[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding strings in objects code




> Jef Poskanzer <[email protected]> writes:
> When rtm used this technique in his worm I'm sure a lot of people,
> such as myself, spent the five minutes necessary to hack up a program
> that tries XORing the input with all 256 possible bytes.  I had the
> program pipe the output of each try through strings and wc, to check
> whether any significant text was uncovered.  Only 0x00 and the single
> now-forgotten value he used got hits - no second XOR value.

Yes, I did too -- it was 0x81.  I think my message of worm passwords was
the first to make it out, along with my Perl script to try out your own
password file.  Yes, Perl was already around.

What method you use in your program depends on your model of your
opponent.  If it's somebody only mildly interested, flipping the bits is
fine.  For a slightly higher level of anxiety, you could use Vigenere-like
stuff -- XORing with a short key (8 bytes at a time with long longs if
you're in gcc, for example), or use a longer key and restart now and then
(interrupted key).  For the next higher level, you might use DES and hide
the key in your data, making them disassemble it.  Next step... make your
code obscure.  After that... hardware.

You might want to study some virus code to see how they try to thwart
disassemblers and debuggers.

YMMV.

	Jim Gillogly
	Mersday, 30 Foreyule S.R. 1994, 02:06