• bobef <_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> Mar 20 2010
• "Robert Jacques" <sandford jhu.edu> Mar 20 2010
• Ellery Newcomer <ellery-newcomer utulsa.edu> Mar 20 2010
• BCS <none anon.com> Mar 20 2010
• Walter Bright <newshound1 digitalmars.com> Mar 20 2010
• "Nick Sabalausky" <a a.a> Mar 20 2010
• Walter Bright <newshound1 digitalmars.com> Mar 20 2010
• Mike James <foo bar.com> Mar 21 2010
• Daniel Keep <daniel.keep.lists gmail.com> Mar 20 2010

bobef <_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> writes:

Hello all,

I was wondering if someone know of way to obfuscate all the strings and
function names and class names inside DMD Windows generated exe file. Opening
the file with notepad shows all kinds of strings and names in clear text and
since my application handles some sensitive data it gives me an extra feeling
of insecurity. Any suggestions?

Thanks

"Robert Jacques" <sandford jhu.edu> writes:

On Sat, 20 Mar 2010 10:12:14 -0300, bobef  
<_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> wrote:
 Hello all,

 I was wondering if someone know of way to obfuscate all the strings and  
 function names and class names inside DMD Windows generated exe file.  
 Opening the file with notepad shows all kinds of strings and names in  
 clear text and since my application handles some sensitive data it gives  
 me an extra feeling of insecurity. Any suggestions?

 Thanks


Regarding function names/etc. I'd expect any industry standard obfuscator  
would scramble them for you. A bigger problem is the data segment which  
stores any constant strings, etc. If you really have to include them in  
your program, I'd recommend writing a compile time encrypt and runtime  
decrypt function pair. i.e.

string name = rt_decrypt(ct_encrypt!"important name");

Ellery Newcomer <ellery-newcomer utulsa.edu> writes:

On 03/20/2010 11:24 AM, Robert Jacques wrote:
 On Sat, 20 Mar 2010 10:12:14 -0300, bobef
 <_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> wrote:
 Hello all,

 I was wondering if someone know of way to obfuscate all the strings
 and function names and class names inside DMD Windows generated exe
 file. Opening the file with notepad shows all kinds of strings and
 names in clear text and since my application handles some sensitive
 data it gives me an extra feeling of insecurity. Any suggestions?

 Thanks


 Regarding function names/etc. I'd expect any industry standard
 obfuscator would scramble them for you. A bigger problem is the data
 segment which stores any constant strings, etc. If you really have to
 include them in your program, I'd recommend writing a compile time
 encrypt and runtime decrypt function pair. i.e.

 string name = rt_decrypt(ct_encrypt!"important name");


Doesn't that just put "important name" in the mangled name of ct_encrypt 
(albeit in hex)?

BCS <none anon.com> writes:

Hello Ellery,

 On 03/20/2010 11:24 AM, Robert Jacques wrote:
 
 On Sat, 20 Mar 2010 10:12:14 -0300, bobef
 <_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> wrote:
 Hello all,
 
 I was wondering if someone know of way to obfuscate all the strings
 and function names and class names inside DMD Windows generated exe
 file. Opening the file with notepad shows all kinds of strings and
 names in clear text and since my application handles some sensitive
 data it gives me an extra feeling of insecurity. Any suggestions?
 
 Thanks
 


 obfuscator would scramble them for you. A bigger problem is the data
 segment which stores any constant strings, etc. If you really have to
 include them in your program, I'd recommend writing a compile time
 encrypt and runtime decrypt function pair. i.e.
 
 string name = rt_decrypt(ct_encrypt!"important name");
 


 ct_encrypt (albeit in hex)?
 


Use a CTFE compression function and that problem should go away (as long 
as you can force CTFE).

