by introducing additional layers of obfuscation and lazy initialization.
- Enhances the security of
Functionality :
- Creates an obfuscated
const_string
object that is only fully initialized when certain conditions are met, making it harder for attackers to reverse engineer or tamper with the string.
- Creates an obfuscated
Example Usage :
int
This example stores "SensitiveData" in an obfuscated and lazily-initialized const_string
object, providing enhanced protection.
ANTISPY_TEXT
Purpose :
- Converts a string literal into a secure and obfuscated text string, returning a
TCHAR*
pointer suitable for secure text operations.
- Converts a string literal into a secure and obfuscated text string, returning a
Functionality :
- Uses
ANTISPY_OBFUSCATED_STRING
to encrypt and obfuscate the string literal and then converts it to aTCHAR*
pointer.
- Uses
Example Usage :
int
This example demonstrates the secure storage of "SensitiveString" in a TCHAR*
format that is resistant to static analysis.
Security Considerations:
The
const_string
class and its associated macros are designed to protect sensitive string data from reverse engineering and unauthorized access. By encrypting the strings at compile time and offering obfuscation and lazy initialization mechanisms, they help ensure that sensitive information remains secure even in the face of advanced attacks.The use of compile-time encryption eliminates the need to expose plaintext strings in the binary, significantly reducing the attack surface.
Dependencies:
- The
const_string
class relies on internalantispy SDK
components for encryption, obfuscation, and secure memory management, ensuring that the string data is handled safely throughout its lifecycle.
Conclusion:
The const_string.h const_string.h file is a critical part of the antispy SDK
library, providing powerful tools for secure string storage and retrieval. Through the use of compile-time encryption, obfuscation, and careful memory management, it offers a robust solution for protecting sensitive strings within an application.
Defines
ANTISPY_CONST_STRING
Macro to create a compile-time encrypted constant string.
Detailed Description
The ANTISPY_CONST_STRING
macro is designed to create a const_string
object that stores a string in an encrypted form at compile time. This macro provides a convenient way to securely store constant strings within an application, protecting them from being exposed in plain text within the compiled binary.
Detailed Description:
Parameters :
s
: The string literal to be encrypted and stored. The input string should be a Unicode string literal, i.e., prefixed withU
, indicating it is a UTF-32 encoded string (e.g.,U"SensitiveData"
).
Functionality :
This macro invokes the
make_const_string
function template with the following parameters:ANTISPY_STRING_SEED
: A predefined constant used as the encryption key. This key is applied uniformly across the application to ensure consistent encryption.ANTISPY_FNV1A(U##s)
: A hash generated from the input string using the FNV-1a hashing algorithm. This hash serves as a unique identifier for the string and is used for quick comparisons and integrity checks.U##s
: The input string literal itself, passed as a UTF-32 encoded string.
The
make_const_string
function then encrypts the string at compile time, returning aconst_string
object that securely stores the encrypted string data.
Encryption Process :
- The encryption process ensures that the original string content is not stored in plain text within the compiled binary. Instead, the string is stored in its encrypted form, making it much harder for attackers to extract or tamper with the string data.
Hashing :
- The macro automatically computes a hash of the input string using the FNV-1a algorithm, which is known for its speed and low collision rate. This hash is used within the
const_string
object for quick comparisons and to ensure the integrity of the encrypted string.
- The macro automatically computes a hash of the input string using the FNV-1a algorithm, which is known for its speed and low collision rate. This hash is used within the
Use Case :
- The
ANTISPY_CONST_STRING
macro is intended for situations where constant strings need to be stored securely within an application. It is particularly useful in scenarios where sensitive data, such as keys, passwords, or confidential messages, need to be embedded in the application while remaining protected from reverse engineering and memory inspection.
- The
Example Usage :
int
In this example, the string "SensitiveData" is securely stored in the encrypted_string
object. The original string content is encrypted using the predefined ANTISPY_STRING_SEED
key and is not exposed in plain text.
Notes:
UTF-32 Encoding : The string literal passed to the macro should be a UTF-32 encoded string, indicated by the
U
prefix. This ensures that the string is compatible with the encryption mechanisms used by theconst_string
class.Security : By encrypting strings at compile time, the macro significantly enhances the security of the application, making it more resistant to attacks that rely on extracting sensitive data from the binary.
Parameters
s
: The string literal to be encrypted and stored as aconst_string
. The string should be a UTF-32 encoded literal (e.g.,U"SensitiveData"
).
ANTISPY_OBFUSCATED_STRING
Macro to create a lazily-initialized, obfuscated constant string.
Detailed Description
The ANTISPY_OBFUSCATED_STRING
macro is designed to create a const_string
object that securely stores a string in an encrypted and obfuscated form. This macro provides an additional layer of security by introducing randomization and delayed initialization techniques, making it even harder for attackers to extract or tamper with the stored string.
