const_string.hHeader

Secure and obfuscated constant string storage for the libantispy library. More...

Defines

TypeName
ANTISPY_CONST_STRING
ANTISPY_OBFUSCATED_STRING
ANTISPY_TEXT

Detailed Description

The const_string.h file provides a template class const_string that securely stores constant strings by encrypting them at compile time and offering various mechanisms for secure retrieval, including decryption and conversion to standard string types like std::string , std::wstring , and std::u32string . This file also includes macros for creating such encrypted strings in a way that is resistant to reverse engineering.

Key Components:

  • libantispy::const_string :

    • A template class that stores an encrypted version of a constant string.

    • Provides methods for retrieving the string in different formats and accessing the encrypted data.

    • Supports compile-time and runtime encryption, as well as hashing for integrity checks.

  • ANTISPY_CONST_STRING :

    • A macro that simplifies the creation of const_string objects, ensuring that strings are securely encrypted and stored at compile time.
  • ANTISPY_OBFUSCATED_STRING :

    • A macro that introduces additional layers of security, including lazy initialization and obfuscation, to further protect the stored string.
  • ANTISPY_TEXT :

    • A macro designed to create obfuscated and secure text strings, converting string literals into a TCHAR* pointer, making them resistant to static and dynamic analysis.

Detailed Description:

Class Templates:

libantispy::const_string

  • Purpose :

    • The const_string template class is designed to store constant strings securely by encrypting them at compile time.

    • It provides methods to access these strings in a decrypted form, either as a std::string , std::wstring , or std::u32string .

    • The encryption key and the hash of the string are compile-time constants, ensuring that the string remains secure.

  • Template Parameters :

    • Key : The encryption key used for encoding and decoding the string.

    • Hash : A compile-time constant representing the hash of the string, used for integrity checks or identification.

    • N : The size of the string (number of characters in the string).

  • Member Functions :

    • Constructor :

      • Encrypts a UTF-32 string at compile time using the provided key and stores it securely.
    • operator std::string() const noexcept :

      • Converts the encrypted string to a std::string by decrypting it and encoding it as UTF-8.
    • operator std::wstring() const noexcept :

      • Converts the encrypted string to a std::wstring by decrypting it and encoding it as a wide string.
    • operator std::u32string() const noexcept :

      • Converts the encrypted string to a std::u32string by decrypting it directly as UTF-32.
    • raw_data() const noexcept :

      • Returns a pointer to the raw encrypted data stored within the const_string object.
    • get_hash() const :

      • Retrieves the precomputed hash value associated with the const_string object.
    • initialize() const :

      • Triggers any necessary initialization routines for the encrypted data stored within the const_string object.

Example Usage:

#include <antispy/libantispy.h>

int main() {
   constexpr auto encrypted_str = libantispy::const_string<1234, 5678, 14>(U"SensitiveData");
   std::string decrypted_str = encrypted_str;
}

In this example, a UTF-32 string "SensitiveData" is encrypted at compile time using the key 1234 and stored in a const_string object. It is later converted back to a std::string when needed.

Macros:

ANTISPY_CONST_STRING

  • Purpose :

    • Simplifies the creation of const_string objects that securely store strings encrypted at compile time.
  • Functionality :

    • Takes a string literal, encrypts it using a predefined encryption key and hash, and returns a const_string object.
  • Example Usage :

#include <antispy/libantispy.h>

int main() {
   constexpr auto encrypted_string = ANTISPY_CONST_STRING("SensitiveData");
}

In this example, "SensitiveData" is encrypted and stored in a const_string object. The original string is not exposed in plain text within the binary.

ANTISPY_OBFUSCATED_STRING

  • Purpose :

    • Enhances the security of const_string objects by introducing additional layers of obfuscation and lazy initialization.
  • Functionality :

    • Creates an obfuscated const_string object that is only fully initialized when certain conditions are met, making it harder for attackers to reverse engineer or tamper with the string.
  • Example Usage :

#include <antispy/libantispy.h>

int main() {
   auto& obfuscated_string = ANTISPY_OBFUSCATED_STRING("SensitiveData");
}

This example stores "SensitiveData" in an obfuscated and lazily-initialized const_string object, providing enhanced protection.

ANTISPY_TEXT

  • Purpose :

    • Converts a string literal into a secure and obfuscated text string, returning a TCHAR* pointer suitable for secure text operations.
  • Functionality :

  • Example Usage :

#include <antispy/libantispy.h>

int main() {
   const TCHAR* secureText = ANTISPY_TEXT("SensitiveString");
}

This example demonstrates the secure storage of "SensitiveString" in a TCHAR* format that is resistant to static analysis.

