c printf/variables content visible in compiled binary. How to hidethat ? - Unix

This is a discussion on c printf/variables content visible in compiled binary. How to hidethat ? - Unix ; Ok.. maybe the subject is not 100% clear. My problem is the following. I'm doing a little tool that generate a text file. The content of the text file is stored in a "const char *mycontent" When I compile the ...

+ Reply to Thread
Results 1 to 16 of 16

Thread: c printf/variables content visible in compiled binary. How to hidethat ?

  1. c printf/variables content visible in compiled binary. How to hidethat ?

    Ok.. maybe the subject is not 100% clear.

    My problem is the following. I'm doing a little tool that generate a
    text file.

    The content of the text file is stored in a "const char *mycontent"

    When I compile the program and I do "strings
    compiled_program_binary".. I see the content of the "mycontent"
    variable.

    Is there any way to make sure it will not be visible when doing
    'strings' ?

    Thanks,
    --Ben

  2. Re: c printf/variables content visible in compiled binary. How to hidethat ?

    In article ,
    Benoit Lefebvre wrote:
    >Ok.. maybe the subject is not 100% clear.
    >
    >My problem is the following. I'm doing a little tool that generate a
    >text file.
    >
    >The content of the text file is stored in a "const char *mycontent"
    >
    >When I compile the program and I do "strings
    >compiled_program_binary".. I see the content of the "mycontent"
    >variable.
    >
    >Is there any way to make sure it will not be visible when doing
    >'strings' ?


    ROT13 it?
    Who are you trying to hide it from, and why?


    dave


  3. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 28, 4:17 pm, dj3va...@csclub.uwaterloo.ca.invalid wrote:
    > In article ,
    > Benoit Lefebvre wrote:
    >
    > >Ok.. maybe the subject is not 100% clear.

    >
    > >My problem is the following. I'm doing a little tool that generate a
    > >text file.

    >
    > >The content of the text file is stored in a "const char *mycontent"

    >
    > >When I compile the program and I do "strings
    > >compiled_program_binary".. I see the content of the "mycontent"
    > >variable.

    >
    > >Is there any way to make sure it will not be visible when doing
    > >'strings' ?

    >
    > ROT13 it?
    > Who are you trying to hide it from, and why?
    >
    > dave


    It's an RSA ssh key.

    My script is calling ssh to do some check on a list of remote systems
    and I don't want the rsa key available on the filesystem or to any
    user.

    So my program create a temporary file and use it as the public key for
    the ssh connection. Once it's done it erases the file.

    --Ben

  4. Re: c printf/variables content visible in compiled binary. How tohide that ?

    In article <1e4fef27-ef0f-41a7-85dc-6bd345a11fdf@p69g2000hsa.googlegroups.com>,
    Benoit Lefebvre wrote:
    >On Nov 28, 4:17 pm, dj3va...@csclub.uwaterloo.ca.invalid wrote:
    >> In article ,
    >> Benoit Lefebvre wrote:


    >> >Is there any way to make sure it will not be visible when doing
    >> >'strings' ?

    >>
    >> ROT13 it?
    >> Who are you trying to hide it from, and why?
    >>
    >> dave

    >
    >It's an RSA ssh key.
    >
    >My script is calling ssh to do some check on a list of remote systems
    >and I don't want the rsa key available on the filesystem or to any
    >user.


    Who are you trying to hide it from?

    If it's just a casual snooper, do some simple reversible transformation
    to it (like XORing each character with the result of a known function
    like a PRNG with a specified seed), and whatever shows up in the output
    of the binary won't be the key you're using.


    If you're trying to defend against anything more than a casual snooper,
    you need to re-think how you're doing the whole process, because:
    >So my program create a temporary file

    as soon as you do this, you've lost if the attacker has bothered to
    take a close look at what the program is doing.

    Against a determined and intelligent attacker, you have even more to
    worry about. Your program has to convert the data into a form it
    recognizes somehow (without requiring human intervention, if I'm not
    mistaken?), and somebody who's interested enough to run the code under
    a debugger will be able to track what it's doing and follow the same
    steps to get the information.


    dave


  5. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 28, 1:29 pm, Benoit Lefebvre wrote:

    > It's an RSA ssh key.
    >
    > My script is calling ssh to do some check on a list of remote systems
    > and I don't want the rsa key available on the filesystem or to any
    > user.
    >
    > So my program create a temporary file and use it as the public key for
    > the ssh connection. Once it's done it erases the file.
    >
    > --Ben


    Since the user of the script is authorized to perform that command,
    and the RSA ssh key can only be used to perform that command (right?
    otherwise, fix that first!) there is no harm in allowing anyone
    authorized to use the script to see the key.

    Fundamentally, the solution is to split the program into two parts, a
    client and a server. The client only sends requests to the server and
    the server only performs requests the client is authorized to issue.
    The user has no access to the server and so can't compromise it. You
    already have this, you just need to lock down the server so it will
    only perform authorized operations. Then it won't matter if the user
    sees what's in the client.

