I hope that title isn't misleading; part of the problem I'm having is I don't know how to ask the right questions. Anyway:
I have a program that saves its state into a file and then loads it later. Just some basic stuff, integers, doubles, maybe a string here and there. So far I've been using .txt files, but I want to move onto another format. I know I can save with just about any extension I want (.sav .dat .map etc.) but opening it up in notepad just has the text info as expected, which means the user can fiddle all they want.
What I want to do is take the data I'm saving and convert it to binary or bitcode or whatever it's called so notepad (or any other text editor) will just put out random characters, like so: -‡Wk]s9µî,¯k^û.
I thought about rotating my characters before writing them out but that doesn't seem like it'll jumble it up as much as I want.
As you can probably already tell, I don't really know the correct name for the concept I'm trying to implement here. Sorry if that all seemed a little rambly.
If you're looking for a quick way to obfuscate your saved data, you could consider Base64 encoding. Here's some code that deals with this algo.
Please note that the Base64 encoding is not secure enough for storing sensitive info such as passwords, credit-card numbers and e-mails etc. However, for storing some program settings in an obfuscated manner so that the end-users don't mess with it, this ought to be sufficient.
You could consider writing your settings data in the binary mode (pass mode as b to the fopen function or use ios::binary flag with fstream objects).
Related
I am doing this small university project, where I have to create a console-based text editor with some features, and making files password protected is one of them. As I said, it's a university project for an introductory OOP course, so it doesn't need to be the most secure thing on planet. I am planning to use a simple Caesar cipher to encrypt my file.
The only problem is the password. I'll use the password as the encryption key and it will work, but the problem is handling the case where the password is wrong. If no checks are placed then it would just show gibberish, but I want to make it so that it displays a message in case of a wrong password.
The idea I have come up with is to somehow store the hash of the unencrypted file in that text file (but it shouldn't show that hash when I open the file up with notepad) and after decrypting with the provided password, I can just hash the contents and check if it matches with the hidden hash stored in that file. Is it possible?
I am using Windows, by the way, and portability is not an issue.
In general, you can't theoretically design a data format where nothing but plain text is a valid subset of it, but there can also be metadata (hash or something else). Just think about it: how do you store something other than text (i. e. metadata) in a file where every single byte is to be interpreted as text?
That said, there are some tricks to hide the metadata in plain sight. With Unicode, the palette of tricks is wider. For example, you can use spacelike characters to encode metadata or indicate metadata presence in the way that the user won't notice. Consider Unicode BOM. It's the "zero-length space" character. Won't be seen in Notepad, serves as metadata. You could so something similar.
They already mentioned alternative data streams. While one of those could work to keep the metadata, an alternative data stream doesn't survive archival, e-mailing, uploading to Google Drive/OneDrive/Dropbox, copying with a program that is not aware of it, or copying to a filesystem that doesn't support it (e. g. a CD or a flash drive with FAT).
Using fstream, what file type would you recommend that I can read and write to for save files? I'm attempting to make a program where the user enters a username and a password and it'll output it to a file. I'd like a filetype that isn't very easy for the user to edit. (so not a .txt or .ini)
Thanks in advance
fstream doesn't really have a sense of a "file format" outside of being in text mode vs pure binary mode (there are some nuances with newlines for example). You would typically use some sort of intermediate library to generate or directly write XML files, JSON files, INI files, etc. SQLite is a popular library/format to store database tables in a file. Mozilla Firefox uses it for their bookmarks and history for example.
What you're talking about is security through obscurity. By using using some sort of encoding, perhaps ultimately binary so it wouldn't even be printable at all without a hex editor, it would obscure things a bit. If you used encryption it wouldn't be readable until decrypted, but you could always reverse engineer the program to determine the encryption/decryption keys and algorithms.
