Skip to content

Instantly share code, notes, and snippets.

@sfider
Last active February 28, 2020 07:46
Show Gist options
  • Save sfider/3072633 to your computer and use it in GitHub Desktop.
Save sfider/3072633 to your computer and use it in GitHub Desktop.
Objective-C macro for hiding (encrypting) strings in compiled binaries.
//
// LOOCryptString.h
//
// Created by Marcin Swiderski on 6/8/12.
// Copyright (c) 2012 Marcin Swiderski. All rights reserved.
//
// This software is provided 'as-is', without any express or implied
// warranty. In no event will the authors be held liable for any damages
// arising from the use of this software.
//
// Permission is granted to anyone to use this software for any purpose,
// including commercial applications, and to alter it and redistribute it
// freely, subject to the following restrictions:
//
// 1. The origin of this software must not be misrepresented; you must not
// claim that you wrote the original software. If you use this software
// in a product, an acknowledgment in the product documentation would be
// appreciated but is not required.
// 2. Altered source versions must be plainly marked as such, and must not be
// misrepresented as being the original software.
// 3. This notice may not be removed or altered from any source distribution.
//
//
// USAGE: To hide the string you just have to surround it with a macro like this:
//
// NSString *secret = LOO_CRYPT_STR_N("A7LZ14F88Y", 10);
//
// Remember to use C-sting, because NSString literals cannot be processed in compile time.
//
// IMPORTANT: Works with -Os (Fastest, Smallest) optimization level.
// __str - C-string.
// __n - Number of characters in string (without trailing \0 character).
#define LOO_CRYPT_STR_N(__str, __n) LOODecrypStrN((const unsigned char []){ LOO_ENCRYPT_STR_TO_CHAR_##__n(__str) }, __n + 1)
// This is not very good encryption macro. You should change it for something stronger probably.
#define LOO_ENCRYPT_STR_CHAR_AT(__str, __i) ((unsigned char)(__str[__i]) ^ 0xFF)
// This must match LOO_ENCRYPT_STR_CHAR_AT.
NSString *LOODecrypStrN(const unsigned char encStr[], size_t n);
#define LOO_ENCRYPT_STR_TO_CHAR_0(__str) LOO_ENCRYPT_STR_CHAR_AT(__str, 0)
#define LOO_ENCRYPT_STR_TO_CHAR_1(__str) LOO_ENCRYPT_STR_TO_CHAR_0(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 1)
#define LOO_ENCRYPT_STR_TO_CHAR_2(__str) LOO_ENCRYPT_STR_TO_CHAR_1(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 2)
#define LOO_ENCRYPT_STR_TO_CHAR_3(__str) LOO_ENCRYPT_STR_TO_CHAR_2(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 3)
#define LOO_ENCRYPT_STR_TO_CHAR_4(__str) LOO_ENCRYPT_STR_TO_CHAR_3(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 4)
#define LOO_ENCRYPT_STR_TO_CHAR_5(__str) LOO_ENCRYPT_STR_TO_CHAR_4(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 5)
#define LOO_ENCRYPT_STR_TO_CHAR_6(__str) LOO_ENCRYPT_STR_TO_CHAR_5(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 6)
#define LOO_ENCRYPT_STR_TO_CHAR_7(__str) LOO_ENCRYPT_STR_TO_CHAR_6(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 7)
#define LOO_ENCRYPT_STR_TO_CHAR_8(__str) LOO_ENCRYPT_STR_TO_CHAR_7(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 8)
#define LOO_ENCRYPT_STR_TO_CHAR_9(__str) LOO_ENCRYPT_STR_TO_CHAR_8(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 9)
#define LOO_ENCRYPT_STR_TO_CHAR_10(__str) LOO_ENCRYPT_STR_TO_CHAR_9(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 10)
#define LOO_ENCRYPT_STR_TO_CHAR_11(__str) LOO_ENCRYPT_STR_TO_CHAR_10(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 11)
#define LOO_ENCRYPT_STR_TO_CHAR_12(__str) LOO_ENCRYPT_STR_TO_CHAR_11(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 12)
#define LOO_ENCRYPT_STR_TO_CHAR_13(__str) LOO_ENCRYPT_STR_TO_CHAR_12(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 13)
#define LOO_ENCRYPT_STR_TO_CHAR_14(__str) LOO_ENCRYPT_STR_TO_CHAR_13(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 14)
#define LOO_ENCRYPT_STR_TO_CHAR_15(__str) LOO_ENCRYPT_STR_TO_CHAR_14(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 15)
#define LOO_ENCRYPT_STR_TO_CHAR_16(__str) LOO_ENCRYPT_STR_TO_CHAR_15(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 16)
#define LOO_ENCRYPT_STR_TO_CHAR_17(__str) LOO_ENCRYPT_STR_TO_CHAR_16(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 17)