    DS

  6. Re: c printf/variables content visible in compiled binary. How to hide that ?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHTe+bVcFcaSW/uEgRAkaTAKDT+aygenp0as51HSwlDvCrg2YQLwCfVF7k
    NyI0eEJFhlaj/jnc9MYiMqE=
    =MnJf
    -----END PGP SIGNATURE-----

  7. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 28, 5:45 pm, Roger Leigh wrote:
    > Benoit Lefebvre writes:
    > > The content of the text file is stored in a "const char *mycontent"

    >
    > > When I compile the program and I do "strings
    > > compiled_program_binary".. I see the content of the "mycontent"
    > > variable.

    >
    > > Is there any way to make sure it will not be visible when doing
    > > 'strings' ?

    >
    > Of course, depending on how much effort you want to put into it.
    > But, why?
    >
    > Regards,
    > Roger
    >
    > --
    > .''`. Roger Leigh
    > : :' : Debian GNU/Linux http://people.debian.org/~rleigh/
    > `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
    > `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
    >
    > application_pgp-signature_part
    > 1KDownload


    The original question was not about _why_ I want to do it but _how_ I
    want to do it.

    For the "why" part, This user already have a SSL key that require a
    Passphrase to do remote commands manually.
    This program will be called by the user's crontab and can't handle the
    "Passphrase" part of the original Key.
    So I created a second Key without any passphrase but I don't want it
    to be available too easily. That's why I want to generate it with my
    program and erase it before leaving.
    It doesn't have to be 100% bullet proof but I don't want to see it
    when I do "strings my_program"

    Now that you guys have the "why".. let's talk about the "HOW" :-)

    For this part I think I'll go with base64 or whatever because rot13
    does not include others chars than [A-Za-z]+
    Anyone got a better idea?
    At the beginning I was thinking maybe there is a compiler flag that
    would do the job.. looks like no.. heh

    Thanks
    --Ben

  8. Re: c printf/variables content visible in compiled binary. How tohide that ?

    Benoit Lefebvre writes:

    > It doesn't have to be 100% bullet proof but I don't want to see it
    > when I do "strings my_program"


    Your idea isn't even 1% bullet proof against minimally-knowledgeable
    attacker, who can run strace/truss/tusc against your executable
    and clearly see what it writes to disk.

    But I'll limit the discussion just to "how to avoid seeing the
    string in 'strings' output".

    > For this part I think I'll go with base64 or whatever because rot13
    > does not include others chars than [A-Za-z]+


    Both rot13 and base64 buy you very little: the string is still an
    ASCII string, and is still visible in the 'strings' output (albeit
    in slightly obfuscated form).

    > Anyone got a better idea?


    Yes: XOR it with a known binary pattern so it isn't in ASCII at all
    (as already has been suggested).

    Another common technique is this:

    // const char *const passphrase = "a simple passphrase";
    char letter[] = " aehilmprs";
    int idx[] = { 1, 0, 9, 4, 6, 7, 5, ..., 10, -1};

    int i = 0, j = 0;
    char buf[1024];
    while (0 <= idx[i]) buf[j++] = letter[i++];

    Cheers,
    --
    In order to understand recursion you must first understand recursion.
    Remove /-nsp/ for email.

  9. Re: c printf/variables content visible in compiled binary. How tohide that ?

    Benoit Lefebvre wrote:
    > For this part I think I'll go with base64 or whatever because rot13
    > does not include others chars than [A-Za-z]+


    base64 is going to make it MORE likely the data will show up in the
    output of 'strings'. It will make it entirely into printable characters.

    If you really want to make the data not show up in the output of
    'strings', do some sort of transformation that converts it all into
    non-printable characters, or that inserts a non-printable character
    periodically (since 'strings' looks for sequences of consecutive
    printable characters). One possible way to do this, if you are
    already starting with a string of printable characters (probably
    hexadecimal numbers) would be to add 128 to every other number.
    Then store this as an array of unsigned characters. If you start
    with all ASCII characters (which are by definition in the range
    0-127), you will then have an output that has no two consecutive
    ASCII characters. You can reverse this transformation by ANDing
    with 0x7f. Of course, this assumes the top-most bit was meaningless
    to start with for every character. If that's not true, it would
    trash your data.

    > Anyone got a better idea?
    > At the beginning I was thinking maybe there is a compiler flag that
    > would do the job.. looks like no.. heh


    There are object file obfuscators out there for various languages.
    I know that they are avaialble for C# and for Java. I don't know
    of any for C though. But in principle, it could happen.

    - Logan

  10. Re: c printf/variables content visible in compiled binary. How tohide that ?

    Logan Shaw wrote:
    > Benoit Lefebvre wrote:
    >> For this part I think I'll go with base64 or whatever because rot13
    >> does not include others chars than [A-Za-z]+

    >
    > base64 is going to make it MORE likely the data will show up in the
    > output of 'strings'. It will make it entirely into printable characters.


