X hits on this document

329 views

0 shares

0 downloads

0 comments

47 / 120

Using the substitution cipher given in Table 7.3, we replace each string constant in

VerifyPassword.cpp with its equivalent ciphertext. Even strings with format modifiers

such as “%s” and “%d” can be encrypted as these inserts are not interpreted by methods

such as printf and sprintf until execution time. Table 7.4 contains the source code and

disassembly for VerifyPasswordObfuscated.exe, where each string constant in the

program is stored as ciphertext; when the program needs to display a message, the

ciphertext is passed to the bundled decryption routine. The transformation we've

manually applied removes the helpful information the string constants provided when

they were stored in the clear. Given that modern languages have well-documented

grammars, it should be possible to develop a tool that automatically extracts and replaces

all string constants with ciphertext that is wrapped by a call to the decryption routine.

Table 7.4. VerifyPasswordObfuscated.cpp and corresponding disassembly.

VerifyPasswordObfuscated.cpp:

01: #include "substitutioncipher.h" 02: using namespace std; 03: static const char *password = "77827D2E81727F"; 04: static const char *enter_password = "527B81727F2D7D6E8080847C

7F71472D"; 05: static const char *password ok = "685C586A2D4E70707280802D747

_

F6E7B8172713B"; 06: static const char *password_bad = "68527F7F7C7F6A2D4E70707280

802D71727B7672713B"; 07: int main(int argc, char *argv[]) 08: {

09: 10: 11: 12: 13: 14: 15: 16:

SubstitutionCipher cipher; string specified; cout << cipher.decryptFromHex(enter_password); getline(cin, specified); if (specified.compare(cipher.decryptFromHex(password)) == 0) {

cout << cipher.decryptFromHex(password ok) << endl; } else

_

17:

{

39

Document info
Document views329
Page views330
Page last viewedMon Dec 05 07:09:30 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments