How to hide from UNIX strings - obfuscate or hide a literal or constant?


 
Thread Tools Search this Thread
Top Forums Programming How to hide from UNIX strings - obfuscate or hide a literal or constant?
# 1  
Old 03-08-2014
How to hide from UNIX strings - obfuscate or hide a literal or constant?

Hi,

I need to somehow pipe the password to a command and run some SQL, for example, something like echo $password | sqlplus -s system @query01.sql

To make it not so obvious, I decided to try out writing a small C program that basically just do echo $password. So now I just do x9.out | sqlplus -s system@query01.sql.

I understand it still is not a secure thing to do as someone can just run x9.out and knows the password. Anyway, the intent is to make is less obvious that I am echo'ing a password so I am more than happy with that for the time being as a start.

The very, very simple C program is a below:

Code:
$ cat x9.c
#include <stdio.h>

int main()
{
    char array[20] = "hello";

    printf("%s",array);

    return 0;
}
$ cc -o x9.out x9.c
$ ./x9.out
hello$
$ strings x9.out
/lib64/ld-linux-x86-64.so.2
__gmon_start__
libc.so.6
printf
__libc_start_main
GLIBC_2.2.5
l$ L
t$(L
|$0H
hello

Unfortunately, as you can see if I do a strings of the x9.out file, it is quite obvious that the word hello stands out.

Can anyone please advise how I can somehow hide that word in the bushes Smilie?

For example, maybe I can do a printf of the ASCII values of the word so that if anyone do a strings of it, it shows number instead of words.

Finally, eventually, I would want to put something more into the code so that it will be an array that stores a list of username+password, so that if I do x9.out user01 it prints the password of user01, x9.out user02 prints the password of user02 and so on. It will probably be wise that it prompts for a username/password before it allows me to display the information.

BTW, it would be nice if I can put the whole "echo $password | sqlplus -s system" string into the C program so that I only do x9.out @query01.sql so it hides the username and password. I don't see how that they can be done, maybe one of the gurus can advice how to do that.

Anyway for now, I just want to know how to hide from UNIX strings :-)

Last edited by newbie_01; 03-08-2014 at 05:41 AM.. Reason: Adding more info
# 2  
Old 03-08-2014
How about read-protecting the pw for other users?
Code:
echo hello > pwfile
chmod 600 pwfile
sqlplus -s system@query01.sql < pwfile

# 3  
Old 03-08-2014
How about...
Code:
char array[20];

array[2] = 'l';
array[4] = 'o';
array[5] = (char)0;
array[1] = 'e';
array[3] = 'l';
array[0] = 'h';

Do that just immediately before you use it. Wipe it out immediately after use.
These 2 Users Gave Thanks to Perderabo For This Post:
# 4  
Old 03-08-2014
How about using shc - Script Compiler?

--ahamed
# 5  
Old 03-10-2014
Quote:
Originally Posted by Perderabo
How about...
Code:
char array[20];

array[2] = 'l';
array[4] = 'o';
array[5] = (char)0;
array[1] = 'e';
array[3] = 'l';
array[0] = 'h';

Do that just immediately before you use it. Wipe it out immediately after use. Do you mean do a array[]="" after I do the print?
Hi Perderabo,

Thanks as usual to be the first responder.

I am more or less using the one that you suggested. What do you mean by wipe it out immediately?

BTW, looking at one of your reply to Reading password and echo * character | Unix Linux Forums | Shell Programming and Scripting. If you don't mind me asking, if is possible for read to read a defined variable or does it always require a user intervention to provide an input?

Below is what I end up using.

Code:
#include <stdio.h>

// - UPPER CASE starts at 65
// - LOWER CASE starts at 97

int count;
char uc[26];
char lc[26];

char a, b, c, d, e, f;
char g, h, i, j, k, l;
char m, n, o, p, q, r;
char s, t, u, v, w, x;
char y, z;

//char word[100];
//char *word;

main()
{
   /* Print the numbers 1 through 20 */

   for ( count = 1; count <= 26; count++ )
   {
          // printf("%d :: %c :: %c \n", count, count+64, count+96);
          uc[count] = (char)count+64;
          lc[count] = (char)count+96;
   }

   // printf("\n ------------------------------------------ \n");

   // d=lc[4];
   // b=lc[2];
   // g=lc[7];
   // u=lc[21];
   // r=lc[18];
   // char word[]={ d, b, t, e, s, t };

   char word[]={ lc[4] , lc[2] , lc[20] , lc[5] , lc[19] , lc[20]  };

   //printf("%c%c%c%c%c%c",d,b,g,u,r,u);
   //printf("%c \n",u[26]);
   //printf("%c \n",l[26]);

   //#printf("%s",word);
   puts(word);
   return 0;
}

# 6  
Old 03-10-2014
Wipe it out means something like this:
Code:
array[0] = (char)0;
array[1] = (char)0;
array[2] = (char)0;
array[3] = (char)0;
array[4] = (char)0;
array[5] = (char)0;

No matter how it got there, after the string is built you have "hello" sitting in core. Don't let it sit for long.


