0

I am not using the -g compiler option, yet I am still getting strings in my executable easily viewable. for example by using strings program.

Here is my code:

test.hpp:

#ifndef TEST_HPP_
#define TEST_HPP_

#include <string>

namespace ns1 {

class Test
{
public:
  std::string Get(const std::string& root);

private:
  void append_other_stuff(std::string& s);
};

} // namespace ns1

#endif // TEST_HPP_

test.cpp:

#include "test.hpp"

static const char* privatePart = "_hideme_";

namespace ns1 {

std::string Test::Get(const std::string& root) {

  std::string result = root + "_fixed_" + privatePart;
  append_other_stuff(result);
  return result;   
}

void Test::append_other_stuff(std::string& s) {

  // all these string must be hidden
  static char middle1[] = {'s','e','c','r', 'e','t','1','\0'};
  static char middle2[] = {'s','e','c','r', 'e','t','2','\0'};
  static char endbit[] = {'s','e','c','r', 'e','t','3','\0'};

  s += middle1;
  s += middle2;
  s += endbit;
}

}

main.cpp:

#include "test.hpp"

#include <iostream>

using namespace std;

int main() {
  ns1::Test t1;
  cout << t1.Get("123") << endl;
}

Makefile:

CXX = g++
CXXFLAGS = -Wall -std=c++11


main.o: main.cpp
    $(CXX) $(CXXFLAGS) -c main.cpp

test.o: test.cpp test.hpp
    $(CXX) $(CXXFLAGS) -c test.cpp

prog: main.o test.o
    $(CXX) $(CXXFLAGS) main.o test.o -o prog

output (shortened) from using strings:

strings prog

_hideme_
_fixed_
;*3$"
zPLR
secret1
secret2
secret3

even if I run the strip command:

strip -s -g prog

the strings I want to hide are still in prog.

How can I hide these strings?

Angus Comber
  • 9,316
  • 14
  • 59
  • 107
  • 3
    You need to store those strings encrypted or scrambled and decrypt/unscramble in your code, I doubt somebody will bother to implement special code in compiler to hide string literals. – Slava Jun 13 '19 at 13:15
  • related/dupe: https://stackoverflow.com/questions/1356896/how-to-hide-a-string-in-binary-code – NathanOliver Jun 13 '19 at 13:19
  • 2
    BTW `static char bar[] = {'f','o','o', '\0'}` is the __exact same thing__ as `static char bar[] = "foo"`. And why do you expect the strings to be hidden without using `-g`?? – Jabberwocky Jun 13 '19 at 13:20
  • It is not because of debug information that the strings in question appear in the binary. For the most part, it is because they are essential program data. How do you imagine the program could implement the required behavior if those data were not inside the executable? – John Bollinger Jun 13 '19 at 13:50

1 Answers1

4

To follow up to the comment above, there is no way to hide these strings using any standard compiler or linker tools. You'll have to implement this yourself.

You don't say why you want to do this, so I hesitate to provide advice on how to do it. BE AWARE anyone who has your program can decode this string themselves if they want to, no matter how much obfuscation you go through: you'll only be hiding the string from casual investigation. There's no way to securely keep secrets in a program, unless it requires some external input to decode. So, you should absolutely NEVER use these methods to store passwords or any other sort of secret in your program.

With that caveat, there are simple ways to keep things from showing up via strings if that's your only goal: for example you can store the string in a static array of ints, one for each character, then convert it back into a string at runtime.

MadScientist
  • 92,819
  • 9
  • 109
  • 136