Detailed Description:
Parameters :
s
: The string literal to be encrypted, obfuscated, and stored. The input string should be a UTF-32 encoded string literal (e.g.,U"SensitiveData"
).
Functionality :
- This macro creates an encrypted
const_string
object using theANTISPY_CONST_STRING
macro. The resulting string is stored in a lazily-initialized static variable, which is protected by several layers of obfuscation and randomization.
- This macro creates an encrypted
Obfuscation Process :
Data Randomization : The macro introduces two random data blocks (
a
andb
) before and after the encrypted string object. These blocks help to obscure the memory layout, making it more difficult for attackers to locate the actual string data.Lazy Initialization : The string is only fully initialized if a specific condition is met. The condition checks whether the hash of the string is equal to zero. If the condition is true, the string is initialized by executing one of three possible initialization paths, each determined by the value of the first byte in the encrypted string.
Random Execution Paths : The initialization process uses a switch-case statement to select one of three possible paths, based on the modulo operation of the first byte in the encrypted string. Each path involves initializing one or more of the random data blocks (
a
orb
) and the encrypted string itself.
Purpose :
- The obfuscation techniques used in this macro significantly enhance the security of the stored string. By delaying the initialization and randomizing the memory layout, the macro makes it much more difficult for attackers to perform static or dynamic analysis to extract the encrypted string.
Example Usage :
int
In this example, the string "SensitiveData" is securely stored in the obfuscated_string
object. The string is encrypted, obfuscated, and initialized only when necessary, providing enhanced protection against reverse engineering.
Notes:
UTF-32 Encoding : The string literal passed to the macro should be a UTF-32 encoded string, indicated by the
U
prefix. This ensures compatibility with the encryption mechanisms used by theconst_string
class.Security : The macro leverages multiple security techniques, including compile-time encryption, data randomization, and lazy initialization, to protect the string data from unauthorized access or tampering.
Performance : While the macro introduces additional security measures, it may also introduce a slight performance overhead due to the lazy initialization and randomization processes. This trade-off is typically justified in scenarios where security is a top priority.
Parameters
s
: The string literal to be encrypted, obfuscated, and stored as aconst_string
. The string should be a UTF-32 encoded literal (e.g.,U"SensitiveData"
).
Returns
A reference to the obfuscated and encrypted const_string
object.
ANTISPY_TEXT
Macro to create an obfuscated and secure text string.
Detailed Description
The ANTISPY_TEXT
macro is designed to convert a string literal into a secure, obfuscated text string that can be safely used within your application. This macro combines encryption, obfuscation, and type conversion to produce a TCHAR
string that is resistant to static and dynamic analysis.
Detailed Description:
Parameters :
quote
: The string literal to be secured and obfuscated. This string can be of any type that supports conversion to abasic_string<ANTISPY_TCHAR>
, typically a wide or narrow string literal depending on the application's settings.
Functionality :
The macro first calls ANTISPY_OBFUSCATED_STRING(quote) to encrypt and obfuscate the string literal. The
ANTISPY_OBFUSCATED_STRING
macro introduces randomization, lazy initialization, and encryption to protect the string's content.The resulting obfuscated string is then converted into a
basic_string<ANTISPY_TCHAR>
type usingstatic_cast
. This type is dependent on theANTISPY_TCHAR
definition, which typically resolves to eitherchar
orwchar_t
depending on whether the application is using narrow or wide character strings.Finally, the
c_str()
method is called on the resultingbasic_string<ANTISPY_TCHAR>
to obtain a pointer to the secure, obfuscated string, which can be used in API calls or other parts of your application where aTCHAR*
is expected.
Purpose :
- The
ANTISPY_TEXT
macro is primarily intended for use in applications where string literals need to be protected from reverse engineering and tampering. By converting the string into an obfuscated and encrypted form, it becomes significantly harder for attackers to extract meaningful information from the compiled binary or during runtime.
- The
Use Cases :
Protecting sensitive string literals, such as passwords, API keys, or proprietary information, that are hard-coded in the source code.
Securing strings used in error messages, logging, or UI components that should not be exposed in plaintext.
Example Usage :
int
In this example, both the message and the title are stored securely in the binary and are only decrypted and used when the MessageBox
function is called. This prevents the strings from being easily extracted through binary analysis.
Notes:
Security Considerations : While this macro provides a significant level of security through obfuscation and encryption, it is important to remember that no method is entirely foolproof. It should be part of a broader security strategy that includes other protective measures.
Performance : The use of this macro introduces some overhead due to the obfuscation and encryption processes. However, this is generally acceptable in contexts where security is a priority.
Character Set : The macro adapts to the character set used by your application, whether it be narrow or wide characters, based on the definition of
ANTISPY_TCHAR
.
Parameters
quote
: The string literal to be encrypted, obfuscated, and converted to a secureTCHAR*
.
Returns
A TCHAR*
pointer to the obfuscated and encrypted string, suitable for use in secure text operations.