I don't understand your second question at all. The whole purpose of that script is to read a password that a human types in. That is the only way to have true security. It is always possible to reverse engineer a program that secretly builds a password and discover what that password is.
# 7  
Old 03-10-2014
Quote:
Originally Posted by ahamed101
How about using shc - Script Compiler?

--ahamed
A few years back I tried to use it and it was awful. It did not support several advanced shell substitutions and arrays - Has it been improved lately?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Hide DB Credentials in unix

Hi, I my unix we have one file that contains all the database credentials. we are calling that file while connecting databse. I need to hide that file....other user should not view that file. How to do this. Please suggest me apart from permisstion(chmod) level suggestion. Regards,... (3 Replies)
Discussion started by: rsivasan
3 Replies

2. Shell Programming and Scripting

ls - hide permissions

I'm listing the files in a particular directory using the ls command... $ ls -ogh total 9.4G -rw-r--r-- 1 1.9G Nov 4 02:29 file1.tar -rw-r--r-- 1 1.9G Nov 11 03:11 file2.tar -rw-r--r-- 1 1.9G Nov 18 02:55 file3.tar -rw-r--r-- 1 1.9G Nov 25 03:11 file4.tar -rw-r--r-- 1 1.9G Dec 2 02:46... (3 Replies)
Discussion started by: cdunavent
3 Replies

3. Cybersecurity

how to Hide Passwords From UNIX ps Command

Hi, By reporting the process status with ps, any Unix user will see the command line arguments #ps -ef UID PID PPID C STIME TTY TIME CMD lsc 13837 13825 0 May 11 pts/17 0:01 -ksh oracle 4698 6294 0 12:00:40 ? 0:00 sqlplus -s system/manager appluser 4229 4062 0 12:00:03... (2 Replies)
Discussion started by: bhagirathi
2 Replies

4. Shell Programming and Scripting

Hide process

Hi friends, I want (a C++ code) to hide process in kernel 2.6, I don't want monitoring even in /proc. please help me. Regards, Eilya (3 Replies)
Discussion started by: Eilya
3 Replies

5. Shell Programming and Scripting

How to hide folders

hello everybody, i would like to hide visibility of the folders , i.e. not to giving any physically visibility to any users . Is there any way to do it other than changing the permission and adding "." post folder name . by changing the permission , we cann't do any activity , but have... (1 Reply)
Discussion started by: manas_ranjan
1 Replies

6. Shell Programming and Scripting

Want to hide password

All, In my script I am calling another script.. in that script I need to enter a password. Problem is that everyone is able to see the password when I enter that. Is there any way that when i enter that password it should not display or may look like *******. Or if there any other way that I... (1 Reply)
Discussion started by: arpitk
1 Replies

7. Shell Programming and Scripting

Hide a script ?

Hi all, i have a perl script for my users to run. My sys admin created an account for the users to log in and execute the script. They just type "perl myscript.pl" at the unix prompt to run it. Is there any way that i can hide my script? ,ie, do not allow my users to view the script. either... (5 Replies)
Discussion started by: new2ss
5 Replies

8. Shell Programming and Scripting

How to hide user inputted text for interactive unix shell script?

Hi everybody, Do you know how to hide the text for interactive unix shell script? Just like the case for inputting password during logon. Patrick (1 Reply)
Discussion started by: patrickpang
1 Replies

9. HP-UX

How to hide files in unix

Hi all I am new to unix...... i am working on HP-UX I like to know how to hide files and how to view hided files created by other users also please help me Sireesha (1 Reply)
Discussion started by: Sireesha NP
1 Replies

10. UNIX for Dummies Questions & Answers

Hide Directory name

Hello everyone, i am new to unix and still learning about different commands. Can some one tell me how can i hide my directory name. For instance someone is logged in a directory named $ . I've seen some people hiding their above path name by just one word or letter like $ in order to keep... (7 Replies)
Discussion started by: a25khan
7 Replies
Login or Register to Ask a Question