Is it possible to read .qrc Qt resource file from compiled executable?

Question

I am creating an application in Qt which can be used by users to read some confidential text file. The idea is that if a user wants to access this file, he can only do so through this application and not read it directly. I am planning to add this file using qrc resource.

What I would like to know is that:

1. Is it possible for a user of the application to somehow "extract" the embedded resource from the compiled executable?
2. If so, in order to prevent this, is it possible to encrypt or hash the said resource before compiling?

P.S.Maybe someone out there has already faces this scenario and came up with a better solution then what I am thinking. If so, new ideas are always welcome.

Answer 1

Depending on your level of expertise, you could make retrieving the text a bit more difficult, but you won't get a secure result this way.

rcc (Qt's resource compiler) tries to compress a resource and if the resource compresses to less than 30%, it will compress the resource. Otherwise the resource will go uncompressed into your executable. As a starting point, you could persuade rcc to always compress by calling rcc with option -threshold 1.

Next you will have to make sure, that all debug symbols are erased from your delivery, otherwise an astute code reader will do something like this:

objdump -all-headers your.app/Contents/MacOS/your | grep qrc

and will get something like this:

00000001002162f0 l     F __TEXT,__text  __GLOBAL__sub_I_qrc_resources.cpp

Where 00000001002162f0 is a good starting point for disassembling your executable. Still: Even if you remove all debug symbols, your resources will always pop up in the DATA section of your code.

So even if you are following this and further advice people might give, it's just obfuscation. Welcome to the wonderful world of cryptology and steganography.