encryption in zip or xor?

[dodicat]

You could give your .exe file a good shuffle, then save it.
You can then shuffle it back to it's original working state.
I have automated a key here, but it can be passed or remembered separately.
The fb subs are the mixing engine, which of course I have now given away.
I have added a "t" then a "tt" to the filename for the demo, but you don't need to do this.

Code: Select all

#include "crt.bi"
#include "file.bi"
Sub save(content As String,filename As String)
    Var fp=fopen(filename,"wb")
    If fp = 0 Then Print "Unable to save ";filename:sleep:end
    fwrite(@content[0], 1, Len(content), fp)
    fclose(fp)
End Sub

Sub load(content As String,filename As String)
    content=String(Filelen(filename),0)
    Var fp=fopen(filename,"rb")
    If fp = 0 Then Print "Unable to open  ";filename:sleep:end
    fread(@content[0], 1, Len(content), fp)
    fclose(fp)
End Sub

Sub shuffle(a As String)
    #define range(f,l) Int(Rnd*(((l)+1)-(f))+(f))
    Dim As Long L1=Len(a)-1
    For n As Long = 0 To Len(a)-2
        Swap a[n], a[range((n+1),L1)]
    Next n
End Sub

Sub shuffleback(a As String)
    #define range(f,l) Int(Rnd*(((l)+1)-(f))+(f))
    Dim As Long L=Len(a)-2,L1=Len(a)-1
    Redim As Long ar(L)
    For n As Long = 0 To Len(a)-2
        ar(L-n)=(range((n+1),L1))
    Next n
    For n As Long=0 To Len(a)-2
        Swap a[L-n],a[ar(n)]
    Next n
End Sub

Sub saveshuffle(content As String,filename as string)
    Var x=Int(Rnd*1000000)
    Randomize x
    shuffle(content)
    save(Str(x)+":"+content,filename)
End Sub

Function getshuffleback(filename As String) As String
    Dim As String L
    load(L,filename)
    Var v=Vallng(L)
    L=Mid(L,Instr(L,":")+1)
    Randomize v
    shuffleback(L)
    Return L
End Function
'===========================================

dim as string filename="typeshapesanddodeca.exe" '<--- your file
randomize
dim as string content
load(content,filename)
saveshuffle(content,"t"+filename) '"t"+filename is gobbledygook
save(getshuffleback("t"+filename),"tt"+filename) '"tt"+filename is OK
print "done"
sleep


 

[deltarho[1859]]

the only thing I want is that the files are not visible to anyone.

Here is a simple method to achieve the above using a PRNG. A random UBYTE is added to each byte of the 'message'. On average, we have 50% additions and 50% subtractions, but the distribution will be random. So, we don't have cryptographic encryption but simple obfuscation. The embedding method above is very clever - I am simply answering your above quote.

I don't know how big your sound files are but on my machine as 10MB 'encrypted' file will, after loading, decrypt in 0.9 seconds using three rounds. With one round, which should be good enough, I get 0.3 seconds. I would use one of my latest PRNGs, rather than a FB generator, as their throughput are much faster and an 'attacker' would have no idea what PRNG was used. For the 'key' I am using the length of the 'message'.

Code: Select all

Sub EncDec( ByRef message As String, ByVal flag As Long )
' flag = 1 for encryption, = -1 for decryption or vice versa
#define IRange( f, l ) Int( Rnd*( (l+1) - (f) ) + (f) )
Dim As Long i, j, temp
  Randomize Len( message ), 2
  For j = 1 To 3 ' number of rounds
    For i = 1 To Len(message)
      temp = IRange(0,255)
      message[i-1] = Asc(message, i) + temp*Iif( (temp <= 127), -flag, flag ) ' Random addition/subtraction
    Next
  Next
End Sub

Dim As String s
#define CrLf Chr(13,10)
s = "The time has come the walrus said" + CrLf
s += "to talk of many things" + CrLf
s += "of shoes, and ships, and sealing wax," + CrLf
s += "of cabbages, and kings," + CrLf
S += "and why the sea is boiling hot," + CrLf
s += "and whether pigs have wings."
? s : ?
EncDec( s, 1 )
? s : ?
EncDec( s, -1 )
? s

'dim as double t
'open "10MB.txt" for binary as #1
's = string(LOF(1),0)
'get #1,,s
'close #1
'EncDec( s, 1)
't = timer
'EncDec( s, -1)
't = timer - t
'print t

Sleep

[marcov]

Hello colleagues, good morning, afternoon or evening.

this is a consultation continuing with the development of my little audio game.

