Protecting Content Files

Question

Hello,

I want a simple layer of protection for my content (resource) files in my application. For example, I have various sound and image files used in my application. I think, I can wrap them in a SFX archive (Probably packed with WinRAR), then in my application, start the SFX exe with some parameters, like, -silent. But this may not be the best way to do this, so if you can give me some suggestions, that would be great.

P.S. I know it does not sound unbreachable (like there is one, anyways), but this is needed for some reasons.

P.S. I could use some help for a method to hide the files after the SFX (or some other package) complete extraction.

Thank you.

Answer 1

Zip up your resource files and then XOR each 32-bit block of the archive file with a key you pick. At runtime XOR each incoming 32-bit block with the key again before passing it off to your zip library for in-memory decompression.

Very light obfuscation, but should stop anyone from just opening the zip file.

Answer 2

Don't use a SFX archive.

Well a lot depends on how you use your resources. If you have a lot of library code that requires file names then the files have to be persisted on hard drive for a while. If you can, you want to find out if your sound and media libraries can be passed pointer - then you load the files up yourself, decrypt them, and pass the pointers to the decrypted buffers to the media api's.

As to the actual encryption. Either use an archive file format, something like zlib. This gives you the ability to store all your data files in a single encrypted archive and expand them into memory.

Or roll your own per-file encryption. A rolled at home XOR encryption has the advantage of being very fast.

Almost all file encryption comes down to:

• Start with a "key". A short string.
• Use the key to initialize a random number generator.
• XOR the bytes from the rng with the data to be encrypted to encrypt it.
• Later, to decrypt the data:
• start with the same key, initialize the rng
• Which will generate the same stream of bytes,
• XOR them with the encrypted data to decrypt it.

The problem is (obviously) that the key needs to exist in the client so any determined hacker can get it. So theres no real point in being too fancy here. Just generate 256 bytes of "random" data and use it to encrypt and decrypt your files as you load them into memory - or write them to a temporary folder.

If you need to write out ttemp files, you might be able to use FILE_FLAG_DELETE_ON_CLOSE to get the temp folder to clean itself up safely without leaving unencrypted resources persisted on disk.