I'm working on a text based adventure game in C++ and I would like to store quests in a text file,but I don't want the player to read it.
Is there an easy way to encrypt it?
Another way to "hide" content of your file to player is to encrypt the file.
You can use openssl for instance.
In this thread you can have an idea on the usage.
Velthune's OpenSSL suggestion is fine but it is arguably overkill. I would try something simple like XOR encryption instead.
Of course XOR encryption is not secure, but neither is the OpenSSL approach, since your program must store the encryption key somewhere in the executable file in order to be able to do the decryption.
There is no way to truly secure the file's contents against a determined user and still have it be accessible to a program that runs on the user's machine.
So, I'd suggest XOR encryption as a simple form of obfuscation that will deter someone from changing the file casually, yet won't make your program dependent on an external library.
Related
So I was looking at ways to lock file folders with a password in windows, and this type of security is not really supported.
Given I know C++ I was wondering if I could simply do this myself.
It would be simple enough, in the case of a text file, to copy the entire contents of the file into a C-string. I could then use basic logic to prompt for a password, if it matches, use an fstream overload and insert the whole string into a text file.
Then, simply wipe the file when I'm done using it.
I basically know how to do this, and the result would be a string containing the document compiled into a .exe which I assume would be unreadable. The thing is, I've never really studied encryption or computer security so I'm wondering how secure this would be, or if there is a better way to do this?
Could it be done on photo or video files as well, if so, how?
How hard would it be to reverse (decompile) the process?
What types of things could I do to make reversal more difficult, ie. using multiple strings, or mixing in random characters?
I'm not looking to hide super-sensitive files, I'm just curious about encryption basics.
Never implement crypto yourself - it is destined to fail. Use well reviewed libraries such as OpenSSL. A good example of using AES for file encryption: Encrypting and decrypting a small file using openssl
Using such simple approach will let you encrypt any file. And it will be secure. Why settle for weak encryption if you can have strong encryption?
If you don't want to write a program, just get, for example, OpenSSL and use the terminal: openssl des3 -salt -in file.txt -out file.des3
I'm creating a program uysing c++ that relies off sensitive information contained within a folder located on my Ubuntu 14.04 desktop. I need some way to protect this information.
Essentially I have two buttons setup on my application. One to encrypt the folder and one to decrypt the folder. However, I have no experience with encryption and don't even know if you can encrypt a folder itself. Most tutorials I have found only talk about encrypting text. A friend recommended using AES encrytpion, but again, I can only find tutorials that show how to encrypt text.
Does anyone know of any way to protect these folders? They contain a large amount of images (.bmp and .png file types) concerning patient information along with a few text files. Obviously the quickest method would be best, as long as they aren't easily accessible without pressing the buttons.
Encryption is not some magic wand one can waive over some data, and encrypt it. If your application has a button that automatically "decrypts" the data, it means that anyone else can do it as well. For this button to work as you described, your application must logically know everything that's needed to decrypt the data. If so, a determined attacker can simply obtain a copy of your application, debug it, figure out how it decrypts the data, and game over.
At the very minimum, a passphrase will be required in order to decrypt the data; so that the application alone is not sufficient to effect encryption and decryption.
As far as the actual technology goes, the two primary software libraries on Linux that provide generic encryption facilities are OpenSSL and GnuTLS. Both provide comparable implementations of all standard symmetric and asymetric cipher-suites.
I believe that GnuTLS is a better API, and that's what I recommend. The design of GnuTLS's C API naturally lends itself to a light C++ OO wrapper facade. The GnuTLS library provides extensive documentation, so your first step is to read through the documentation; at which point you should have all sufficient information to implement encryption in your application.
Just a simple point.
You are going to have to make a blob, which you someway mount as a filesystem. You are also going to have to decide how to control access to that filesystem while people are using it. Also how people are going to synchronize access. Do it wrong and two people will write to the same area at the same time and create something that no one will ever decrypt!
Look at the source code for dm-crypt and TrueCrypt, but if you want to limit access beyond the permission system that your OS supports you may find yourself way in over your head.
you need build private filesystem,so every file operator must pass you application. you can encrypt the file contain to user.
I would like to know some tips how to secure DLL (Win32, dynamic) file from injecting and how to increase security of compiled code.
There's a SQL password in DDL source code which is used to connect to MySQL. Is it secure enough to leave it?
Is there any way how to prevent 'users' modifying HEX code? I mean to secure more from source code.
Which options in project properties would be optimal for optimizing and maybe securing DLL?
