CODEWITHSUNDEEP
cstringgccbinary
slacker
slacker

Reputation: 478

C: Suppress system calls from binary

I have in my code things like:

system("a system call");

but, as the printf, the text inside the system() is readable in the binary code.

I'm compiling the .c with 

gcc -std=gnu99 code.c -o code

How may I compile to suppress the readable string in the binary code?

Upvotes: 0

Views: 155

Answers (2)

chmike
chmike

Reputation: 22134

You could "encrypt" the string and store the crypted version. Then when the program needs the ASCII string, decrypt it.

The most simple encrypter is to do a bitwise xor with a random pattern of bits. To decrypt simply do the same bitwise xor with exacly the same random pattern of bits.

You will need to save the string length along with the encrypted byte sequence.

Here are simple encryption and decryption functions. These are not cryptographically secure, but good enough for the goal. You can use a global constant as key. 

void encrypt(char* str, unsigned long key)
{
  unsigned char* p = (unsigned char*)str, c;
  do
  {
    key = key * 214013L + 2531011L;
    c = *p;
    *p ^= (unsigned char)(key>>24);
    ++p;
  }
  while(c);
}

void decrypt(char* str, unsigned long key)
{
  unsigned char* p = (unsigned char*)str;
  do
  {
    key = key * 214013L + 2531011L;
    *p ^= (unsigned char)(key>>24);
  }
  while(*p++);
}

Upvotes: 1

Basile Starynkevitch
Basile Starynkevitch

Reputation: 1

We don't know on which operating system you are coding. But I am guessing it is Linux (or at least some POSIX).

Then my advice is to avoid system(3) and use something else, such as fork(2), execve(2), waitpid(2); take time to read Advanced Linux Programming for details (they could be tricky to you).

BTW, you are naive in thinking that by removing the string from your binary, people won't be able to understand what is happening. They could use strace(1) and guess immediately what programs and arguments your program is running (even if you encrypt the command string, etc...)

BTW, security thru obscurity is wrong.

At last, a bit of terminology: system(3) is a standard C library function (very poorly named, it should have been called command), it is not a system call, which are listed (on Linux) in syscalls(2).

Upvotes: 4

Related Questions