Jef Poskanzer <jef@ee.lbl.gov> writes: When rtm used this technique in his worm I'm sure a lot of people, such as myself, spent the five minutes necessary to hack up a program that tries XORing the input with all 256 possible bytes. I had the program pipe the output of each try through strings and wc, to check whether any significant text was uncovered. Only 0x00 and the single now-forgotten value he used got hits - no second XOR value.
Yes, I did too -- it was 0x81. I think my message of worm passwords was the first to make it out, along with my Perl script to try out your own password file. Yes, Perl was already around. What method you use in your program depends on your model of your opponent. If it's somebody only mildly interested, flipping the bits is fine. For a slightly higher level of anxiety, you could use Vigenere-like stuff -- XORing with a short key (8 bytes at a time with long longs if you're in gcc, for example), or use a longer key and restart now and then (interrupted key). For the next higher level, you might use DES and hide the key in your data, making them disassemble it. Next step... make your code obscure. After that... hardware. You might want to study some virus code to see how they try to thwart disassemblers and debuggers. YMMV. Jim Gillogly Mersday, 30 Foreyule S.R. 1994, 02:06