All geek questions in one place

How to prevent a user from reading strings stored in binary format?

Here's a minimal test case:

#include <stdio.h> #include <stdlib.h> int main ( int argc , char **argv ) { const char abc [15] = "abcdefg\0"; printf ("%s\n" , abc); return 0; }

And you do strings test , you should see abcdefg as it is stored in a read-only area.

So, what is the best way to prevent the user from reading this string using the "strings" command, for example, I don’t want users to know my SQL phrase

+4
source share
3 answers

One solution would be to write an additional program that runs as another user , and read the credentials from where it is not available to the users from whom you want to protect credentials. This program will provide APIs (via TCP / IP or any messaging interface or remote procedure call) that do not have to connect directly to the database, but respond only to requests that interest you.

Another approach is to set the setuid bit in your program and read the credentials from the place where users do not have read access. Give the program the owner who is allowed to read the file containing the request using chown . When executed, your program will receive privileges to read the file.

As Nawaz (and Binyamin Sharet) said in a reply, you can use obfuscation methods to make it difficult to read the query (in particular, it would no longer work with strings ), but keep in mind that someone with more knowledge will be able to find the string using a deassembler or debugger, or just by running your program in strace . This makes this approach unsuitable for storing confidential information , for example, connection credentials: as long as the binary can connect, it contains credentials, anyone who has any knowledge of computer security knows this and can reprogram your program to extract your password.

As a general guide, if you need to protect information from the user running your program, never pass this information to the program. This is the only way to make sure that it cannot be read.

+11
source

You can save XORed lines with some constant buffer, and restore the original line during use. Not so easy to maintain, though ...

For example, the string "hello", XORed with 0x55:

 hello: 0x68, 0x65, 0x6C, 0x6C, 0x6F, 0x00 0x55: 0x55, 0x55, 0x55, 0x55, 0x55, 0x55 result: 0x3D, 0x30, 0x39, 0x39, 0x3A, 0x55

So we save the buffer:

 char enc_str[] = { 0x3D, 0x30, 0x39, 0x39, 0x3A, 0x55 };

This is our decryption function (simplified):

 #define DEC_STR(X, Y) getDecryptedStr(X, Y sizeof(Y)) void getDecryptedStr(char * dec_str, char * enc_str, size_t size) { int i; for (i = 0; i < size; ++i) { dec_str[i] = enc_str[i] ^ 0x55; } }

And how do we use it:

 char clear_str[sizeof(enc_str)]; DEC_STR(clear_str, enc_str);
+4
source

Depending on your requirements and feasibility, you can do the following:

  • One approach may include saving all the lines in a file in binary format so that no one can read it, and when you need a line, you can read it from the file. You can use the key value when storing lines in a file, and by extracting it, you can use this key to read the associated line.

  • Another approach may include some form of encryption. Store the encrypted strings in the program itself, and when you need it, decrypt it before using it.

+1
source

Source: https://habr.com/ru/post/1400809/

More articles:


All Articles