Unsolved How to obscurify c++ qt to prevent seen clear text in executable app
-
Hi,
I am try to protect our code from the eyes (changing the code means security breach more than commercial concerns)
I we look executable with less or cat linux program we can see all variables and the clear texts.
How we can make it cryptic for eyes ?
Best
-
Use hashing or crypto algo to achieve the same.you can check qcrypto hash algo or md5 etc. They are simple algos.
-
@RahibeMeryem said in Hw to obscurify c++ qt to prevent seen clear text in executable app _:
I we look executable with less or cat linux program we can see all variables and the clear texts.
Was it a debug build or release?
"changing the code means security breach more than commercial concerns" - people will always find a way to change your binaries. This is why it is more important to avoid programming mistakes like buffer overflows instead of obscuring binaries. -
@jsulm said in Hw to obscurify c++ qt to prevent seen clear text in executable app _:
@RahibeMeryem said in Hw to obscurify c++ qt to prevent seen clear text in executable app _:
I we look executable with less or cat linux program we can see all variables and the clear texts.
Was it a debug build or release?
that happens in debug and release builds.
But one doesn't see variables but rather clear text stuff, like StyleSheets
or static texts.
-
I don't see any good reason why this should be hidden in any way. Esp. since it is displayed/visible as soon as you run the program. It's a false assumption that simply scrambling the text will help anything, esp. wrt to security.
-
User has no access to the system as login user. Only they can extract the sd card / disk and than mount to get app , but they cant run execpt original HW. only they can look inside as hex.
its a little bit more security to scramble the text.
-
@RahibeMeryem said in Hw to obscurify c++ qt to prevent seen clear text in executable app _:
its a little bit more security to scramble the text.
I'd highlight "little".
https://www.codeproject.com/Articles/502283/Strings-Obfuscation-System
-
If they can run the app, they have read access to the binary, if they have read access to the binary then they can reverse engineer it. That link @VRonin posted may look promising, but a kid with a debugger can patch up your binary, insert a couple of
int 3
instructions (or attach to system/IO calls) after the "deobfuscation" code, run it through the debugger and extract your strings. That is to say - I'd use your own code to get what I want. It would take a half-decent programmer a couple of hours or so to do that, so you just add unnecessary complexity for a very dubious "result". Security through obfuscation is just a white elephant.