{"id":13480923,"url":"https://github.com/adamyaxley/Obfuscate","last_synced_at":"2025-03-27T11:31:09.776Z","repository":{"id":37422099,"uuid":"110834645","full_name":"adamyaxley/Obfuscate","owner":"adamyaxley","description":"Guaranteed compile-time string literal obfuscation header-only library for C++14","archived":false,"fork":false,"pushed_at":"2024-07-10T10:51:51.000Z","size":66,"stargazers_count":1139,"open_issues_count":3,"forks_count":179,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-25T07:09:26.015Z","etag":null,"topics":["cpp14","cpp17","embedded-string-literals","header-only","obfuscate","obfuscate-strings","obfuscation","string","string-literals","string-obfuscation"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adamyaxley.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-15T13:08:16.000Z","updated_at":"2025-03-24T17:53:21.000Z","dependencies_parsed_at":"2024-02-11T06:21:49.772Z","dependency_job_id":"b45858ba-d03f-4753-8bef-da5e7a97cc79","html_url":"https://github.com/adamyaxley/Obfuscate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamyaxley%2FObfuscate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamyaxley%2FObfuscate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamyaxley%2FObfuscate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adamyaxley%2FObfuscate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adamyaxley","download_url":"https://codeload.github.com/adamyaxley/Obfuscate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245836064,"owners_count":20680312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp14","cpp17","embedded-string-literals","header-only","obfuscate","obfuscate-strings","obfuscation","string","string-literals","string-obfuscation"],"created_at":"2024-07-31T17:00:46.595Z","updated_at":"2025-03-27T11:31:09.746Z","avatar_url":"https://github.com/adamyaxley.png","language":"C++","readme":"**[Source available on GitHub](https://github.com/adamyaxley/Obfuscate)**\n\n# Obfuscate\nGuaranteed compile-time string literal obfuscation header-only library for C++14.\n\n## Quick start guide\n1. Copy `obfuscate.h` into your project\n2. Wrap strings with `AY_OBFUSCATE(\"My String\")`\n\nNow your project will not expose those strings in plain text in the binary image.\n\n_Note that these strings will still be accessible to determined hackers. Using obfuscation to hide private passwords or any other security sensitive strings is not recommended by the author._\n\n## Whats the problem?\nWhen plain text string literals are used in C++ programs, they will be compiled as-is into the resultant binary. This causes them to be incredibly easy to find. One can simply open up the binary file in a text editor to see all of the embedded string literals in plain view. A special utility called [strings](https://en.wikipedia.org/wiki/Strings_(Unix)) exists which can be used to search binary files for plain text strings.\n\n## What does this library do?\nThis header-only library seeks to make it difficult (but not impossible) for embedded string literals in binary files to be found by encrypting them with an XOR cipher at compile-time using a constant expression, forcing the compiler to _work with_ the encrypted string instead of the plain text literal. Usage of `AY_OBFUSCATE` additionally removes the need for a const pointer to the string, which more often than not (for small strings) convinces the compiler to inline the encrypted string, building it up at runtime in a series of assembly operations, protecting the binary image against simple XOR decryption attacks. Encrypted strings will then be decrypted at runtime to be utilised within the program.\n\n### Technical features\n* _Guaranteed compile-time obfuscation_ - the string is compiled with a constexpr expression.\n* _Global lifetime (per-thread)_ - the obfuscated string is stored in a thread local variable in a unique lambda.\n* _Implicitly convertible to a char*_ - easy to integrate into existing codebases.\n* _Random 64-bit key_ - obfusated with a random key each time.\n\nBy simply wrapping your string literal `\"My String\"` with `AY_OBFUSCATE(\"My String\")` it will be encrypted at compile time with a random 64 bit key and stored in an `ay::obfuscated_data` object which you can manipulate at runtime. For convenience it is also implicitly convertable to a `char*`.\n\nFor example, the following program will not store the string \"Hello World\" in plain text anywhere in the compiled executable.\n```c++\n#include \"obfuscate.h\"\n\nint main()\n{\n    std::cout \u003c\u003c AY_OBFUSCATE(\"Hello World\") \u003c\u003c std::endl;\n    return 0;\n}\n```\n\n### Examples of usage\nBecause the obfuscated string that is generated by `AY_OBFUSCATE` has global lifetime per-thread, it is completely fine to also use it in both a local and a temporary context.\n```c++\nchar* var = AY_OBFUSCATE(\"string\");\nconst char* var = AY_OBFUSCATE(\"string\");\nstatic const char* var = AY_OBFUSCATE(\"string\");\nstd::string var(AY_OBFUSCATE(\"string\"));\nfunction_that_takes_char_pointer(AY_OBFUSCATE(\"string\"));\n```\n\n### Thread safety\nThis library can be used in a multi-threaded environment only if `AY_OBFUSCATE` is used in a local context per thread. This is because the obfuscated string is internally stored with `thread_local` storage. The following usage is supported:\n\n```c++\nvoid fun()\n{\n    auto var = AY_OBFUSCATE(\"Thread Safe\");\n    var.decrypt();\n    std::cout \u003c\u003c var \u003c\u003c std::endl;\n    var.encrypt();\n}\n\nint main()\n{\n    std::thread thread1(fun);\n    std::thread thread2(fun);\n\n    thread1.join();\n    thread2.join();\n    return 0;\n}\n```\n\nConversely, sharing an obfuscated string returned from `AY_OBFUSCATE` between multiple threads is *not* supported. In this case you must put locks in appropriate places in your code to ensure that only one thread accesses it at a time. The following usage is *not* supported:\n\n```c++\nint main()\n{\n    for (size_t i = 0; i \u003c 1000; i++)\n    {\n        auto var = AY_OBFUSCATE(\"NOT Thread Safe\");\n        var.decrypt();\n        \n        std::thread thread([\u0026var]() {\n            std::cout \u003c\u003c var \u003c\u003c std::endl;\n        });\n        \n        // We are encrypting the string here, but outputting it in\n        // another thread at the same time. This will not work.\n        var.encrypt();\n\n        thread.join();\n    }\n    return 0;\n}\n```\n\n## Binary file size overhead\nThis does come at a small cost. In a very naive login program, which obfuscates two strings (username and password) the following binary file bloat exists.\n\n| Config | Plain string literals | Obfuscated strings | Bloat |\n|:------:|:---------------------:|:------------------:|:-----:|\n| Release | 18944 | 21504 | 2560 (13.5%) |\n| Debug | 95232 | 101888 | 6656 (7.0%) |\n\nThis output is generated by running test_bloat.py\n","funding_links":[],"categories":["C++"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadamyaxley%2FObfuscate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadamyaxley%2FObfuscate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadamyaxley%2FObfuscate/lists"}