Skip Navigation

C++ AES-256 encryption at compile-time

github.com GitHub - MarekKnapek/mk_clib: My C stuff.

My C stuff. Contribute to MarekKnapek/mk_clib development by creating an account on GitHub.

GitHub - MarekKnapek/mk_clib: My C stuff.

Do you want to encrypt something and include it into your application? Don't want to use pre-build step? Encrypt it at compile-time! Decrypt it at run-time, assuming end-user knows the key or password. Plain-text is not stored inside your binary file. https://github.com/MarekKnapek/mk_clib#constexpr-aes-256-encryption-and-run-time-decryption

3

You're viewing a single thread.

3 comments
  • I'm mildly interested in this as a concept, but I don't think I have any use for it.

    • Think of password protected access to something, anything. Instead of checking if(password == some_constant){...} or if(hash(password) == precomputed_hash){...} you encrypt that something. The first variant has disadvantage that some_constant is stored inside your binary, thus password visible to anybody. The second variant ... the same, hash of the password is stored inside the binary and could be brute-forced or rainbow-tabled. Both variants have the disadvantage, that there is a run-time check refusing access to some data, but those data are available in the binary anyway. Just open the program in debugger or in hex editor and NOP the if out. With my approach the data is unreadable without the correct password. The app could not be convinced / persuaded to provide the data in any way without the password.

      • Think of advanced features of WinRAR not being accessible without valid licence key. Ehm, WinRAR distributes the same binary for both licensed and unlicensed users, unlocking the features with license key or with a crack (equivalent of NOPing the if). What if instead WinRAR distributed different binary for each licensed user, advanced features encrypted by per-user key. Crack or keygen would need to use some particular user's binary with theirs license. Easily trackable. Or crack would need need to be applied once and then distribute the un-encrypted features / code.