I was thinking of packaging my sounds, and encrypting them.

ZIPping with key is easily broken for old zip formats. (only newer LZMA based zip has good crypto). Moreover, any filetype inspector will tell the hacker that it is a zip and that it is encrypted, with the zip breaking tools only a google search away.

XOR encryption is also considered easily breakable in crypto circles, but at least that might not be evident from the file.

Please, I wanted to ask you what method you think is the simplest to implement.

Do nothing, but occasionally check CRCs to frustrate tinkerers. Saves a lot of time. Doesn't matter if you try to dress up with XOR hack or more elaborate schemes, if any minorly capable person can single step your code and weed out security, be it crc, xor encoding or SHA256. Keep in mind that the crypto is only as secure as you can keep the decrypting routine and any "secrets" (key, salts etc), which usually have to be embedded in the binary.

That said, a minor xor trick will at least frustrate the total non-developers, specially if the data files are text or some other wellknown format. It is however more obfuscation than security

[maurosebastian91]

Hello colleagues, good morning, afternoon or evening.

this is a consultation continuing with the development of my little audio game.

I was thinking of packaging my sounds, and encrypting them.

ZIPping with key is easily broken for old zip formats. (only newer LZMA based zip has good crypto). Moreover, any filetype inspector will tell the hacker that it is a zip and that it is encrypted, with the zip breaking tools only a google search away.

XOR encryption is also considered easily breakable in crypto circles, but at least that might not be evident from the file.

Please, I wanted to ask you what method you think is the simplest to implement.

Do nothing, but occasionally check CRCs to frustrate tinkerers. Saves a lot of time. Doesn't matter if you try to dress up with XOR hack or more elaborate schemes, if any minorly capable person can single step your code and weed out security, be it crc, xor encoding or SHA256. Keep in mind that the crypto is only as secure as you can keep the decrypting routine and any "secrets" (key, salts etc), which usually have to be embedded in the binary.

That said, a minor xor trick will at least frustrate the total non-developers, specially if the data files are text or some other wellknown format. It is however more obfuscation than security

I understand, thank you very much for your answer.

and could you do it with the allegro library?
I know that 4.4.2 has that function, to pack files into a dat with a password, but I can't find the dll that it asks for when compiling, I've already tried several and none of them work.

[marcov]

and could you do it with the allegro library?
I know that 4.4.2 has that function, to pack files into a dat with a password, but I can't find the dll that it asks for when compiling, I've already tried several and none of them work.

Sorry, haven't used Allegro in a very long time.

[maurosebastian91]

And what is the probability that they extract the sounds from the exe with the method that they gave me above to convert the data into a .o and that they remain inside the exe?

[deltarho[1859]]

You have now drifted from "the only thing I want is that the files are not visible to anyone." to requiring full-blown encryption.

At the end of the day, any 'ordinary' exe can be broken using code injection.

A binary dump of an 'ordinary' Windows exe will show any API used as plaintext. I have written code to encrypt the API plaintext names so that they show in the binary dump as garbage. The exe decrypts the names and then uses them. There are many other ways to circumvent code injection. There is software which takes an exe and employs many anti-hacker techniques. I tried one which took a 180KB exe resulting in a 4MB file. The software was not cheap and has an annual fee. I let my trial expire.

Mitigating code injection is a subject on its own.

The question is who would go to such lengths to get your sound files from your "little audio game". We need to determine the level of hacker who would be interested in breaking our code, and then employ the appropriate security techniques. I have encrypted ini files to stop 'ordinary' users messing things up. I used obfuscation rather than AES for example. If they broke the obfuscation and screwed things up, they would not come crying to me, would they?

[caseih]

And what is the probability that they extract the sounds from the exe with the method that they gave me above to convert the data into a .o and that they remain inside the exe?

About zero I'd say, even with little attempt at obfuscation. Obviously there's always a way, but someone has to have a reason to do it. A one-off indy program is hardly likely to attract that kind of treatment.

