Design and usage of the memfrob function

Question

From the man page of memfrob:

void *memfrob(void *s, size_t n);
The memfrob() function encrypts the first n bytes of the memory area s by exclusive-ORing each character with the number 42. The effect can be reversed by using memfrob() on the encrypted memory area.

Note that this function is not a proper encryption routine as the XOR constant is fixed, and is only suitable for hiding strings.

I have the following questions regarding the memfrob function:

Why is the XORing done with number 42?
Is there any reason why XOR constant is fixed and why the designers of memfrob did not leave choice of the constant to the user?
In what sense is it suitable for hiding strings? Since it can be reversed and therefore shouldn't be used in applications where encryption is important, what it is used for on practice?

It would be good to know the reasons for downvoting this question. — syntagma, Nov 29 '14 at 22:33
2) decryption if so can give a key is also easier to use it. — BLUEPIXY, Nov 29 '14 at 22:38
@BLUEPIXY 0 would be an exceptionally bad key as this would make `memfrob()` equal to a no-op. — fuz, Nov 29 '14 at 22:44
It's other purpose is to provide an example of an involution during job interviews when asked to solve fn(fn(x)) = x. — mckenzm, Apr 29 '20 at 07:18

score 12 · Accepted Answer · edited Dec 01 '22 at 09:05

The purpose of memfrob() (if you want to call that a purpose) is to hide strings so you don't see them when you run strings. This might be useful when your binary contains plaintext passwords and you want to stop nosey people from finding out what these passwords are. Of course, it's not hard to crack XOR-by-42, but it's better than nothing.

The number to XOR with can be arbitrary but it needs to stay constant over successive releases of the glibc so code that relies on the number being 42 doesn't break.

Some people consider memfrob() to be a joke function, but I am not sure if this is really the case. None the less, you should not use it because it isn't a standard function (and thus not available on non-glibc platforms) and because obfuscation is not a substitute for proper security.

The joke of it is that it is the meaning of Life. It's similar to rot-13 in that it's a most trivial encryption and running it again restores the string. Rot-13 doesn't do anything to spaces in the plaintext while memfrob has the odd result of swapping spaces and line feeds:

space = 100000 (32), 42 = 101010, 32^42 = 001010 (10 = LF, and 10^42 back to 32)

While these obfuscate they are poor encryption because they can be recognized just by looking at the result: lots of r's and n's then it's rot13; lots of CRs, \ and ^ then memfrob.

score 0 · Answer 2 · answered Jan 01 '17 at 16:44

0

Using memfrob() to encrypt / decrypt your password in memory is not good at all. As mentioned above this function gets processed in the memory of the system. When one uses a simple debugger like gdb for example and putting a breakpoint on the memfrob() function the values can easily be read.

answered Jan 01 '17 at 16:44

r-d-r-b-3

325
2
11

XOR is cheap and reversible just as cheaply. You could invert data or swap bits, but you would use more cycles. The application of the function should be used judiciously. – mckenzm Apr 29 '20 at 07:22

Design and usage of the memfrob function

2 Answers2