-- 
... <IXOYE><

Walter Bright <newshound1 digitalmars.com> writes:

bobef wrote:
 I was wondering if someone know of way to obfuscate all the strings and
 function names and class names inside DMD Windows generated exe file. Opening
 the file with notepad shows all kinds of strings and names in clear text and
 since my application handles some sensitive data it gives me an extra feeling
 of insecurity. Any suggestions?


1. make sure you're not compiling with debug info (-g) on.

2. you can just use a bit editor to stomp on those names in the executable 
(replace them with XXXXX or whatever). The exe files are not checksummed, so 
this should be straightforward.

3. rename your sensitive classes to obscure names, then alias them to a
readable 
name. The alias name shouldn't appear in the executable:

     class CXX97ASDFXX { }
     alias CXX97ASDFXX mySensitiveName;

"Nick Sabalausky" <a a.a> writes:

"Walter Bright" <newshound1 digitalmars.com> wrote in message 
news:ho34du$2lij$1 digitalmars.com...
 bobef wrote:
 I was wondering if someone know of way to obfuscate all the strings and
 function names and class names inside DMD Windows generated exe file. 
 Opening
 the file with notepad shows all kinds of strings and names in clear text 
 and
 since my application handles some sensitive data it gives me an extra 
 feeling
 of insecurity. Any suggestions?


 1. make sure you're not compiling with debug info (-g) on.

 2. you can just use a bit editor to stomp on those names in the executable 
 (replace them with XXXXX or whatever). The exe files are not checksummed, 
 so this should be straightforward.

 3. rename your sensitive classes to obscure names, then alias them to a 
 readable name. The alias name shouldn't appear in the executable:

     class CXX97ASDFXX { }
     alias CXX97ASDFXX mySensitiveName;


Wouldn't compiler errors still refer to the obfuscated name? 

Walter Bright <newshound1 digitalmars.com> writes:

Nick Sabalausky wrote:
 3. rename your sensitive classes to obscure names, then alias them to a 
 readable name. The alias name shouldn't appear in the executable:

     class CXX97ASDFXX { }
     alias CXX97ASDFXX mySensitiveName;


 Wouldn't compiler errors still refer to the obfuscated name? 


Sometimes.

Mike James <foo bar.com> writes:

Walter Bright Wrote:

 Nick Sabalausky wrote:
 3. rename your sensitive classes to obscure names, then alias them to a 
 readable name. The alias name shouldn't appear in the executable:

     class CXX97ASDFXX { }
     alias CXX97ASDFXX mySensitiveName;


 Wouldn't compiler errors still refer to the obfuscated name? 


 Sometimes.


Ah... An obfuscated answer to an obfuscation question.

Daniel Keep <daniel.keep.lists gmail.com> writes:

bobef wrote:
 Hello all,
 
 I was wondering if someone know of way to obfuscate all the strings and
function names and class names inside DMD Windows generated exe file. Opening
the file with notepad shows all kinds of strings and names in clear text and
since my application handles some sensitive data it gives me an extra feeling
of insecurity. Any suggestions?
 
 Thanks


module seakrit;

char[] supar_enkript(char[] mah_secret)
{
    char[] result = mah_secret.dup;
    for( size_t i=0; i<result.length; ++i )
        result[i] = ~result[i];
    return result;
}

alias supar_enkript supar_dekript;

const supar_seakrit_password = supar_enkript("O HAI THAR");

import tango.io.Stdout;

void main()
{
    Stdout("Tha supar seakrit password is: ")
        (supar_dekript(supar_seakrit_password)).newline;
}


Note that simply using supar_enkript("O HAI THAR") isn't sufficient; you
have to make sure you trigger compile-time evaluation or you'll end up
with the seakrit in the object file.

For extra sekuritee, put supar_enkript in another module that you never
link to.

Of course, the reason for all the bad spelling is to indicate that this
isn't really something I can imagine helping.  If your program handles
sensitive data, protect the data, not your program.

If your program *contains* sensitive information, don't give it to the
wrong people.

If someone is really, seriously determined to get at that information,
there's nothing you can do to stop them.