Im using MVSC++ 2010 Express and source code to users won't be available.
In order for the DLL to be usable it needs to be readable. That means that if you encrypt your file you also need do decrypt it before using it. Also, you can sign your DLL so that you know it has not been modified, but still that doesn't hide the symbols in the file itself. Another approach would be to obfuscate the code so that it is harder for users to understand but the OS can still easily execute it - think of that as a weak form of encryption.
Specific answers:
If you have a password in any binary file then it is not secure. It is a simple matter of looking through the strings of the binary file to find it.
Users can always modify the file, but the file can be signed using some cryptographic scheme which ensures that you will know if it has been tampered with.
I don't use that particular tool but I'm sure that it will not provide you with any real security.
Tip: Instead of having an SQL DB password in your source code you could instead make it send commands to a server which would authenticate and process them. That way you don't need an explicit password in your file.
Any and every literal string in your DLL is readable unless you encrypt the entire file. Do NOT store passwords as literal strings in your dll. Period. Also, you have to remember that assembly code is just data, and if the file is writable, anyone with an Intel reference sheet and a hex editor, or a disassembler and a an assembler can change it if they have access to the file. You can always obfuscate your source, which will make the assembly slightly less readable, but still completely modifiable.
In short, nothing you do will completly secure your DLL.
I have a proprietary application which uses an xml config. Currently I use boost::property_tree to read the xml file.
I would like to deploy both executable and xml file on a more public system and want to avoid anyone, including that system's administrator, from reading the xml.
Ideally, I would like to maintain the clear text xml on my system so I can easily manually modify it. Then I would call some encrypt command on the file, deploy it on the more public machine and have the executable decrypt it on the fly. I'd use the same key and just hardcode it into the source of the executable.
Is this a reasonable approach? What is the easiest way to implement this? Is there a better way?
Since you're already using boost, you could always serialize it. If you use binary archives, the file will be essentially unreadable. I guess my follow-up question would be: do you also want it to be secure? Or just unreadable?
If the code runs on the client's machine, then in principle you can never prevent the data from becoming known, because it has to be on the client's machine. You can try to obfuscate, but ultimately the client will have to be able to read the data, so it has to know it.
If you were to simply embed an encryption key in your program, the client could just scan through the file and extract the key. If you work a bit harder you can make Skype, but even that has been deconstructed.
It all depends on the seriousness of your need to protect the data. If it's absolute, then you cannot do it, but if you just want to keep the casual visitor out, you could try and make it a bit harder... tell us some details if you're serious about this.
If your goal is to prevent someone from casual inspection, then that is a reasonable approach.
If you must ensure (for some weird reason) that the configuration cannot be read, it is a foolish errand, because the program can read it, so a user who is determined to do so can do it as well. Either by disassembling the program, or simply by doing a memory dump from the debugger. Having that said, a simple, lightweight encryption will be good enough, because even the toughest encryption will be broken in the same way.
You might also consider whether using an explicitly human-readable format such as xml is well-suited if you don't want people to read it.
I had a very similar case. I used a compression algorithm to store the file 'encrypted'. zlib can be used for C++. You can easily encrypt and decrypt your file, both from command-line and from code. To add some more 'security' you can xor the compressed file with a password.
This a both simple to implement and easy to use. Of course I won't use such method if my clients are hackers, or have a financial incentive to read the XML.
I've been working on a project in C++ using openGL and am looking to save the current scene to a text file. Something simple along the lines of, cube at x,y,z and its color etc.
My question is about how to make sure that the file has not been changed by a user. I thought about calculating a checksum of the string and including that in the file.
e.g. checksum, string
But again this is open to the user modifying the values.
Any recommendations or is this just a case of writing a good parser?
Cheers
theoretically: you can't.
practically: encrypt it and obfuscate the key within your program (this is how much of DRM works)
although you will never be able to stop a determined user. Why is it so important that the user can't modify it?
If you want users to be able to read, but not modify make the last line a HMAC of the file and a secret key.
Instead of preventing the user from changing the file is better to validate file's content before using it. Create a good parser that is able to detect (and repair?) errors.
Let the user do whatever he wants because some errors might be fixable. Give warnings. With hashing you will prevent your users to do anything.
How strict is your requirement that the file not be user-modifiable? That is, how much effort are you willing to expend to make sure the user can't tinker with the file? Does the file need to be user-readable? If you really don't want the user to change the file, maybe encryption of some sort is the answer (provided the user doesn't need to be able to read the file). Something like this trivial XOR encryption scheme might be enough.