how to obfuscate an INT64?

Question

How can I obfuscate an Int64 so that it's not obvious to know the original value? I m not looking for something terrible, some a simple obfuscation method.

Does this answer your question? [Why is XOR used in cryptography?](https://stackoverflow.com/questions/1379952/why-is-xor-used-in-cryptography) — Augusto, Oct 28 '20 at 11:44

score 1 · Answer 1 · answered Oct 28 '20 at 11:43

1

Xor it with a static value. Xor again with the same static value to get the original value.

answered Oct 28 '20 at 11:43

Augusto

28,839
5
58
88

with static value you will take for the Xor ? – zeus Oct 28 '20 at 23:47
Just generate any random number. But remember you must use the same random number on the de-obfuscation. – Augusto Oct 29 '20 at 09:24

score 1 · Answer 2 · answered Oct 28 '20 at 13:46

1

Why do you want to obfuscate it? What are you obfuscating against?

For example, if you're trying to protect a single 64-bit integer from static analysis, the xor approach will protect it somewhat. If you're looking for protection from dynamic analysis, you'll need a more complicated solution that provides anti-debugging and anti-tamper protections.

Why is this constant worth protecting? What are the programmatic constraints on this, e.g. how frequently does this value need to be revealed, just once?

Encryption with a real encryption algorithm will go further than xoring with another value and isn't actually very hard. You might use AES/CBC/PKCS5Padding (AES is a current standard algorithm, CBC is for chaining blocks (this doesn't matter with only 8 bytes of data), and PKCS5Padding is padding to allow less than the block size). There are examples all over the internet, including SO (Rijndael is AES).

answered Oct 28 '20 at 13:46

neuralmer

573
3
11

it's just that google api don't want we pass them a raw user id but instead that we obfuscate it. For me the user id is not a sensitive data I just need to obfucate it to be compliant with GG api – zeus Oct 28 '20 at 16:30
@loki Do you need the actual value, or would a hash of the value be sufficient? If so, I would look at a one-way hash like SHA256 with an appropriate salt. – neuralmer Oct 28 '20 at 20:21
unfortunately I need to get back also the value :( – zeus Oct 28 '20 at 23:46
Probably a more specific question about how to handle the identifier with Google APIs would get you a better answer, although I don't know that it would go on SO main site. I would expect the Google API documentation to have suggestions about how to handle this, since it seems like it would end up being a common question API users would have. – neuralmer Oct 29 '20 at 13:45

how to obfuscate an INT64?

2 Answers2