[maurosebastian91]

Thank you very much for the last two answers, you are very right.

well then that's what I'll try for my little rabbit audio game ...

thanks for your time and patience with this newbie ☺.

[deltarho[1859]]

@maurosebastian91

For what it is worth, I think that simple obfuscation is your best bet.

With my Sub EncDec above if we used

Code: Select all

message[i-1] = Asc(message, i) Xor temp

we get an increase in speed of about 10%. However, Xor is begging to be broken. In my opinion, the random addition/subtraction method is better.

With 'Randomize Len( message ), 2' we are using FreeBASIC's fastest PRNG. If we replace that with PCG32II.bas, one of my PRNG implementations, we get a 100% increase in speed. That translates, on my machine, to about 65MB/sec for a single round. PCG32II.bas will add about 30KB to your binary, but it can be stripped down to generate range(a,b) only because that is all that we want.

Added: Stripping is not worth the hassle, we still end up adding 20KB to the binary.

Added: The timing is for 32-bit. PCG32II is much faster in 64-bit in which case that 65MB/sec becomes 130MB/sec.

Yes, it can be broken, but I reckon that an attacker will have their work cut out.

[deltarho[1859]]

I have been trying to speed things up a bit. After not finding a faster statement, I was just about to give up and then found one.

Code: Select all

message[i-1] = Asc(message, i) + temp*(temp - 127)*flag

This is coming in at 110MB/sec for 32-bit and 143MB/sec for 64-bit for a single round. [ fbc 1.08.1 gcc 9.3 SJLJ/-O3 ] The 64-bit is very nearly as fast as using Xor.

[deltarho[1859]]

Instead of populating a string, I thought about populating an array.

Code: Select all

#include "PCG32II.bas"

Sub EncDecFile( a() As Byte, ByVal flag As Long )
' flag = 1 for encryption, = -1 for decryption or vice versa
Dim As Long i, temp
  pcg.MyRandomize( Ubound(a), Ubound(a) )
  'For j As Long = 1 To 3 ' number of rounds
    For i = 1 To Ubound(a)
      temp = pcg.range(0,255)
      a(i) = a(i) + temp*(temp - 127)*flag
    Next
  'Next
End Sub

Note that I''m using PCG32II for the PRNG.

This is a little faster, coming in at 222MB/sec for 32-bit and 316MB/sec for 64-bit.

The mind boggles, FreeBASIC never ceases to amaze me.

Just out of interest, maurosebastian91, how big is your sound file?

[maurosebastian91]

Instead of populating a string, I thought about populating an array.

Code: Select all

#include "PCG32II.bas"

Sub EncDecFile( a() As Byte, ByVal flag As Long )
' flag = 1 for encryption, = -1 for decryption or vice versa
Dim As Long i, temp
  pcg.MyRandomize( Ubound(a), Ubound(a) )
  'For j As Long = 1 To 3 ' number of rounds
    For i = 1 To Ubound(a)
      temp = pcg.range(0,255)
      a(i) = a(i) + temp*(temp - 127)*flag
    Next
  'Next
End Sub

Note that I''m using PCG32II for the PRNG.

This is a little faster, coming in at 222MB/sec for 32-bit and 316MB/sec for 64-bit.

The mind boggles, FreeBASIC never ceases to amaze me.

Just out of interest, maurosebastian91, how big is your sound file?

Excellent colleague, I do understand this much better, thank you very much.

I was thinking of copying them into ogg, so they will not exceed 60 KB for each sound, and although I still don't know how many sounds they can be, I came to the conclusion that the voices are going to be a few files.

[maurosebastian91]

@deltarho[1859], I don't have the PCG32II.BAS file, should it be in the include folder?

[deltarho[1859]]

@maurosebastian91

Even at 1MB of data we are only talking about 4.5 milliseconds for 32-bit. I am getting old and impatient, but I reckon I could wait that long.

I don't have the PCG32II.BAS file, should it be in the include folder?

I wanted to avoid being pushy - you may not have been interested.

PCG32II.bas latest version (23 Nov 2020)

You could strip it down, but it is only 223 lines and has a small binary footprint. In the future, you may want a PRNG for another purpose and PCG32II is one of my favourites. It comes with a Help file as well, but I cannot find it on the forum at the moment. Forget that, here is a link to my website: PCG32IIHelp.zip