I hacked your Library #1
Description
So what's going on how could you hack this you ask
first i had to do some digging, since the method _getch is a windows compiler only thing.. and you haven't considered any other OS and i am on Linux I had to add some extra logic (that logic wasn't what exposed the password dw)
#ifdef _WIN32
#include <conio.h>
#else
#include <termios.h>
#include <unistd.h>
#endif
inline int portable_getch() {
#ifdef _WIN32
return _getch();
#else
struct termios oldt, newt;
tcgetattr(STDIN_FILENO, &oldt);
newt = oldt;
newt.c_lflag &= ~(ICANON | ECHO);
tcsetattr(STDIN_FILENO, TCSANOW, &newt);
int ch = getchar();
tcsetattr(STDIN_FILENO, TCSANOW, &oldt);
return ch;
#endif
}
this added logic ensures that if you are on a UNIX/Linux OS and using GCC or Clang to compile the code.. it will actually work this time preserving your original intention for using _getch(); if it was windows
that out of the way i want to show you another novelty in C/C++ programming world, that Strings are "A LITERAL CURSE"
EX code:
#include "LG_Origin.h"
int main() {
std::cout << "Enter Password: ";
// Reads input as *****, encrypts it in RAM, wipes traces
LG::String pass = LG::Input();
LG::String api_key = _S("SUPER_SECRET_KEY_123");
// Use it when needed (decrypted only during usage)
std::cout << "Your secure pass: " << pass << std::endl;
return 0;
}what should happen here is that i by any means can't find the api_key once it compiled
but that's actually not the case @_@
memory wise you have done a great job, executable wise not so much !
A very low hanging fruit for an executable reverse engineering is the strings command, it can reveal info without even running the executable
here i am compiling the example src code and i am outputting the executable to the name "Origin", for it to run i need to do the command ./Origin in the same directory i have it compiled
╭─ Programs/Libs/Cpp
╰─ masrkai@NixOS 11:11 ➜ g++ LG_Origin.cpp -o Originand here i am searching from the output of strings using the | from the command line as i pass that command earlier results to the program "grep" which allows me to search for the strings
╭─ Programs/Libs/Cpp
╰─ masrkai@NixOS 11:11 ➜ strings Origin | grep "SUPER"
SUPER_SECRET_KEY_123Again memory wise you have done an immense job but that mistake is all it takes to expose secret credentials
so how to fix this ? you can look at some libs like "https://github.com/adamyaxley/Obfuscate/blob/master/obfuscate.h" which solves this issue
I hope i can come up with other tricks to improve this library in the future but i intend to use it in personal projects soon and make a pull request for the support of different architectures
And dw this isn't AI written i actually spent some time typing this (yes for real the library made me interested in revisiting C/C++ related topics)