There is a program:

#include <stdio.h> #include <stdlib.h> #include <string.h> int main(void) { char pass[10] = {0}; printf("Enter password ?"); scanf("%s", pass); if(strcmp(pass, "zorg443") == 0) { printf("Success.\r\n"); } else { printf("Bad password.\r\n"); return EXIT_FAILURE; } return EXIT_SUCCESS; }

I'm sitting on kali linux. I got the idea to open a.out (on windows name.exe) via bless hex editor (Reads the 16th code), and in it the password is directly allocated. How can you encrypt it to protect against this?

  • use any hash? - pavel
  • you can use UPX and you don’t need to change the code :) - Mikhail Vaysman

2 answers 2

Do you just want it to not be visible in the clear? then you can simply write ynqf332 instead of zorg443 , and then, before starting work, increase each character by 1 :)

But you can store something else - for example, the value of crc32, md5 or some kind of sha1 - in general, some kind of digest , and then after entering the user password, calculate it for this input and compare it with yours ...

  • char pass [10] = {0}; char mainPass [10] = {'y', 'n', 'q', 'f', '3', '3', '2'}; mainPass [0] = + 1; printf ("% s \ r \ n", mainPass); I get some kind of strange character, why is the next z in the ascii table? - biggy
  • Describe the operator’s action = + ... - Harry
  • You described the increment operator + = , not = + . - Harry
  • Ahhhh. I got it)) - biggy
  • You assigned the first element of the array the value +1 . Rearranged + and = ... - Harry

What happened:

 #include <stdio.h> #include <stdlib.h> #include <string.h> int main(void) { char pass[20] = {0}; char mainPass[20] = {"ynqf332"}; for(int i = 0; i < 7; i++) { mainPass[i] += 1; } printf("Enter password ?"); scanf("%20s", pass); if(strcmp(mainPass, pass) == 0) { printf("Success.\r\n"); } else { printf("Bad password.\r\n"); return EXIT_FAILURE; } return EXIT_SUCCESS; }