    One of the simpler and more effective security-by-obscurity techniques
    is to divide and concatenate. I.e. instead of

    #define PASSPHRASE "MyString"

    use

    #define PASSPHRASE1 "MYS"
    #define PASSPHRASE2 "TRI"
    #define PASSPHRASE3 "NG"

    Then concatenate these into a dynamic buffer at runtime. This could of
    course be combined with order reversal, case conversion, etc. of course
    this can still be beaten with a debugger, yadda yadda, but if you want
    to beat "strings" this will do it.

    There are many other simple tricks, like maybe an array of chars with
    the high bits turned on so they don't look like printable ASCII
    characters. Simply mask off the high bits before use. Or XOR each char. Etc.

    HT

  11. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 28, 10:02 pm, Benoit Lefebvre
    wrote:
    > Ok.. maybe the subject is not 100% clear.
    >
    > My problem is the following. I'm doing a little tool that generate a
    > text file.
    >
    > The content of the text file is stored in a "const char *mycontent"
    >
    > When I compile the program and I do "strings
    > compiled_program_binary".. I see the content of the "mycontent"
    > variable.
    >
    > Is there any way to make sure it will not be visible when doing
    > 'strings' ?
    >
    > Thanks,
    > --Ben


    and
    $> strip your_binaries


  12. Re: c printf/variables content visible in compiled binary. How tohide that ?

    In article ,
    Paul Pluzhnikov wrote:
    >Benoit Lefebvre writes:


    >> For this part I think I'll go with base64 or whatever because rot13
    >> does not include others chars than [A-Za-z]+

    >
    >Both rot13 and base64 buy you very little: the string is still an
    >ASCII string, and is still visible in the 'strings' output (albeit
    >in slightly obfuscated form).


    If it's a key that's already base64-encoded, rot13ing just the
    base64-encoded part and not any wrappers around it would actually be a
    somewhat evil thing to do. That would give casual snoopers something
    that looks like a well-formed key but doesn't work.


    dave


  13. Re: c printf/variables content visible in compiled binary. How tohide that ?

    In article ,
    wrote:
    >In article ,
    >Paul Pluzhnikov wrote:
    >>Benoit Lefebvre writes:

    >
    >>> For this part I think I'll go with base64 or whatever because rot13
    >>> does not include others chars than [A-Za-z]+

    >>
    >>Both rot13 and base64 buy you very little: the string is still an
    >>ASCII string, and is still visible in the 'strings' output (albeit
    >>in slightly obfuscated form).

    >
    >If it's a key that's already base64-encoded, rot13ing just the
    >base64-encoded part and not any wrappers around it would actually be a
    >somewhat evil thing to do. That would give casual snoopers something
    >that looks like a well-formed key but doesn't work.
    >
    >
    >dave
    >


    (Not responding to this post directly, but to the thread in general)

    Speaking of low-tech solutions, why not just make the program not
    readable by the client person? I.e., make it owned by you (the
    implementor) and protected something like 711.

    This will certainly stop strings (which was the original point), and
    probably also anything based on debugging (on any modern, properly
    configured Unix or Unix-like OS).

    I'm surprised no one has mentioned this yet.


  14. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 29, 6:38 am, Benoit Lefebvre wrote:

    > The original question was not about _why_ I want to do it but _how_ I
    > want to do it.


    "How" questions can almost never be answered if you don't know "why".

    How do I build a bridge?

    DS

  15. Re: c printf/variables content visible in compiled binary. How tohide that ?

    On Nov 30, 1:11 pm, David Schwartz wrote:
    > "How" questions can almost never be answered if you don't know "why".


    Looks like we have an exception here ;-)

    --Ben

  16. Re: c printf/variables content visible in compiled binary. How tohide that ?

    Benoit Lefebvre schrieb:
    > On Nov 30, 1:11 pm, David Schwartz wrote:
    >> "How" questions can almost never be answered if you don't know "why".

    >
    > Looks like we have an exception here ;-)


    No, it's no exception. Actually you got much more than you asked for:
    you were told that your concept is entirely broken and stupid. You were
    also told that any moron capable of calling strace can beat you concept.
    You should *definitely* think about the concept again (there was plenty
    of advice, client/server, maybe just make the ssh-login you're using
    extremely restrictive). Everything else would just be negligent.

    Security by obscurity is a concept which has hundreds of times broken
    people's neck. Good that I now know you're a fan of it so I can safely
    eliminate you from the list of people getting close to any of my
    machines - ever.

    Now what about David's bridge?

    Greetings,
    Johannes

    --
    "Viele der Theorien der Mathematiker sind falsch und klar
    Gotteslästerlich. Ich vermute, dass diese falschen Theorien genau
    deshalb so geliebt werden." -- Prophet und Visionär Hans Joss aka
    HJP in de.sci.mathematik <4740ad67$0$3811$5402220f@news.sunrise.ch>

+ Reply to Thread