encryption in zip or xor?
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
Just to satisfy myself that EncDecFile was behaving as it should, I dumped the decrypted file and compared it with the original 10MB plaintext file, and they were identical. Just as well, really.
-
- Posts: 30
- Joined: Mar 21, 2021 18:22
Re: encryption in zip or xor?
I remember that I had read that post, but since I was given several options, I have to take the time to evaluate all of them, although your option seems the best, thank you very much for the code and the manual.deltarho[1859] wrote:@maurosebastian91
Even at 1MB of data we are only talking about 4.5 milliseconds for 32-bit. I am getting old and impatient, but I reckon I could wait that long.
I wanted to avoid being pushy - you may not have been interested.I don't have the PCG32II.BAS file, should it be in the include folder?
PCG32II.bas latest version (23 Nov 2020)
You could strip it down, but it is only 223 lines and has a small binary footprint. In the future, you may want a PRNG for another purpose and PCG32II is one of my favourites. It comes with a Help file as well, but I cannot find it on the forum at the moment. Forget that, here is a link to my website: PCG32IIHelp.zip
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
@maurosebastian91
Horses for courses. The caseih/coderJeff embedding should definitely find its way into the docs, as paul doe suggested, but I think that your horse is called obfuscation.
Now that we have the code belting along at a fair old rip and your sound files may not be that large, it may be worthwhile to up the rounds to three or even five.
Horses for courses. The caseih/coderJeff embedding should definitely find its way into the docs, as paul doe suggested, but I think that your horse is called obfuscation.
Now that we have the code belting along at a fair old rip and your sound files may not be that large, it may be worthwhile to up the rounds to three or even five.
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
@maurosebastian91
Just to make life a little harder for an attacker, you could use something like
at some point before, EncDecFile is called. The point being that it is nowhere near the Sub. The ciphertext cannot be brute forced, so an attacker will have to get their disassembler out. It may take a while for the penny to drop that the asm for MyRandomize is related to a PRNG and used in EncDecFile; if ever, the penny does drop. I reckon that your sound file will be safe.
Just to make life a little harder for an attacker, you could use something like
Code: Select all
pcg.MyRandomize( 12345, 67890 )
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
The way exes are made up I doubt that the following will make it more difficult for an attacker but no harm will be done.
Code: Select all
Dim As Ulongint seed = 12345, sequence = 67890
...
...
...
pcg.MyRandomize( seed, sequence )
...
...
...
EncDFecFile( a(), -1 )
Re: encryption in zip or xor?
About embedding a text file embedding and accessing binary data in an executable file:
- I would lean towards an example of the simplest application program, but still in a multi-platform and multi fbc version, therefore starting from the caseih example, but with the 'Extern' commands thus modified::- I could add it as a new article in the Programmer's Guide / Technical Articles : Embed Text and Access binary Data file in Executable
paul doe wrote:This is an incredibly helpful post. Any chance it could make its way to the docs?
Do you want me to take care of it?deltarho[1859] wrote:The caseih/coderJeff embedding should definitely find its way into the docs, as paul doe suggested
- I would lean towards an example of the simplest application program, but still in a multi-platform and multi fbc version, therefore starting from the caseih example, but with the 'Extern' commands thus modified::
Code: Select all
Extern "C"
#if defined(__FB_WIN32__) and not defined(__FB_64BIT__)
Extern hello_txt_start Alias "binary_hello_txt_start" As Const Byte
Extern hello_txt_end Alias "binary_hello_txt_end" As Const Byte
#else
Extern hello_txt_start Alias "_binary_hello_txt_start" As Const Byte
Extern hello_txt_end Alias "_binary_hello_txt_end" As Const Byte
#endif
End Extern
Dim hello_ptr As Const Byte Const Ptr = @hello_txt_start
Dim hello_length As Const Uinteger = @hello_txt_end - @hello_txt_start
For i As Uinteger = 0 To hello_length - 1
Print Chr(hello_ptr[i]);
Next
Print
Sleep
Last edited by fxm on Oct 20, 2021 5:15, edited 4 times in total.
Reason: Updated, according to following post of caseih.
Reason: Updated, according to following post of caseih.
Re: encryption in zip or xor?
I think that would be a fine addition to the wiki, however you wish to do it. Maybe you should call it "Embed and access binary data in executable" rather than text. Because it would be more useful for binary blobs such as images or audio than it would be for text files. Text files are simply an easy way to demonstrate and test it.
Last edited by caseih on Oct 19, 2021 14:15, edited 1 time in total.
Re: encryption in zip or xor?
Done:
- ProPgDataExecutable → fxm [new page 'Embed and Access binary Data in Executable']
- ProPgExecutables → fxm [added link to new page 'Embed and Access binary Data in Executable']
- CatPgProgrammer → fxm [added link to new page 'Embed and Access binary Data in Executable']
- PrintToc → fxm [added link to new page 'Embed and Access binary Data in Executable']
- ProPgDataExecutable → fxm [new page 'Embed and Access binary Data in Executable']
- ProPgExecutables → fxm [added link to new page 'Embed and Access binary Data in Executable']
- CatPgProgrammer → fxm [added link to new page 'Embed and Access binary Data in Executable']
- PrintToc → fxm [added link to new page 'Embed and Access binary Data in Executable']
Re: encryption in zip or xor?
Looks nice. A very useful addition to the Programmer's Guide, indeed.
Re: encryption in zip or xor?
Since I occasionally figure out game formats and write modding tools for them, if you're interested in how a motivated person might approach getting the plaintext for a file like this:deltarho[1859] wrote: Just to make life a little harder for an attacker, you could use something likeat some point before, EncDecFile is called. The point being that it is nowhere near the Sub. The ciphertext cannot be brute forced, so an attacker will have to get their disassembler out. It may take a while for the penny to drop that the asm for MyRandomize is related to a PRNG and used in EncDecFile; if ever, the penny does drop. I reckon that your sound file will be safe.Code: Select all
pcg.MyRandomize( 12345, 67890 )
1: Run the app in WinDbg or similar debugger.
2: Put a breakpoint on the Windows ReadFile function
3: When that's hit, put a memory-read breakpoint on the buffer the file data was read into
4: When that breakpoint fires, now we know where the code that first uses the file data is. And if the data is compressed or encrypted, generally the first thing that'll happen to it is to decompress or decrypt it.
In the simple/common cases, the code we found in 4: will be in the middle of a loop and there'll be an output buffer. You then put a normal breakpoint at the end of the loop and voila, the output buffer (and I) now have the plaintext. In these cases you'd only see the ciphertext and the plaintext, the actual transformation algorthm could be anything from xor to RNG scambling to AES - the how, where and when would only matter if I intend to write tools to encode new music files for the game.
Not that the OP should worry about this. The sound file will be safe enough.
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
So find the buffer and we find the plaintext. How the ciphertext was created is academic and, therefore, so is the decryption — the application does it for us. However, knowing how to do something is not the same as being able to do it. I am not confident that I would be competent enough. Of course, it is a different story for experienced attackers.
That application I mentioned earlier that employs many anti-hacker techniques blocks debuggers. I tried OllyDbg on some code and it failed. As mentioned, the software was not cheap and has an annual fee. One of the PowerBASIC members uses it.
That application I mentioned earlier that employs many anti-hacker techniques blocks debuggers. I tried OllyDbg on some code and it failed. As mentioned, the software was not cheap and has an annual fee. One of the PowerBASIC members uses it.
Re: encryption in zip or xor?
Do I detect a hint of irony there? ;-)adeyblue wrote:2: Put a breakpoint on the Windows ReadFile function
3: When that's hit, put a memory-read breakpoint on the buffer the file data was read into
4: When that breakpoint fires, now we know where the code that first uses the file data is. And if the data is compressed or encrypted, generally the first thing that'll happen to it is to decompress or decrypt it.
5: Find the destination buffer of the decrypting routine
6: After decryption, write its content to file
Yes, that's how I would do it, and yes, OP should be reassured that 99.9% of all users can't do it. The problem is an academic one, but still, it's fun to reflect on how to make life difficult for the imaginary hacker.
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
Of course, with embedding, we would not do step 2:.
However, it is inevitable that at some point the sound will exist as plaintext, even if the embedded sound is 'encrypted'.
However, it is inevitable that at some point the sound will exist as plaintext, even if the embedded sound is 'encrypted'.
Re: encryption in zip or xor?
That would be LoadResource instead of ReadFile.deltarho[1859] wrote:Of course, with embedding, we would not do step 2:.
Not exactly plaintext but yes, the content will be visible.However, it is inevitable that at some point the sound will exist as plaintext, even if the embedded sound is 'encrypted'.
-
- Posts: 4308
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: encryption in zip or xor?
I spent an afternoon once reading a few websites on anti-hacking techniques. Some techniques were extraordinarily clever, and the coding was very low level. In fact, to go any lower we'd need a diving suit.jj2007 wrote:it's fun to reflect on how to make life difficult for the imaginary hacker.