2

My c++ application use some "text files", theses files are very important and I need to protect their content to be viewed/decrypted/extracted/dissassembled...

Also, if possible I would like to embed them in the DLL/EXE

Can you tell me if there is a way to achieve this? The code must be portable if possible!

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Spectral
  • 717
  • 2
  • 12
  • 28

1 Answers1

5

The problem with embedded content is that you can only obfuscate it. Imagine that you encrypt the text files with some key; now you must distribute the decryption key with the executable so that it can read the files. OK, but now whoever extracts the text files can also extract the key...

  • Unless, of course, they can be transmitted encrypted to a server under your control. – Matthieu M. Jan 05 '11 at 10:40
  • 2
    @Matthieu: at which point, the 'attacker' waits for the clear content to appear in the app and dumps the memory. –  Jan 05 '11 at 10:47
  • I have already this to theses solutions, but user can run the app without internet too. For now, the file-encryption sounds to be the best approach, even if it is not perfect. – Spectral Jan 05 '11 at 11:18
  • @Graham Lee: no. The point was that the application may never have to know of the decrypted form. Think of some kind of certificate for example, only the server need check the certificate, so the application can simply pass it on encrypted. – Matthieu M. Jan 05 '11 at 13:02
  • But I can't have any server ! And I need a way for my application to have a "unencrypted" version of the file ! Also, it is not a "security" application. But it will be fine if I can protect this "file" in some way ! – Spectral Jan 05 '11 at 13:40
  • @Matthieu: if the application doesn't need to see the text files, then the questioner doesn't have the problem in the question and we don't need to solve it. I merely assumed that the question was asked because a solution was required ;) –  Jan 05 '11 at 13:57
  • Of course :-) In fact the text file contains some "code" that I would like to protect. – Spectral Jan 05 '11 at 14:33
  • @user346113 the easiest way to protect your algorithms is to keep them away from the users - that means they have to access them via a server. You said you can't have a server, but you may need to re-think your architecture. –  Jan 05 '11 at 15:25
  • No no... it is a request from the customer, due to their Internet policy. So I CAN'T have a server :-( – Spectral Jan 05 '11 at 16:00
  • 1
    The OP is right. You can't do what your asking in any meaningful way. The application is run by the user and so it effectively *is* the user. If the app can see the content, then the user can too. – Pat Notz Jan 05 '11 at 21:50
  • Of course, but then... how can I embed this "text files" into my application ? In a portable way ? – Spectral Jan 06 '11 at 06:54