How difficult is to decompile C++ file?
up vote
9
down vote
favorite
I am writing an Android app with AES encryption and I am going to save AES key as a string to a C++ file with extension .cpp.
I am also going to create an iOS app which will use the same AES key. Is it possible to save the key in C++ file in iOS?
How difficult would it be to decompile the C++ file and read the key?
Here is the C++ file from Android:
#include <jni.h>
#include <string>
extern "C"
JNIEXPORT jstring JNICALL
Java_com_android_app_aesKeyFromJNI(JNIEnv *env, jobject /* this */) {
std::string secret = "somesecretkey";
return env->NewStringUTF(secret.c_str());
}
c++ android ios
edited yesterday
0xC0000022L♦
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
|
show 3 more comments
up vote
9
down vote
favorite
I am writing an Android app with AES encryption and I am going to save AES key as a string to a C++ file with extension .cpp.
I am also going to create an iOS app which will use the same AES key. Is it possible to save the key in C++ file in iOS?
How difficult would it be to decompile the C++ file and read the key?
Here is the C++ file from Android:
#include <jni.h>
#include <string>
extern "C"
JNIEXPORT jstring JNICALL
Java_com_android_app_aesKeyFromJNI(JNIEnv *env, jobject /* this */) {
std::string secret = "somesecretkey";
return env->NewStringUTF(secret.c_str());
}
c++ android ios
edited yesterday
0xC0000022L♦
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
14
A plain ascii string is anything but secret.
– joxeankoret
yesterday
5
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
1
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
1
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.
– Peter Cordes
yesterday
3
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday
|
show 3 more comments
up vote
9
down vote
favorite
up vote
9
down vote
favorite
I am writing an Android app with AES encryption and I am going to save AES key as a string to a C++ file with extension .cpp.
I am also going to create an iOS app which will use the same AES key. Is it possible to save the key in C++ file in iOS?
How difficult would it be to decompile the C++ file and read the key?
Here is the C++ file from Android:
#include <jni.h>
#include <string>
extern "C"
JNIEXPORT jstring JNICALL
Java_com_android_app_aesKeyFromJNI(JNIEnv *env, jobject /* this */) {
std::string secret = "somesecretkey";
return env->NewStringUTF(secret.c_str());
}
c++ android ios
edited yesterday
0xC0000022L♦
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am writing an Android app with AES encryption and I am going to save AES key as a string to a C++ file with extension .cpp.
I am also going to create an iOS app which will use the same AES key. Is it possible to save the key in C++ file in iOS?
How difficult would it be to decompile the C++ file and read the key?
Here is the C++ file from Android:
#include <jni.h>
#include <string>
extern "C"
JNIEXPORT jstring JNICALL
Java_com_android_app_aesKeyFromJNI(JNIEnv *env, jobject /* this */) {
std::string secret = "somesecretkey";
return env->NewStringUTF(secret.c_str());
}
c++ android ios
c++ android ios
edited yesterday
0xC0000022L♦
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
0xC0000022L♦
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
0xC0000022L♦
7,65142962
edited yesterday
0xC0000022L♦
7,65142962
edited yesterday
0xC0000022L♦
7,65142962
7,65142962
asked 2 days ago
Daniel Foo
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
Daniel Foo
4612
asked 2 days ago
Daniel Foo
4612
4612
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Daniel Foo is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
14
A plain ascii string is anything but secret.
– joxeankoret
yesterday
5
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
1
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
1
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.
– Peter Cordes
yesterday
3
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday
|
show 3 more comments
14
A plain ascii string is anything but secret.
– joxeankoret
yesterday
5
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
1
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
1
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.
– Peter Cordes
yesterday
3
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday
14
14
A plain ascii string is anything but secret.
– joxeankoret
yesterday
A plain ascii string is anything but secret.
– joxeankoret
yesterday
5
5
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
1
1
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
1
1
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this
.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.– Peter Cordes
yesterday
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this
.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.– Peter Cordes
yesterday
3
3
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday
|
show 3 more comments
2 Answers
2
active
oldest
votes
up vote
20
down vote
Not hard enough!
First of all, if you save the key as a non-encrypted string, a simple strings command will find it and IDA x-ref will even show the reverser where it's used.
If you save the key encrypted, a simple breakpoint will let them see the decrypted password. (or understanding the decryption algorithm).
edited yesterday
0xC0000022L♦
7,65142962
answered 2 days ago
Amirag
62117
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
add a comment |
up vote
13
down vote
A plain text string like this will be visible by looking at the file in a hex editor (like hte or a viewer like xxd or od) or with the Sysinternals strings command or with strings(1) on a Linux/FreeBSD etc, for example. Most reverse engineering tools have a separate view for strings, because those are usually exceptionally useful to reverse engineers. Amirag already pointed that out for IDA.
In terms of Android that C++ file is likely going to end up as a shared object in ELF file format. These are binary files with a known structure. Simply by looking at the exported functions/symbols, it will be trivial to find the "secret". Even if you were to obfuscate this further, it would still not help. Obfuscation is security through obscurity. It's not actual security. So even writing that string as some xor-ed array of bytes or using the Caesar cipher will add no tangible protection if that's the goal.
Furthermore you should never ever include the private key in code that ends up with the user. The reason why it's called a secret is because it should be kept secret. Just "mangling" the representation of this secret with a compiler isn't going to help at all.
If it's a secret the user shouldn't see, this belongs on the server-side or into a HSM (hardware security module), but not on the user's machine in any form. There is no other way to reconcile mistrusting the user and at the same time placing "secrets" into the user's hands. It's the fundamental conundrum of software protection mechanisms also.
answered yesterday
0xC0000022L♦
7,65142962
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
20
down vote
Not hard enough!
First of all, if you save the key as a non-encrypted string, a simple strings command will find it and IDA x-ref will even show the reverser where it's used.
If you save the key encrypted, a simple breakpoint will let them see the decrypted password. (or understanding the decryption algorithm).
edited yesterday
0xC0000022L♦
7,65142962
answered 2 days ago
Amirag
62117
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
add a comment |
up vote
20
down vote
Not hard enough!
First of all, if you save the key as a non-encrypted string, a simple strings command will find it and IDA x-ref will even show the reverser where it's used.
If you save the key encrypted, a simple breakpoint will let them see the decrypted password. (or understanding the decryption algorithm).
edited yesterday
0xC0000022L♦
7,65142962
answered 2 days ago
Amirag
62117
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
add a comment |
up vote
20
down vote
up vote
20
down vote
Not hard enough!
First of all, if you save the key as a non-encrypted string, a simple strings command will find it and IDA x-ref will even show the reverser where it's used.
If you save the key encrypted, a simple breakpoint will let them see the decrypted password. (or understanding the decryption algorithm).
edited yesterday
0xC0000022L♦
7,65142962
answered 2 days ago
Amirag
62117
Not hard enough!
First of all, if you save the key as a non-encrypted string, a simple strings command will find it and IDA x-ref will even show the reverser where it's used.
If you save the key encrypted, a simple breakpoint will let them see the decrypted password. (or understanding the decryption algorithm).
edited yesterday
0xC0000022L♦
7,65142962
answered 2 days ago
Amirag
62117
edited yesterday
0xC0000022L♦
7,65142962
edited yesterday
0xC0000022L♦
7,65142962
edited yesterday
0xC0000022L♦
7,65142962
7,65142962
answered 2 days ago
Amirag
62117
answered 2 days ago
Amirag
62117
answered 2 days ago
Amirag
62117
62117
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
add a comment |
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
"or understanding the decryption algorithm" Shouldn't be understanding the algorithm be irrelevant to breaking it? At least in well-designed encryption I thought that was kind of a design standard
– Hobbamok
yesterday
3
3
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
@Hobbamok My point was that if you return the secret, you need to decrypt it. The algorithm and password for the decryption will be written. A reverser could simply extract those and decrypt yhe original secret
– Amirag
yesterday
add a comment |
up vote
13
down vote
A plain text string like this will be visible by looking at the file in a hex editor (like hte or a viewer like xxd or od) or with the Sysinternals strings command or with strings(1) on a Linux/FreeBSD etc, for example. Most reverse engineering tools have a separate view for strings, because those are usually exceptionally useful to reverse engineers. Amirag already pointed that out for IDA.
In terms of Android that C++ file is likely going to end up as a shared object in ELF file format. These are binary files with a known structure. Simply by looking at the exported functions/symbols, it will be trivial to find the "secret". Even if you were to obfuscate this further, it would still not help. Obfuscation is security through obscurity. It's not actual security. So even writing that string as some xor-ed array of bytes or using the Caesar cipher will add no tangible protection if that's the goal.
Furthermore you should never ever include the private key in code that ends up with the user. The reason why it's called a secret is because it should be kept secret. Just "mangling" the representation of this secret with a compiler isn't going to help at all.
If it's a secret the user shouldn't see, this belongs on the server-side or into a HSM (hardware security module), but not on the user's machine in any form. There is no other way to reconcile mistrusting the user and at the same time placing "secrets" into the user's hands. It's the fundamental conundrum of software protection mechanisms also.
answered yesterday
0xC0000022L♦
7,65142962
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
add a comment |
up vote
13
down vote
A plain text string like this will be visible by looking at the file in a hex editor (like hte or a viewer like xxd or od) or with the Sysinternals strings command or with strings(1) on a Linux/FreeBSD etc, for example. Most reverse engineering tools have a separate view for strings, because those are usually exceptionally useful to reverse engineers. Amirag already pointed that out for IDA.
In terms of Android that C++ file is likely going to end up as a shared object in ELF file format. These are binary files with a known structure. Simply by looking at the exported functions/symbols, it will be trivial to find the "secret". Even if you were to obfuscate this further, it would still not help. Obfuscation is security through obscurity. It's not actual security. So even writing that string as some xor-ed array of bytes or using the Caesar cipher will add no tangible protection if that's the goal.
