X hits on this document

331 views

0 shares

0 downloads

0 comments

53 / 120

7.6.1 Encryption of String Literals

To eliminate the obvious starting point of setting an access breakpoint on the trial

message, all of the messages issued by the application are stored as encrypted

hexadecimal literals that are decrypted each time they are used—keeping the decrypted

versions out of memory as much as possible. Table 7.6 gives an example of the needed

code changes to PasswordVaultConsoleUtil.cpp.

Table 7.6. Encrypted strings are decrypted each time they are displayed.

-----------------------------------------------------------------------

133

case

createPasswordRecord:

return

"Create

a

Password

Record";

__

==> 137 case __createPasswordRecord: DecryptMessageText("507F726E81722D6E2D5D6E8080847C7F712D5F72707C7F7 1", _textBuffer); -----------------------------------------------------------------------

186 case

recordLimitReached: return

"Thank

__

Vault! You have reached trial version.";

the

maximum

number

of

you for records

trying Password allowed in this

==> 190 case __recordLimitReached: DecryptMessageText("61756E7B782D867C822D737C7F2D817F86767B742D5D6E8 080847C7F712D636E8279812E2D667C822D756E83722D7F726E707572712D817572 2D7A6E85767A827A2D7B827A6F727F2D7C732D7F72707C7F71802D6E79797C84727 12D767B2D817576802D817F766E792D83727F80767C7B3B", _textBuffer); ----------------------------------------------------------------------- 205 void PasswordVaultConsoleUtil::DecryptMessageText(const char *_cipherText, string *_plainTextBuffer) 206 {

208 210 212 214 string cipherText(_cipherText); SubstitutionCipher cipher; _plainTextBuffer->assign(cipher.decryptFromHex(cipherText)); } -----------------------------------------------------------------------

The net effect of encrypting the literals is shown in Fig. 7.1 where a dump of the .rdata

section of the Password Vault program image no longer yields the clues it once did.

Since the literals are no longer readable, one cannot simply locate and set a breakpoint on

the trial limitation message—as was done in the solution to the Wintel machine code

45

Document info
Document views331
Page views332
Page last viewedMon Dec 05 12:59:37 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments