3

I'm writing program that load encoded string into memory and decode it with special algorithm.

Sequences of program work:

  1. Load data from encoded file (base64 string)
  2. Decode base64 string to encoded data string (Rijndael 256)
  3. Decode encoded data string (Rijndael256) to plain text code
  4. Run code and store state in data structure
  5. Delete plain text from memory
  6. ...

The problem is in sequence #3 if user create dump of program memory, he can get code as plain text which must be secure. My question is - there is any way to protect my plain text string in memory?

Program is written in C++.

Adams
  • 41
  • 5
  • 1
    Base64 is as safe as plaintext. That means, none of them are safe. – Valdas Sep 02 '15 at 13:38
  • No, it's not possible. Consider, someone might write an x86 emulator (heck, a Windows emulator) which they can run your code on, but with the property that they can interrupt the emulator at any point and examine every detail of its state. The real game is, can you make it sufficiently awkward and annoying to interpret the memory dump, that the person gives up before they manage it. For example, perhaps only a small part of the text is decoded at any one time, and even that's split between multiple objects. But it's just a game of who has more patience, you or your opponent. – Steve Jessop Sep 02 '15 at 13:42
  • `Base64` is only method to hide ugly encoded text in `Rijndael 256`. Read sequences of work. – Adams Sep 02 '15 at 13:43
  • 1
    What are you trying to avoid here (XY-problem)? – Caramiriel Sep 02 '15 at 13:52

2 Answers2

1

Presumably the plain text is needed in memory, at least briefly, for proper execution. If, at that point, a memory dump happens, yes, they have access to it, and no, there isn't much you can do about it. Keeping it in plain text as short as time as possible will help, as well "secure zeroing" the memory after you're done with it.

mark
  • 5,269
  • 2
  • 21
  • 34
  • Might be useful to somehow allocate the memory to hold the plain text so that it will not get swapped out to disk. – Steve Sep 02 '15 at 14:14
  • Seems unlikely that it would swap out in a very small window of use, but I agree that it is possible. You could enable swap-file encryption in your OS if that loading scenario was a concern. – mark Sep 02 '15 at 14:40
1

No, there isn't any way to protect it - presumably even OllyDbg is enough to get the decoded value (just the matter of placing a breakpoint, after which it doesn't matter that the memory is zeroed or moved or anything).

You should rethink your security model.

Patryk W.
  • 82
  • 1
  • 5