Furthermore you should never ever include the private key in code that ends up with the user. The reason why it's called a secret is because it should be kept secret. Just "mangling" the representation of this secret with a compiler isn't going to help at all.
If it's a secret the user shouldn't see, this belongs on the server-side or into a HSM (hardware security module), but not on the user's machine in any form. There is no other way to reconcile mistrusting the user and at the same time placing "secrets" into the user's hands. It's the fundamental conundrum of software protection mechanisms also.
answered yesterday
0xC0000022L♦
7,65142962
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
add a comment |
up vote
13
down vote
up vote
13
down vote
A plain text string like this will be visible by looking at the file in a hex editor (like hte or a viewer like xxd or od) or with the Sysinternals strings command or with strings(1) on a Linux/FreeBSD etc, for example. Most reverse engineering tools have a separate view for strings, because those are usually exceptionally useful to reverse engineers. Amirag already pointed that out for IDA.
In terms of Android that C++ file is likely going to end up as a shared object in ELF file format. These are binary files with a known structure. Simply by looking at the exported functions/symbols, it will be trivial to find the "secret". Even if you were to obfuscate this further, it would still not help. Obfuscation is security through obscurity. It's not actual security. So even writing that string as some xor-ed array of bytes or using the Caesar cipher will add no tangible protection if that's the goal.
Furthermore you should never ever include the private key in code that ends up with the user. The reason why it's called a secret is because it should be kept secret. Just "mangling" the representation of this secret with a compiler isn't going to help at all.
If it's a secret the user shouldn't see, this belongs on the server-side or into a HSM (hardware security module), but not on the user's machine in any form. There is no other way to reconcile mistrusting the user and at the same time placing "secrets" into the user's hands. It's the fundamental conundrum of software protection mechanisms also.
answered yesterday
0xC0000022L♦
7,65142962
A plain text string like this will be visible by looking at the file in a hex editor (like hte or a viewer like xxd or od) or with the Sysinternals strings command or with strings(1) on a Linux/FreeBSD etc, for example. Most reverse engineering tools have a separate view for strings, because those are usually exceptionally useful to reverse engineers. Amirag already pointed that out for IDA.
In terms of Android that C++ file is likely going to end up as a shared object in ELF file format. These are binary files with a known structure. Simply by looking at the exported functions/symbols, it will be trivial to find the "secret". Even if you were to obfuscate this further, it would still not help. Obfuscation is security through obscurity. It's not actual security. So even writing that string as some xor-ed array of bytes or using the Caesar cipher will add no tangible protection if that's the goal.
Furthermore you should never ever include the private key in code that ends up with the user. The reason why it's called a secret is because it should be kept secret. Just "mangling" the representation of this secret with a compiler isn't going to help at all.
If it's a secret the user shouldn't see, this belongs on the server-side or into a HSM (hardware security module), but not on the user's machine in any form. There is no other way to reconcile mistrusting the user and at the same time placing "secrets" into the user's hands. It's the fundamental conundrum of software protection mechanisms also.
answered yesterday
0xC0000022L♦
7,65142962
edited yesterday
answered yesterday
0xC0000022L♦
7,65142962
answered yesterday
0xC0000022L♦
7,65142962
answered yesterday
0xC0000022L♦
7,65142962
7,65142962
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
add a comment |
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
Can a user see the string if they open the file in Notepad? Because ten-year-olds will try that.
– Robyn
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
@Robyn: In theory, yes. However, if you mean Windows Notepad, that has typically huge problems with Unix line breaks and besides, there's no telling how many line breaks there are anyway in a binary. So the text may appear in one long line. That said, if your ten-year-old knows to turn it on, they can make use of the Word Wrap feature to mitigate that problem to some extent.
– 0xC0000022L♦
yesterday
add a comment |
Daniel Foo is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Foo is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Foo is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Foo is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2freverseengineering.stackexchange.com%2fquestions%2f19840%2fhow-difficult-is-to-decompile-c-file%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
14
A plain ascii string is anything but secret.
– joxeankoret
yesterday
5
Any reason not to use the Android keystore system which is explicitly made for this purpose?
– Damon
yesterday
1
No need to decompile. There is a piece of software called "strings" (typically installed or available to unixen like Linux and Mac OS) that will dump all strings in your app. All I have to do is to test the strings one-by-one until I find the correct secret key. Obviously I'd skip strings like "Thank You." and "Login:"
– slebetman
yesterday
1
You don't talk about compiling this C++ file anywhere. The C++ file already is plain text. I think you're talking about distributing an object file or library compiled from this
.cpp, but that's not what you wrote in the question, you just keep talking about the C++ source.– Peter Cordes
yesterday
3
@slebetman Next time I shall make my keys "Thank You." or "Login:" and they will be safe!
– Lightness Races in Orbit
yesterday