1. 首頁
  2. 問答
  3. c中隱藏char字符串

c中隱藏char字符串

2017-08-27 96 views
-3

我想在C中演示格式字符串漏洞。我想避免字符串命令泄露ASCII字符串sin我的二進制文件。c中隱藏char字符串

繼承人我簡單的代碼:

#include <stdio.h>  
static char secret[] = "mysecretstring"; 
    int main(int argc, char *argv[]) { 
    char buf[64]; 
    strncpy(buf, argv[1], sizeof(buf)); 
    printf(buf); 
    }

來源

2017-08-27 pizzaiolo

+1

究竟是什麼問題?此外,這看起來不像C++代碼,所以爲什麼C++標籤? – pmaxim98

+0

如果我編譯此代碼並對編譯後的二進制文件運行字符串,它將顯示mysecretstring。我正在尋找隱藏變量的技巧。 – pizzaiolo

+0

@ pmaxim98如果添加了包含,那麼這是完全合法的C++代碼。就像它是完全合法的C代碼一樣,如果你添加相同的包含。 – Deduplicator

回答

0

你可以做一些數學與它例如:

static unsigned char secret[] = {'m' + 10, 'y' + 10, 's' + 10, 'e' + 10, 'c' + 10, 'r' + 10, 'e' + 10, 't' + 10, 's' + 10, 't' + 10, 'r' + 10, 'i' + 10, 'n' + 10, 'g' + 10};

爲你的祕密字符串可能在RO段:

char *decode(const unsigned char *str, int c) 
{ 
    int len = 0; 
    char *ml, *cl; 
    while(*str != abs(c)) 
     len++; 
    ml = malloc(len + 1); 
    if(ml != NULL) 
    { 
     cl = ml; 
     while(*str != abs(c)) 
      *cl++ = *str++ + c; 
     *cl = 0; 
    } 
    return ml; 
}

當然編寫腳本會更容易,它將爲您編寫字符串文字。編碼機制可能更爲複雜 - 在例子中,我只是爲一些小事

用C 

#define VNAMEMAX 20 
#define VVALUEMAX 200 

typedef struct 
{ 
    char vname[VNAMEMAX]; 
    char vvalue[VVALUEMAX]; 
}VDEF_T; 


VDEF_T varialbles[] = 
{ 
    {.vname = "mystring",.vvalue = "Something very secret"}, 
    {.vname = "secret_var",.vvalue = "Something even more secret" }, 
    {0,}, 
}; 

int code(VDEF_T *v, char *fname, int c) 
{ 
    FILE *fp = fopen(fname, "wt"); 
    int result = (fp == NULL) * -1; 

    if (!result) 
    { 
     fprintf(fp, "#ifndef _MYSECRET\n#define _MYSECRET\n\n\n"); 
     while (!result && v->vname[0]) 
     { 
      fprintf(fp, "static unsigned char %s[] = {\n\t\t", v->vname); 
      for (int i = 0; i <= strlen(v->vvalue); i++) 
      { 
       if (fprintf(fp, "0x%02x,", v->vvalue[i] + c) < 0) 
       { 
        result = -1; 
        break; 
       } 
      } 
      if (fprintf(fp, "};\n\n") < 0) result = -1; 
      v++; 
     } 
     if(fprintf(fp, "#endif") < 0) result = -1; 
     fclose(fp); 
    } 
    return result; 
}

而結果.h文件

例編碼功能;

#ifndef _MYSECRET 
#define _MYSECRET 


static unsigned char mystring[] = { 
     0x5d,0x79,0x77,0x6f,0x7e,0x72,0x73,0x78,0x71,0x2a,0x80,0x6f,0x7c,0x83,0x2a,0x7d,0x6f,0x6d,0x7c,0x6f,0x7e,0x0a,}; 

static unsigned char secret_var[] = { 
     0x5d,0x79,0x77,0x6f,0x7e,0x72,0x73,0x78,0x71,0x2a,0x6f,0x80,0x6f,0x78,0x2a,0x77,0x79,0x7c,0x6f,0x2a,0x7d,0x6f,0x6d,0x7c,0x6f,0x7e,0x0a,}; 

#endif

來源

2017-08-27 08:47:55

+0

我能隱藏文件中的字符串嗎?例如: static const char * secret =「secret.txt」; – pizzaiolo

+0

是的,你會的。當然,所有的字符串都必須如示例中所示進行編碼 –

相關問題

 相關問題