I would like to introduce you to my Visual Studio Code extension - StringEncrypt. I've been working last week to make it work and I really enjoyed discovering Visual Studio Code ecosystem and its extensions API.
StringEncrypt Extension for Visual Studio Code
Encrypt and hide plain text strings & files contents within your source code in a secure & encrypted form with the help of a polymorphic engine, generating random-looking decryption code every time.
https://marketplace.visualstudio.com/items?itemName=PELock.stringencrypt
What it does?
It can turn your plain text strings or file contents into a random-looking encrypted mess. Take a look.
Before:
var superSecretPhrase = "Easy string encryption for developers!";
After StringEncrypt:
// encrypted with https://www.stringencrypt.com (v1.4.0) [JavaScript]
// superSecretPhrase = "Easy string encryption for developers!"
var superSecretPhrase = "</span>uBF59</span>uC4DE</span>uE963</span>uF128</span>uE48D</span>u0172</span>u0917</span>uF2DC" +
"</span>uFB41</span>u0A66</span>u0BCB</span>u1CF0</span>u1C95</span>u23BA</span>u2B5F</span>u3A44" +
"</span>u5929</span>u430E</span>u6953</span>u5378</span>u623D</span>u63A2</span>u74E7</span>u74AC" +
"</span>u8251</span>u8A37</span>u943C</span>u94C1</span>u9CE6</span>u830B</span>uACF0</span>uB3D5" +
"</span>uC23A</span>uCA5F</span>uCC44</span>uDA69</span>uBB0E</span>uEDD3";
for (var rOnpR = 0, FiuqR = 0; rOnpR < 38; rOnpR++)
{
FiuqR = superSecretPhrase.charCodeAt(rOnpR);
FiuqR -= rOnpR;
FiuqR ^= 0xFFFF;
FiuqR += 0x82A3;
FiuqR = ((FiuqR << 5) | ( (FiuqR & 0xFFFF) >> 11)) & 0xFFFF;
FiuqR += 0xE87C;
FiuqR += rOnpR;
FiuqR -= 0x7CB9;
FiuqR = (((FiuqR & 0xFFFF) >> 7) | (FiuqR << 9)) & 0xFFFF;
FiuqR ^= 0x4928;
FiuqR += rOnpR;
FiuqR --;
FiuqR ^= 0xFC14;
FiuqR -= 0x406C;
FiuqR = (((FiuqR & 0xFFFF) >> 3) | (FiuqR << 13)) & 0xFFFF;
superSecretPhrase = superSecretPhrase.substr(0, rOnpR) + String.fromCharCode(FiuqR & 0xFFFF) + superSecretPhrase.substr(rOnpR + 1);
}
How to use it in Visual Studio Code?
StringEncrypt is available as an extension to the context menu activated with a right-mouse click on the active editor window.
1. Insert Encrypted String
- Open the right-click menu in the active editor window
- Click on the Insert Encrypted String
- A dialog box will ask you to enter the string label e.g. encryptedStringLabel
- A second dialog box will ask you to enter the string to be encrypted e.g. "Hello, world!" (enter it without the quotes)
Note: In demo mode, label and an encrypted string length is only 6 characters max.
2. Encrypt Selected String
- Select any text in the active editor window (we recommend entering it on a new line)
- Open the right-click menu in the active editor window
- Click on the Encrypt Selected String
- A dialog box will ask you to enter the string label e.g. encryptedStringLabel
Note: This menu option is shown only if you select a string in your active editor window.
3. Insert Encrypted File
- Open the right-click menu in the active editor window
- Click on the Insert Encrypted File
- A dialog box will ask you to select a file for encryption (it can be a binary file or a text file)
- A second dialog box will ask you to enter the string label e.g. encryptedStringLabel
Note: This option is available only in the full version.
Say hello to polymorphic encryption!
Forget about simple xor encryption! StringEncrypt comes with a unique encryption engine.
It's a polymorphic encryption engine, similar to the encryption methods used by the software protection solutions and advanced computer viruses.
How it works?
Let me explain how the polymorphic encryption process works.
- A random set of encryption commands is selected (
xor,addition,subtraction,bit rotations,bit shifts,logical negationetc.). - A random set of helper
encryption keysis generated. - Every byte of the input string is encrypted with every encryption command in the random set.
- The decryption code in the selected programming language is generated with a reverse set of encryption commands.
More about polymorphic engines:
- How to build a polymorphic engine in C++ - https://www.pelock.com/articles/polymorphic-encryption-algorithms
- Polymorphic engine in 32-bit MASM assembler - https://github.com/PELock/Simple-Polymorphic-Engine-SPE32
- Poly Polymorphic Engine - https://www.pelock.com/products/poly-polymorphic-engine
What does it mean?
The encrypted content is different every time you apply StringEncrypt encryption to it.
The algorithm is always unique, the encryption keys are always randomly selected and the decryption code is also unique for every time you use our encryption.
Features
- Out of box support for
UNICODE(WideChar type inC/C++languages),UTF-8(multibyte) &ANSI(single byte) strings encodings - Configurable minimum & maximum number of encryption commands
- Different ways to store the encrypted string (as a
globalorlocalvariable if the selected programming language supports it) - Wide array of supported programming languages
- You can automate the encryption process in your builds using our
WebAPIinterface
Supported programming languages
StringEncrypt engine supports code generation for the following programming languages:
- C & C++
- C# (C Sharp for .NET)
- Visual Basic .NET (VB.NET)
- Delphi / Pascal
- Java
- JavaScript
- Python
- Ruby
- AutoIt
- Powershell
- Haskell
- MASM assembler
- FASM assembler
Note: Visual Studio Code might not support some of the listed languages by default, you might install the extension first to support it (e.g. for Python), but you can always use our online interface to encrypt strings for it anyway.
Available editions
StringEncrypt can be used:
- Directly on its website - https://www.stringencrypt.com/
- You can download standalone Windows client - https://www.stringencrypt.com/download/
- You can use it via WebAPI interface (from
PHP&Python) - https://www.stringencrypt.com/api/ - ...and now also as a Visual Studio Code extension - https://marketplace.visualstudio.com/items?itemName=PELock.stringencrypt
Extension settings
You can fine-tune encryption settings in the extension Settings page.
Free demo version limitations
The free demo version comes with some limitations.
| Feature | Demo version | Full version |
|---|---|---|
| String encryption | ✅ | ✅ |
| File encryption (text or binary file) | ❌ | ✅ |
| Max. label length (characters) | 10 |
64 |
| Max. string length (characters) | 10 |
4096 |
| Max. file length (bytes) | — | 4 MB |
| Min. number of encryption commands | 3 |
50 |
| Max. number of encryption commands | 3 |
50 |
Purchase activation code
To remove the limitations and support our project and its development, you need to buy an activation code at:
https://www.stringencrypt.com/buy/
You can enter the activation code in the extension settings page. Each activation code has an assigned number of usage credits. You can use the software in full version as many times as you have usage credits on your account balance.
How to get a free activation code?
You can get a free activation code (500 usage credits) if you can advertise StringEncrypt service with a link to the project site https://www.stringencrypt.com/ at:
- Programming forums
- Programming blogs
- Technical articles
- Twitter / Facebook / other social media site
- ...or any other website related to programming and development
Send me all the details at my contact address and if it's legit - bam!, you got yourself a free code :)
Free activation code for dev.to readers
Since this is the first release I would like to share this free activation code with dev.to readers:
E23B-FACD-1040-3833
It has 1234 usage credits, use it before others do :)
Top comments (15)
This software has nothing to do with the idea of open source (where did you see that?) or "turning off" source code to anyone. It's just a simple string and files encryption extension.
Can you think of any examples of where someone would want to do this in the real world?
Most common usage is to hide messages you don't want people to find with a simple text editor or a hex-editor, but you can do more:
xorencryption (you will have to write an encryptor yourself anyway)exeformat afterwardThis engine is incorporated into a few source code obfuscators too to hide the strings and make it hard for automated tools to deobfuscate it.
Encrypting endpoints sounds like a bad idea to me. It's security through obfuscation, which is defeated by either sniffing the network traffic or running a debugger. If someone's prepared to look through your code to find an API endpoint, they're not going to be put off by that sort of thing, and hiding API endpoints sounds like a recipe for disaster - at the very least it implies that your API is insecure.
"obfuscare js strings" is a weird one. Malware does that, but I can't think of any legitimate reason a programmer would want to do it. Is this mainly a tool pitched at malware authors?
I have listed a good number of legitimate uses, why you didn't comment on those at all? You don't think there is a legitimate case for encrypting files or messages within your source codes? This tool is mainly dedicated to regular software developers who might need a simple encryption to hide stuff from prying eyes. If you think there is no point in doing that - you have the right to your own opinion.
Malware authors do this all the time. Quite frustrating
Everyone is using encryption, in one form or another. I have seen many, many legit applications with encryption for simple messages, just to hide it from prying eyes. Encryption is used everywhere. To hide configuration settings, to hide database contents, to hide proprietary project formats. Most deployed JavaScript source codes on the web are either obfuscated (with some sort of encryption for strings and variables) or minified.
Most deployed Javascript is minified, not obfuscated.
Encryption is used mostly to secure communication between two parties or to restrict who can play your media (like DRM). I can't think of any use case for it in things like hiding configuration settings or database contents. The fact is, if your client-side code has to decrypt something, then the decrypted version exists on the client's computer, rendering the encryption moot.
Well Ben you didn't understand the purpose of this extension, it's not meant to replace traditional encryption algorithms like AES but to provide quick help for regular developers to hide simple things from curious users who might want to sniff around your source codes.
Encryption is used everywhere Ben. I did native, web, mobile development and everyone is using some forms of encryption. Communication channels encryption, messages encryption, database encryption (in automotive software for example), executables encryption to prevent cracking of software, configuration files encryption to prevent someone from tampering with the settings (a lot of games is doing that, also for static configurations), secret endpoints encryption, database connection strings encryption in desktop apps, static project files encryption to prevent patching it or easily stealing its content. Plenty of encryption everywhere.
Every decryption code gets executed at some point, no matter if you use AES, external DLL libraries in native apps or my solution.
It looks cool, but by the time someone has access to your source code, no encryption could save your secrets. If you really need to encrypt your secrets, use a dedicated secret manager (and probably fetch them over an encrypted channel).
That's not the point of this extension. The point is to quickly hide simple strings you don't want people to see with a text or hex editor like licensing system messages, secret API endpoints. Sure you can do it with a debugger, but people use simple encryption all the time, with this extension you can do it much faster without writing your own encryption code and decryption code, even a simple
xorencryption would require you to write a dedicated code. Now if you would like to do it for multiple programming languages you would have to write separate code generators or algorithms.How do you unencrypted the text/files?
It works like this Ian:
To get the Answer of solving simple Encryption of String in C++ Visit hecodesit.com/c-programming-soluti...
v1.0.1 has been released fixing missed dependencies.