www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Re: Obfuscating function names and the like inside exe file

reply bobef <_asd_ASd_ASD_Asdasd_ASd asdasda___dasd.com> writes:
Walter Bright Wrote:

 
 1. make sure you're not compiling with debug info (-g) on.
 

Bye bye stack traces... :(
 2. you can just use a bit editor to stomp on those names in the executable 
 (replace them with XXXXX or whatever). The exe files are not checksummed, so 
 this should be straightforward.
 

Too much manual work. Any clues how I can automate this? At least where I should look for info?
 3. rename your sensitive classes to obscure names, then alias them to a
readable 
 name. The alias name shouldn't appear in the executable:
 
      class CXX97ASDFXX { }
      alias CXX97ASDFXX mySensitiveName;

Nice idea. Didn't thought about it. But it won't work for external libraries. For example if I'm using dcrypt it will be obvious I'm using one of its supported ciphers for my encrypted data. I wouldn't wish this to be so obvious, at least not for people without reverse-engineering skills. Thanks.
Mar 21 2010
next sibling parent Walter Bright <newshound1 digitalmars.com> writes:
bobef wrote:
 Walter Bright Wrote:

  (replace them with XXXXX or whatever). The exe files are not checksummed,
 so this should be straightforward.
 

Too much manual work. Any clues how I can automate this? At least where I should look for info?

You can write a simple D program that contains a list of strings to patch. It reads the exe file, patches it, and writes it back out.
Mar 21 2010
prev sibling parent BCS <none anon.com> writes:
Hello bobef,

 Walter Bright Wrote:
 
 1. make sure you're not compiling with debug info (-g) on.
 


Only for release builds.
 2. you can just use a bit editor to stomp on those names in the
 executable (replace them with XXXXX or whatever). The exe files are
 not checksummed, so this should be straightforward.
 

where I should look for info?

If you know what to look for, some kind of find/replace might work.
 3. rename your sensitive classes to obscure names, then alias them to
 a readable name. The alias name shouldn't appear in the executable:
 
 class CXX97ASDFXX { }
 alias CXX97ASDFXX mySensitiveName;

libraries. For example if I'm using dcrypt it will be obvious I'm using one of its supported ciphers for my encrypted data. I wouldn't wish this to be so obvious, at least not for people without reverse-engineering skills.

I'd assume anyone who can identify the cypher from function names and apply it to strings in the file already has reverse-engineering skills. And if you are considering the attacker knowing what cypher you are using to be a security issue, don't bother I anyone able to think about cracking any real cypher can get that from the binary no matter what you do. -- ... <IXOYE><
Mar 21 2010