#define LOO_ENCRYPT_STR_TO_CHAR_18(__str) LOO_ENCRYPT_STR_TO_CHAR_17(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 18)
#define LOO_ENCRYPT_STR_TO_CHAR_19(__str) LOO_ENCRYPT_STR_TO_CHAR_18(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 19)
#define LOO_ENCRYPT_STR_TO_CHAR_20(__str) LOO_ENCRYPT_STR_TO_CHAR_19(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 20)
#define LOO_ENCRYPT_STR_TO_CHAR_21(__str) LOO_ENCRYPT_STR_TO_CHAR_20(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 21)
#define LOO_ENCRYPT_STR_TO_CHAR_22(__str) LOO_ENCRYPT_STR_TO_CHAR_21(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 22)
#define LOO_ENCRYPT_STR_TO_CHAR_23(__str) LOO_ENCRYPT_STR_TO_CHAR_22(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 23)
#define LOO_ENCRYPT_STR_TO_CHAR_24(__str) LOO_ENCRYPT_STR_TO_CHAR_23(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 24)
#define LOO_ENCRYPT_STR_TO_CHAR_25(__str) LOO_ENCRYPT_STR_TO_CHAR_24(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 25)
#define LOO_ENCRYPT_STR_TO_CHAR_26(__str) LOO_ENCRYPT_STR_TO_CHAR_25(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 26)
#define LOO_ENCRYPT_STR_TO_CHAR_27(__str) LOO_ENCRYPT_STR_TO_CHAR_26(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 27)
#define LOO_ENCRYPT_STR_TO_CHAR_28(__str) LOO_ENCRYPT_STR_TO_CHAR_27(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 28)
#define LOO_ENCRYPT_STR_TO_CHAR_29(__str) LOO_ENCRYPT_STR_TO_CHAR_28(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 29)
#define LOO_ENCRYPT_STR_TO_CHAR_30(__str) LOO_ENCRYPT_STR_TO_CHAR_29(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 30)
#define LOO_ENCRYPT_STR_TO_CHAR_31(__str) LOO_ENCRYPT_STR_TO_CHAR_30(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 31)
#define LOO_ENCRYPT_STR_TO_CHAR_32(__str) LOO_ENCRYPT_STR_TO_CHAR_31(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 32)
#define LOO_ENCRYPT_STR_TO_CHAR_33(__str) LOO_ENCRYPT_STR_TO_CHAR_32(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 33)
#define LOO_ENCRYPT_STR_TO_CHAR_34(__str) LOO_ENCRYPT_STR_TO_CHAR_33(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 34)
#define LOO_ENCRYPT_STR_TO_CHAR_35(__str) LOO_ENCRYPT_STR_TO_CHAR_34(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, 35)
// Need more? Type (or better automatically generate) it yourself ;)
//
// LOOCryptString.m
//
// Created by Marcin Swiderski on 6/8/12.
// Copyright (c) 2012 Marcin Swiderski. All rights reserved.
//
// This software is provided 'as-is', without any express or implied
// warranty. In no event will the authors be held liable for any damages
// arising from the use of this software.
//
// Permission is granted to anyone to use this software for any purpose,
// including commercial applications, and to alter it and redistribute it
// freely, subject to the following restrictions:
//
// 1. The origin of this software must not be misrepresented; you must not
// claim that you wrote the original software. If you use this software
// in a product, an acknowledgment in the product documentation would be
// appreciated but is not required.
// 2. Altered source versions must be plainly marked as such, and must not be
// misrepresented as being the original software.
// 3. This notice may not be removed or altered from any source distribution.
//
#import "LOOCryptString.h"
NSString *LOODecrypStrN(const unsigned char encStr[], size_t n) {
char *buf = [[NSMutableData dataWithLength:n] mutableBytes];
for (NSInteger i = 0; i != n; ++i) {
buf[i] = encStr[i] ^ 0xFF;
}
return [NSString stringWithCString:buf encoding:NSASCIIStringEncoding];
}
@maxisme
Copy link

maxisme commented Feb 15, 2018

Hello, I am looking for a way to make sure that my clients are only communicating to my server through my macOS app. My idea is to use the code above to hide a large string and then POST this to my server over https which also knows this large string. Is this a good way to do this or is it likely that the output of LOODecrypStrN will be accessible when passed to an NSDictionary at upload or another time?

@guruz
Copy link

guruz commented Aug 13, 2018

for i in `seq 255` ; do echo "#define LOO_ENCRYPT_STR_TO_CHAR_${i}(__str) LOO_ENCRYPT_STR_TO_CHAR_`expr $i - 1`(__str), LOO_ENCRYPT_STR_CHAR_AT(__str, $i)" ; done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment