DEV Community

Discussion on: How to encrypt strings & files in your source code?

Collapse
 
bartosz profile image
Bartosz Wójcik • Edited

Most common usage is to hide messages you don't want people to find with a simple text editor or a hex-editor, but you can do more:

  • Quickly encrypt file contents of your own and NOT do it with simple xor encryption (you will have to write an encryptor yourself anyway)
  • Encrypt secret API endpoints (e.g. in Python code that will be compiled to exe format afterward
  • Obfuscate JS strings
  • Encrypt C/C++ strings used in some licensing code, I've seen this countless times ("Your license has expired.", "Serial number is invalid" etc.)
  • Encrypt shellcode strings in Python exploits

This engine is incorporated into a few source code obfuscators too to hide the strings and make it hard for automated tools to deobfuscate it.

Collapse
 
moopet profile image
Ben Sinclair

Encrypting endpoints sounds like a bad idea to me. It's security through obfuscation, which is defeated by either sniffing the network traffic or running a debugger. If someone's prepared to look through your code to find an API endpoint, they're not going to be put off by that sort of thing, and hiding API endpoints sounds like a recipe for disaster - at the very least it implies that your API is insecure.

"obfuscare js strings" is a weird one. Malware does that, but I can't think of any legitimate reason a programmer would want to do it. Is this mainly a tool pitched at malware authors?

Thread Thread
 
bartosz profile image
Bartosz Wójcik

I have listed a good number of legitimate uses, why you didn't comment on those at all? You don't think there is a legitimate case for encrypting files or messages within your source codes? This tool is mainly dedicated to regular software developers who might need a simple encryption to hide stuff from prying eyes. If you think there is no point in doing that - you have the right to your own opinion.