GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → adamyaxley → Obfuscate

adamyaxley / Obfuscate

Licence: unlicense
Guaranteed compile-time string literal obfuscation header-only library for C++14

Programming Languages

cpp17
186 projects
cpp14
131 projects

Labels

stringobfuscation

Projects that are alternatives of or similar to Obfuscate

Javascript Obfuscator
A powerful obfuscator for JavaScript and Node.js
Stars: ✭ 8,204 (+3055.38%)
Mutual labels:  obfuscation, string
Androidlibrary
Android library to reveal or obfuscate strings and assets at runtime
Stars: ✭ 162 (-37.69%)
Mutual labels:  obfuscation, string
gnirts
Obfuscate string literals in JavaScript code.
Stars: ✭ 65 (-75%)
Mutual labels:  obfuscation, string
String.prototype.matchAll
Spec-compliant polyfill for String.prototype.matchAll, in ES2020
Stars: ✭ 14 (-94.62%)
Mutual labels:  string
Networkteam.Neos.MailObfuscator
Email address obfuscation for Neos CMS
Stars: ✭ 13 (-95%)
Mutual labels:  obfuscation
common-words
Updated list of the 100 most common words in the English language. Useful for excluding these words from arrays.
Stars: ✭ 13 (-95%)
Mutual labels:  string
Stryng
Swift strings taken to a whole new syntax level.
Stars: ✭ 255 (-1.92%)
Mutual labels:  string
UniObfuscator
Java obfuscator that hides code in comment tags and Unicode garbage by making use of Java's Unicode escapes.
Stars: ✭ 40 (-84.62%)
Mutual labels:  obfuscation
lzbase62
LZ77(LZSS) based compression algorithm in base62 for JavaScript.
Stars: ✭ 38 (-85.38%)
Mutual labels:  string
widestring-rs
A wide string Rust library for converting to and from wide Unicode strings.
Stars: ✭ 48 (-81.54%)
Mutual labels:  string
poplar-trie
C++17 implementation of memory-efficient dynamic tries
Stars: ✭ 47 (-81.92%)
Mutual labels:  string
AndrODet
AndrODet: An Adaptive Android Obfuscation Detector
Stars: ✭ 25 (-90.38%)
Mutual labels:  obfuscation
inceptor
Template-Driven AV/EDR Evasion Framework
Stars: ✭ 730 (+180.77%)
Mutual labels:  obfuscation
safe-string-interpolation
A type driven approach to string interpolation, aiming at consistent, secure, and only-human-readable logs and console outputs !
Stars: ✭ 14 (-94.62%)
Mutual labels:  string
type-reverse
🦄 Lightweight reverse utility around strings, arrays, numbers and more.
Stars: ✭ 30 (-88.46%)
Mutual labels:  string
static string
A fixed capacity dynamically sized string
Stars: ✭ 46 (-82.31%)
Mutual labels:  string
email-concealer-cli
CLI tool for concealing e-mails in a file by replacing their domain
Stars: ✭ 30 (-88.46%)
Mutual labels:  obfuscation
indexed-string-variation
Experimental JavaScript module to generate all possible variations of strings over an alphabet using an n-ary virtual tree
Stars: ✭ 16 (-93.85%)
Mutual labels:  string
sus
A now actually pretty good amogus themed javascript obfuscator lol
Stars: ✭ 23 (-91.15%)
Mutual labels:  obfuscation
tokenizr
String Tokenization Library for JavaScript
Stars: ✭ 70 (-73.08%)
Mutual labels:  string
View All Similar Projects ➔

Source available on GitHub

Obfuscate

Guaranteed compile-time string literal obfuscation header-only library for C++14.

Quick start guide

  1. Copy obfuscate.h into your project
  2. Wrap security sensitive strings with AY_OBFUSCATE("My String")

Now your project will not expose those strings in plain text in the binary image.

Whats the problem?

When plain text string literals are used in C++ programs, they will be compiled as-is into the resultant binary. This causes them to be incredibly easy to find. One can simply open up the binary file in a text editor to see all of the embedded string literals in plain view. A special utility called strings actually exists which can be used to search binary files for plain text strings.

What does this library do?

This header-only library seeks to make it much much more difficult (but not impossible) for embedded string literals in binary files to be found by encrypting them with an XOR cipher at compile-time using a constexpr, forcing the compiler to work with the encrypted string instead of the plain text literal. Usage of AY_OBFUSCATE additionally removes the need for a const pointer to the string, which more often than not (for small strings) convinces the compiler to inline the encrypted string, building it up at runtime in a series of mov operations, protecting the binary image against simple XOR decryption attacks. Encrypted strings will then be decrypted at runtime to be utilised within the program.

Technical features

  • Guaranteed compile-time obfuscation - the string is compiled via a constexpr expression.
  • Global lifetime - the obfuscated string is stored in a function level static variable in a unique lambda.
  • Implicitly convertible to a char* - easy to integrate into existing codebases.

By simply wrapping your string literal "My String" with AY_OBFUSCATE("My String") it will be encrypted at compile time and stored in an ay::obfuscated_data object which you can manipulate at runtime. For convenience it is also implicitly convertable to a char*.

For example, the following program will not store the string "Hello World" in plain text anywhere in the compiled executable.

#include "obfuscate.h"

int main()
{
  std::cout << AY_OBFUSCATE("Hello World") << std::endl;
  return 0;
}

Strings are encrypted with a '.' by default. To increase security it is recommended to generate a random single char key at compile time and pass it into AY_OBFUSCATE_KEY("Hello World", KEY).

Examples of usage

Because the obfuscated data that is generated by AY_OBFUSCATE has global lifetime it is completely fine to also use it in both a local and a temporary context.

char* var = AY_OBFUSCATE("string");
const char* var = AY_OBFUSCATE("string");
static const char* var = AY_OBFUSCATE("string");
std::string var(AY_OBFUSCATE("string"));
function_that_takes_char_pointer(AY_OBFUSCATE("string"));

Binary file size overhead

This does come at a small cost. In a very naive login program, which obfuscates two strings (username and password) the following binary file bloat exists.

Config Plain string literals Obfuscated strings Bloat
Release 18944 21504 2560 (13.5%)
Debug 95232 101888 6656 (7.0%)

This output is generated by running calculate_bloat.py

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].