如何在代码中隐藏文字
隐藏代码中文字值的现有主要方法是什么,以便仅使用十六进制转储器或反编译器就不容易追踪它们?
例如,
static final int MY_VALUE = 100;
我们可以不编写以下代码:
static final int MY_VALUE = myFunction1();
private int myFunction1(){
int i = 23;
i += 8 << 4;
for(int j = 0; j < 3; j++){
i-= (j<<1);
}
return myFunction2(i);
}
private int myFunction2(int i){
return i + 19;
}
这只是我们正在尝试做的一个示例。 (是的,我知道,编译器可能会优化它并预先计算常量)。
免责声明:我知道这根本不会提供任何额外的安全性,但它使代码对于逆向工程来说更加晦涩(或有趣)。这样做的目的只是迫使攻击者调试程序,浪费时间。请记住,我们这样做只是为了好玩。
What are the main existing approaches to hide the value of literals in code, so that they are not easily traced with just an hexdumper or a decompiler?
For example, instead of coding this:
static final int MY_VALUE = 100;
We could have:
static final int MY_VALUE = myFunction1();
private int myFunction1(){
int i = 23;
i += 8 << 4;
for(int j = 0; j < 3; j++){
i-= (j<<1);
}
return myFunction2(i);
}
private int myFunction2(int i){
return i + 19;
}
That was just an example of what we're trying to do. (Yes, I know, the compiler may optimize it and precalculate the constant).
Disclaimer: I know this will not provide any aditional security at all, but it makes the code more obscure (or interesting) to reverse-engineer. The purpose of this is just to force the attacker to debug the program, and waste time on it. Keep in mind that we're doing it just for fun.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
由于您试图隐藏在程序的简单转储中可见的文本,因此您可以使用某种简单的加密来混淆您的程序并隐藏该文本以防止窥探。
详细说明:
为什么要使用众所周知的弱加密 ROT47?
最后,您的代码将如下所示:
无论您的密码有多强,任何配备调试器的人都可以在
useDecrypted()上设置断点并恢复明文。因此,密码的强度并不重要。然而,使用像 Rot47 这样的东西有两个明显的优点:Since you're trying to hide text, which will be visible in the simple dump of the program, you can use some kind of simple encryption to obfuscate your program and hide that text from prying eyes.
Detailed instuctions:
Why use ROT47 which is notoriously weak encryption?
In the end, your code will look something like this:
No matter how strong your cypher, anybody equipped with a debugger can set a breakpoint on
useDecrypted()and recover the plaintext. So, strength of the cypher does not matter. However, using something like Rot47 has two distinct advantages:运行一些生命游戏变体进行大量迭代,然后根据最终状态向量做出控制流决策。
如果你的程序实际上是为了做一些有用的事情,你可以提前计划你想要的分支,并选择适合的状态向量位(“我想要一个 true ,位 17 打开,所以使条件...... ”)
Run some game of life variant for a large number of iterations, and then make control flow decisions based on the final state vector.
If your program is meant to actually do something useful, you could have your desired branches planned ahead of time and choose bits of the state vector to suit ("I want a true here, bit 17 is on, so make that the condition..")
您还可以使用编译代码的某些部分作为数据,然后对其进行一些修改。这在虚拟机执行的程序中很难做到,但在 asm 或 c 等语言中是可行的。
You could also use some part of compiled code as data, then modify it a little. This would be hard to do in a program executed by virtual machine, but is doable in languages like asm or c.