The most secure option is to not store the password at all, but a hash of the password. This means that even with reverse engineering the program, you wouldn't be able to directly extract the stored password. Instead, whenever the user attempted to enter a password, it would compare use the same hashing algorithm and compare the results.
This doesn't always work though, because sometimes you are storing the password to submit to a 3rd party, in which case you do have to ultimately recover the stored password into plaintext for transmitting to the 3rd party.
I hope this gives you some ideas!
So I noticed when I want to write external data for my program I have to use and that inserts my data I want into a notepad. What Im wondering is, say I wanted to write to a file that my users couldn't edit, like a file that would hold scores and such for a game that I dont want players to be able to edit manually. Would such a thing be possible through c++ standard library alone, or would I need some other library? And I understand some programs may be able to read it, but Im more oriented towards wether people can read it by simply looking at the notepad.
You say you just want to prevent people from easily using notepad.exe to see and edit the file content. That can be done by writing the data as binary rather than text:
std::ofstream out("score.dat", std::ios::binary);
std::uint32_t score = 12000;
out.write(reinterpret_cast<char*>(&score), sizeof score);
However it's still trivial for users to see and modify the data using a hex editor.
You could make it require a bit more work by encrypting the data first, but given that the program must have all the information necessary to read and write the file it's still pretty easy to get around.
I've been at it all night just trying to get a simple program to read in a text file and then copy it/write it back into a binary format.
My code looped through the text doc, got the data, put it in the buffer and wrote it back out. Heck I even hard coded the data I wanted to be written out in binary.
I used fstream, ofstream, example: fp1.open("student.dat",ios::binary);
and was reading up on several different sites such as:
http://www.functionx.com/cpp/articles/serialization.htm
http://www.cppforschool.com/tutorial/files2.html
and I had working code, but when I open the .bin file in my Notepad++ I saw that my text data still looked like text and wasn't really 'converted' over to any hexdecimal format, or anything really. Numbers were, and I double checked to see if they were accurate by y'know, a little website where you can type in the number and it spits out the hex.
I was so fed up as to why my text wasn't converting that I destroyed all my code and tried to start over. *hence the lack of examples"
So, my question, finally is, why wasn't the text changing in any way, is this normal for a binary file and using this method? I've even used pre-made coding examples and it all came out the same way. Am I just expecting it to all look like 1's and 0's and really it's not and it was all really working?
My main project is to convert an .OBJ file to binary data, but really how should I be looking at this? How should this binary file look?
Any advice would be greatly appreciated!!!
Thank you!
I was just using Chars and string and wasn't seeing a difference. Once I started using other data types, it became apparent that there was a change. I understand that .OBJ and .txt are binary file types, i just expected a bigger change. I used cplusplus.com and reviewed what I needed to know more of. Thank you for trying to help I guess!
I've been working on a project in C++ using openGL and am looking to save the current scene to a text file. Something simple along the lines of, cube at x,y,z and its color etc.
My question is about how to make sure that the file has not been changed by a user. I thought about calculating a checksum of the string and including that in the file.
e.g. checksum, string
But again this is open to the user modifying the values.
Any recommendations or is this just a case of writing a good parser?
Cheers
theoretically: you can't.
practically: encrypt it and obfuscate the key within your program (this is how much of DRM works)
although you will never be able to stop a determined user. Why is it so important that the user can't modify it?
If you want users to be able to read, but not modify make the last line a HMAC of the file and a secret key.
Instead of preventing the user from changing the file is better to validate file's content before using it. Create a good parser that is able to detect (and repair?) errors.
Let the user do whatever he wants because some errors might be fixable. Give warnings. With hashing you will prevent your users to do anything.
How strict is your requirement that the file not be user-modifiable? That is, how much effort are you willing to expend to make sure the user can't tinker with the file? Does the file need to be user-readable? If you really don't want the user to change the file, maybe encryption of some sort is the answer (provided the user doesn't need to be able to read the file). Something like this trivial XOR encryption scheme might be enough.