Security Considerations:

  • The const_string class and its associated macros are designed to protect sensitive string data from reverse engineering and unauthorized access. By encrypting the strings at compile time and offering obfuscation and lazy initialization mechanisms, they help ensure that sensitive information remains secure even in the face of advanced attacks.

  • The use of compile-time encryption eliminates the need to expose plaintext strings in the binary, significantly reducing the attack surface.

Dependencies:

  • The const_string class relies on internal antispy SDK components for encryption, obfuscation, and secure memory management, ensuring that the string data is handled safely throughout its lifecycle.

Conclusion:

The const_string.h const_string.h file is a critical part of the antispy SDK library, providing powerful tools for secure string storage and retrieval. Through the use of compile-time encryption, obfuscation, and careful memory management, it offers a robust solution for protecting sensitive strings within an application.

Defines

ANTISPY_CONST_STRING

Macro to create a compile-time encrypted constant string.

Detailed Description

The ANTISPY_CONST_STRING macro is designed to create a const_string object that stores a string in an encrypted form at compile time. This macro provides a convenient way to securely store constant strings within an application, protecting them from being exposed in plain text within the compiled binary.

Detailed Description:

  • Parameters :

    • s : The string literal to be encrypted and stored. The input string should be a Unicode string literal, i.e., prefixed with U , indicating it is a UTF-32 encoded string (e.g., U"SensitiveData" ).
  • Functionality :

    • This macro invokes the make_const_string function template with the following parameters:

      • ANTISPY_STRING_SEED : A predefined constant used as the encryption key. This key is applied uniformly across the application to ensure consistent encryption.

      • ANTISPY_FNV1A(U##s) : A hash generated from the input string using the FNV-1a hashing algorithm. This hash serves as a unique identifier for the string and is used for quick comparisons and integrity checks.

      • U##s : The input string literal itself, passed as a UTF-32 encoded string.

    • The make_const_string function then encrypts the string at compile time, returning a const_string object that securely stores the encrypted string data.

  • Encryption Process :

    • The encryption process ensures that the original string content is not stored in plain text within the compiled binary. Instead, the string is stored in its encrypted form, making it much harder for attackers to extract or tamper with the string data.
  • Hashing :

    • The macro automatically computes a hash of the input string using the FNV-1a algorithm, which is known for its speed and low collision rate. This hash is used within the const_string object for quick comparisons and to ensure the integrity of the encrypted string.
  • Use Case :

    • The ANTISPY_CONST_STRING macro is intended for situations where constant strings need to be stored securely within an application. It is particularly useful in scenarios where sensitive data, such as keys, passwords, or confidential messages, need to be embedded in the application while remaining protected from reverse engineering and memory inspection.
  • Example Usage :

#include <antispy/libantispy.h>

int main() {
   constexpr auto encrypted_string = ANTISPY_CONST_STRING("SensitiveData");
}

In this example, the string "SensitiveData" is securely stored in the encrypted_string object. The original string content is encrypted using the predefined ANTISPY_STRING_SEED key and is not exposed in plain text.

Notes:

  • UTF-32 Encoding : The string literal passed to the macro should be a UTF-32 encoded string, indicated by the U prefix. This ensures that the string is compatible with the encryption mechanisms used by the const_string class.

  • Security : By encrypting strings at compile time, the macro significantly enhances the security of the application, making it more resistant to attacks that rely on extracting sensitive data from the binary.

Parameters

  • s: The string literal to be encrypted and stored as a const_string . The string should be a UTF-32 encoded literal (e.g., U"SensitiveData" ).

ANTISPY_OBFUSCATED_STRING

Macro to create a lazily-initialized, obfuscated constant string.

Detailed Description

The ANTISPY_OBFUSCATED_STRING macro is designed to create a const_string object that securely stores a string in an encrypted and obfuscated form. This macro provides an additional layer of security by introducing randomization and delayed initialization techniques, making it even harder for attackers to extract or tamper with the stored string.

Detailed Description:

  • Parameters :

    • s : The string literal to be encrypted, obfuscated, and stored. The input string should be a UTF-32 encoded string literal (e.g., U"SensitiveData" ).
  • Functionality :

    • This macro creates an encrypted const_string object using the ANTISPY_CONST_STRING macro. The resulting string is stored in a lazily-initialized static variable, which is protected by several layers of obfuscation and randomization.
  • Obfuscation Process :

    • Data Randomization : The macro introduces two random data blocks ( a and b ) before and after the encrypted string object. These blocks help to obscure the memory layout, making it more difficult for attackers to locate the actual string data.

