Comment by NikkiA

Comment by NikkiA 8 days ago

7 replies

View on Hacker News

> I'm under the impression an executable binary shouldn't be easily read to find such credentials

Why would you assume that? binaries are perfectly easily readable on non-locked-down platforms.

You'd have to have a system where the executable is encrypted and a secure part of the CPU die handle decryption against a private key, and even then it'd probably be only a matter of time before someone delidded the chip to get the key.

jfactorial 8 days ago

> Why would you assume that?

I thought too highly of modern compiler string literal obfuscation.

Reply View 6 replies
  • swatcoder 8 days ago

    Compilers are there to make things more efficient for the machine running the code. Obfuscating a string is the opposite of that. What they actually do much of the time is collect all the string literals into a contiguous pool so that their addresses are fixed and well-packed, providing efficiency at runtime.

    It's actually very easy to find string literals in executables because of this, not hard.

    Reply View 0 replies
  • nijave 8 days ago

    Consider the string needs reversible obfuscation or it won't be usable. The only secure way is encryption but you'd need to properly secure the key (probably using some hardware facility that's physically locked down)

    Reply View 0 replies
  • CyberDildonics 8 days ago

    What obfuscation? Do you think that is happening automatically? If you compile literals into your program they are sitting in the data section of your binary verbatim so they can be read directly once the binary itself is memory mapped.

    Reply View 0 replies
  • mmsc 8 days ago

    > modern compiler string literal obfuscation

    the what now?

    Reply View 1 reply
    • mschuster91 8 days ago

      There's at least one plugin for LLVM to obfuscate strings from binaries [1], and for Android there is DexGuard [2]. The general idea is to make life as difficult as possible for reverse engineers, crackers and whomever else - hardcoded stuff just showing up in "cat .binfile | strings" is about the first thing I do when investigating some random stuff, and there's tools like binwalk that can automatically do stuff like extracting PEM certificates and other easily identifiable content.

      Of course they can all be reverse engineered by hand, if you figure out the scheme used you can write yourself an IDA or Ghidra plugin/script to automate the process - which assumes that the method doesn't (subtly) change between different builds of the target. Or you can attempt to intercept memory accesses of the application. But that's tedious, annoying and complex busywork that no one really wants to do.

      [1] https://github.com/tsarpaul/llvm-string-obfuscator

      [2] https://www.guardsquare.com/dexguard

      Reply View 0 replies
  • johnny22 8 days ago

    If they used any open or even popular compiler, then that wouldn't solve anything. Folks would have already figured out how it works, since such encoding would have to be deterministic.

    Reply View 0 replies