XOR String Encryption/Decryption

Question

I have made programs that utilize XOR encryption of data before and fully understand it, but how can I implement this into a program so the string literals are encrypted? For instance, I do not want to use:

string name = "My name is Matt";

This would cause "My name is Matt" to be located in the executable. I am guessing I would have to encrypt the literal with a separate program, but my real question is how do I store the encrypted string in the executable (preferably not in a separate file)?

Again, I fully understand how to decrypt the strings and how it works, I just need to know how to transport the encrypted strings in the compiled result.

Thank you for your time, I really do appreciate it.

Answer 1

Assuming you're stripping symbols, you should be able to get away with doing something like:

static const char *kMyNameIsMatt = "arosietnarsoitne";  // Where that mess is the XOR-obfuscated string.
string name = kMyNameIsMatt;
std::cout << XORUnobfuscate(name) << std::endl;

If you are not stripping symbols, then you can obfuscate the symbols, as well, using something like:

#define kMyNameIsMatt ABC123XYZZY

Answer 2

If you're doing a bitwise xor, then your "string" will probably contain a whole lot of unprintable characters, and so you can't define it via String str = "[something]". Your best bet is to represent it as an array of integers representing each char. Then to get your string back, just XOR the various chars, and append them all together to form your unencrypted string.

Answer 3

If you are using ascii, use hexadecimal character notation...

void formatString(char *buffer, char *input) {
    char *pos = buffer;
    while (*input != '\0') {
        sprintf(pos, "\\x%02x", (int)*input);
        input++;
        pos += 4;
    }
}

void main() {
    char buffer[100]; // 4 chars for every char in the input
    char *original = "ABCD";
    int size = formatString(buffer, original);
}

This should give you a resulting string like "\x41\x42\x43\x44" that you can put in your program. Unfortunately when you XOR some of the resulting bytes might be null. If you end up with "\x57\x00\x68\xf7" in your program then the string will only report as one character long since the null will terminate it, so you need to store the size of the string separately. This could be handled by Base64 encoding the encrypted string. Otherwise if you only use ASCII 0-127, you could set bit 7 on each character and end it with a null. If your XOR values were 0x55, 0x42, 0x55, 0x55 that would convert "ABCD" to 0x14, 0x00, 0x16, 0x11, by setting bit 7 you would get 0x94, 0x80, 0x96, 0x91:

void main() {
    char encryptedString = "\x94\x80\x96\x91";
    char buffer[100];
    decryptString(buffer, encryptedString);
    printf("Original: %s\n", buffer);
}

Where decryptString does the XOR then strips bit 7 by anding with 0x7f.

There's lots of free code out there for Base64 though, so I would just Base64 encode the resulting bytes after XOR, then Base64 decode the string before XORing back to the original.

Answer 4

Step one: write a program that encrypts your string then prints them out as hex numbers:

#include <iostream>
#include <iomanip>
#include <iostream>

int main(int argc,char* argv[])
{
    std::string const  value = argv[1];
    std::string const  key   = argv[2];

    std::cout << "string " << argv[3] << " (\"";
    for(std::size_t loop = 0; loop < value.size(); ++loop)
    {
        std::cout << "\\x"
                  << std::hex
                  << std::setw(2)
                  << std::setfill('0')
                  << static_cast<unsigned int>(value[loop] ^ key[loop % key.size()]);
    }
    std::cout << "\"," << value.size() << ");\n";
}

Step 2: Run the application for each literal. It should output code that you can past into your application.

> ./a.exe Martin York Cool
string Cool ("\x14\x0e\x00\x1f\x30\x01",6);

Note: As the string may now contain the nul character you can't use the normal string constructor that takes a C-String. You need to use the constructor that takes a char* and a length.