    • Lazy Initialization : The string is only fully initialized if a specific condition is met. The condition checks whether the hash of the string is equal to zero. If the condition is true, the string is initialized by executing one of three possible initialization paths, each determined by the value of the first byte in the encrypted string.

    • Random Execution Paths : The initialization process uses a switch-case statement to select one of three possible paths, based on the modulo operation of the first byte in the encrypted string. Each path involves initializing one or more of the random data blocks ( a or b ) and the encrypted string itself.

  • Purpose :

    • The obfuscation techniques used in this macro significantly enhance the security of the stored string. By delaying the initialization and randomizing the memory layout, the macro makes it much more difficult for attackers to perform static or dynamic analysis to extract the encrypted string.
  • Example Usage :

#include <antispy/libantispy.h>

int main() {
   auto& obfuscated_string = ANTISPY_OBFUSCATED_STRING("SensitiveData");
}

In this example, the string "SensitiveData" is securely stored in the obfuscated_string object. The string is encrypted, obfuscated, and initialized only when necessary, providing enhanced protection against reverse engineering.

Notes:

  • UTF-32 Encoding : The string literal passed to the macro should be a UTF-32 encoded string, indicated by the U prefix. This ensures compatibility with the encryption mechanisms used by the const_string class.

  • Security : The macro leverages multiple security techniques, including compile-time encryption, data randomization, and lazy initialization, to protect the string data from unauthorized access or tampering.

  • Performance : While the macro introduces additional security measures, it may also introduce a slight performance overhead due to the lazy initialization and randomization processes. This trade-off is typically justified in scenarios where security is a top priority.

Parameters

  • s: The string literal to be encrypted, obfuscated, and stored as a const_string . The string should be a UTF-32 encoded literal (e.g., U"SensitiveData" ).

Returns

A reference to the obfuscated and encrypted const_string object.

ANTISPY_TEXT

Macro to create an obfuscated and secure text string.

Detailed Description

The ANTISPY_TEXT macro is designed to convert a string literal into a secure, obfuscated text string that can be safely used within your application. This macro combines encryption, obfuscation, and type conversion to produce a TCHAR string that is resistant to static and dynamic analysis.

Detailed Description:

  • Parameters :

    • quote : The string literal to be secured and obfuscated. This string can be of any type that supports conversion to a basic_string<ANTISPY_TCHAR> , typically a wide or narrow string literal depending on the application's settings.
  • Functionality :

    • The macro first calls ANTISPY_OBFUSCATED_STRING(quote) to encrypt and obfuscate the string literal. The ANTISPY_OBFUSCATED_STRING macro introduces randomization, lazy initialization, and encryption to protect the string's content.

    • The resulting obfuscated string is then converted into a basic_string<ANTISPY_TCHAR> type using static_cast . This type is dependent on the ANTISPY_TCHAR definition, which typically resolves to either char or wchar_t depending on whether the application is using narrow or wide character strings.

    • Finally, the c_str() method is called on the resulting basic_string<ANTISPY_TCHAR> to obtain a pointer to the secure, obfuscated string, which can be used in API calls or other parts of your application where a TCHAR* is expected.

  • Purpose :

    • The ANTISPY_TEXT macro is primarily intended for use in applications where string literals need to be protected from reverse engineering and tampering. By converting the string into an obfuscated and encrypted form, it becomes significantly harder for attackers to extract meaningful information from the compiled binary or during runtime.
  • Use Cases :

    • Protecting sensitive string literals, such as passwords, API keys, or proprietary information, that are hard-coded in the source code.

    • Securing strings used in error messages, logging, or UI components that should not be exposed in plaintext.

  • Example Usage :

#include <antispy/libantispy.h>
#include <iostream>

int main() {
   std::cout << ANTISPY_TEXT("SensitiveString\n");
}

In this example, both the message and the title are stored securely in the binary and are only decrypted and used when the MessageBox function is called. This prevents the strings from being easily extracted through binary analysis.

Notes:

  • Security Considerations : While this macro provides a significant level of security through obfuscation and encryption, it is important to remember that no method is entirely foolproof. It should be part of a broader security strategy that includes other protective measures.

  • Performance : The use of this macro introduces some overhead due to the obfuscation and encryption processes. However, this is generally acceptable in contexts where security is a priority.

  • Character Set : The macro adapts to the character set used by your application, whether it be narrow or wide characters, based on the definition of ANTISPY_TCHAR .

Parameters

  • quote: The string literal to be encrypted, obfuscated, and converted to a secure TCHAR* .

Returns

A TCHAR* pointer to the obfuscated and encrypted string, suitable for use in secure text operations.