How to hide shared memory ?
-
hello,
How to hide shared memory ? For example I getting web site content from url but I see this url in my program when I searching with memory scanner. How can I hide this strings ? Encpryt working when dont working program but when working program crypt dont working because program making decrypt and using string and adding this string to memory and I see this string with memory scanner. How can I hide ? -
-
@jondoe
Although you should indeed read @Asperamanca's references, be aware there is nothing at all there which would address your query about scanning memory for strings (nor would I expect there to be), it's aimed more at obfuscating your source code, which is quite different. -
@jondoe said in How to hide shared memory ?:
I getting web site content from url but I see this url in my program when I searching with memory scanner.
i have a solution but it's not 100% secure
you can encode your url with Base64 encoding
when you need to use it just decode it -
@davidlabib
What are you trying to achive? If someone has access to your machine, its nearly useless to hide anything.
- I can decode Base64 without problems
- When you need it, you decode it. Where is it stored? In memory? I can read it.
- You do a network request. I can capture all you network requests with Wireshark.
There is no safety if I have access to your machine.
Regards
-
@jondoe said in How to hide shared memory ?:
I getting web site content from url but I see this url in my program when I searching with memory scanner.
He said memory scanner not network scanner
@aha_1980 said in How to hide shared memory ?:
- You do a network request. I can capture all you network requests with Wireshark.
@aha_1980 said in How to hide shared memory ?:
- I can decode Base64 without problems
any one can decode base64 easily that's why i said "i have a solution but it's not 100% secure"
@aha_1980 said in How to hide shared memory ?:
- When you need it, you decode it. Where is it stored? In memory? I can read it.
you can read it but it will be base64
you will not know that this is the url unless you decode itI am not an expert but these answers are as far as I know
-
@davidlabib said in How to hide shared memory ?:
you can read it but it will be base64
But YOUR application will decode it before using, right? At that point it is NOT encoded anymore.
-
@jsulm
See this code//Encodeing the the url
QByteArray url;
url = “http://www.example.org”;
QByteArray b64 = url.toBase64();
//Show the encoded url
qDebug() << b64; // "aHR0cDovL3d3dy5leGFtcGxlLm9yZw==”
//Show the decoded url without puting it in a variable
qDebug() << QByteArray::fromBase64(b64); // “http://www.example.org”He can use "QByteArray::fromBase64(b64)" as it's every time you need to decode without puting it in a variable
So it will not be in the stackI didn't test the code it might be wrong but this just to simplification my idea
-
@davidlabib said in How to hide shared memory ?:
So it will not be in the stack
It will be there. fromBase64 returns a QByteArray and on most platforms it will be returned using stack. And the byte array containing the actual data will be on the heap as far as I know.
And stack is not only memory you have (there is heap as well).
But more important: this is rather trivial example. To use a URL you would need to pass it to some functions... -
@davidlabib
The user asked about someone not being able to recognise strings with a memory scanner or similar. Are you aware that as soon as you write the line in your code:url = “http://www.example.org”;
that string is compiled into the executable's data area (rather than the stack/heap)? It does not matter that afterward you
.toBase64()
it. That means I can juststrings
on your executable and see it, or I can scan memory at runtime to see it....If you really wanted to bother doing this, the correct way is to do the
toBase64();
manually at development time and then store the encoded string as a literal in the code, not the plain text. Which is an awful lot of hassle.... -
@davidlabib said in How to hide shared memory ?:
yes i know heap but stack is most used
It doesn't matter what is most used, as soon as it is as clear text somewhere in the memory you can read it
-
In general I have explained my idea that may be right or wrong
-
@davidlabib
As I said, if you/the OP does want to use that idea, and expect any kind of hidden, you must implement it by doing theurl.toBase64();
manually yourself outside of your app at design-time when you are writing the code, and then put the encoded result into your source code appropriately. Then the runtime code calls just thefromBase64()
when it needs to decode the string temporarily. -
I think that my idea is not a good idea even after @JonB editing, Is there are more efficient way to solve the problem?
-
Another idea is to scramble your string around the memory so that a memory scanner can't easily work the order out.
QString
and QByteArray use adjacent memory segments.QVector<QChar*> urlString{{ , new QChar('h') , new QChar('t') , new QChar('t') , new QChar('p') , new QChar(':') , new QChar('/') , new QChar('/') , new QChar('w') , new QChar('w') , new QChar('w') , new QChar('.') , new QChar('e') , new QChar('x') , new QChar('a') , new QChar('m') , new QChar('p') , new QChar('l') , new QChar('e') , new QChar('.') , new QChar('o') , new QChar('r') , new QChar('g') }};
Should not be readable by a memory scanner