1
<h2> ZIP Obfuscation </h2> Using obfuscations like XOR.
3
<!--border--> <date> 15. July 2002 </date>
5
<h3> The EXT/IO calls </h3>
8
You really should read the section about the
9
<a href="zzip-extio.html">EXT/IO feature</a> of the zziplib since the
10
obfuscation routines are built on top of it. In order to use obfuscation,
11
you will generally need to use all the three additional argument that
12
can be passsed to _open_ext_io functions. For the XOR-example, only one
13
IO-handler is modified being the read()-call that will simply xor each
14
data byte upon read with a specific value. It two advantages - doing an
15
xor twice does yield the same data, so as a developer you do not have
16
to wonder about the encryption/decryption pair, and it is a stateless
17
obfuscation that does not need to know about the current position
18
within the zip-datafile or zippedfile-datatream.
20
The examples provided just use a simple routine for xoring data that
21
is defined in all the three of the example programs: <pre>
22
static int xor_value = 0x55;
23
static zzip_ssize_t xor_read (int f, void* p, zzip_size_t l)
25
zzip_size_t r = read(f, p, l);
26
zzip_size_t i; char* q = p;
27
for (x=0; x < r; x++) q[x] ^= xor_value;
31
and place this routine into the io-handlers after initializing
33
zzip_init_io (&xor_handlers, 0); xor_handlers.read = &xor_read;
37
<h3> The examples </h3>
40
There are three example programs. The first one is
41
<a href="zzxorcopy.c">zzxorcopy.c</a> which actually is not a zziplib
42
based program. It just opens a file via stdio, loops through all data bytes
43
it can read thereby xor'ing it, and writes it out to the output file. A
44
call like <code><nobr>"zzxorcopy file.zip file.dat"</nobr></code> will
45
create an obfuscated dat-file from a zip-file that has been possibly
46
create with the normal infozip tools or any other archive program to
47
generate a zip-file. The output dat-file is not recognized by normal
48
zip-enabled apps - the filemagic is obfuscated too. This output
49
dat-file however is subject to the other two example programs.
51
The <a href="zzxordir.c">zzxordir.c</a> program will open such an obfuscated
52
zip file and decode the central directory of that zip. Everything is
53
still there in just the way it can be shown with the normal unzip
54
programs and routines. And the <a href="zzxorcat.c">zzxorcat.c</a> program
55
can extract data from this obfuscated zip - and print it un-obfuscated
56
to the screen. These example programs can help you jumpstart with
57
your own set of obfuscator routines, possibly more complex ones.
59
By the way, just compare those with their non-xor counterparts that
60
you can find in <a href="zzdir.c">zzdir.c</a> and
61
<a href="zzxorcat.c">zzxorcat.c</a>. Notice that the difference is
62
in the setup part until the _open_ call after which one can just
63
use the normal zzip_ routines on that obfuscated file. This is
64
great for developing since you can start of with the magic-wrappers
65
working on real-files then slowly turning to pack-files that hold
66
most of the data and finally ending with a zip-only and obfuscated
67
dat-file for your project.
70
<h3> Some rationale </h3>
73
Some people might ask why not adding standard zip-encryption. Well,
74
first of all the standard zip-encryption has not been strong enough
75
for modern computers, and there are hacker tools that even a
76
half-literate computer-user can use to crack the password of a
77
zip-archive. Furthermore, adding real encryption is a heavy weight
78
that many people do not need, see the last argument for seeing the
79
standard one is useless anyway, and adding a non-standard one
80
should not be the case of the standard zziplib either, ye know.
82
On the other hand, obfuscation is a means to fear off half-literates
83
just as well - there are no premade tools for the obfuscation you
84
can invent from the xor examples. And a hacker that can de-obfuscate
85
such a dat-file is able to dissassemble your program as well thereby
86
going to see your decryption routine <em>and</em> the decryption key.
87
Although there is a difference, it just ranges on about times and
88
exprience, not magnitudes. Remember the old saying: you can irritate
89
some people for some time but not irritate all people for all the time.
90
As for encryption of artwork and AI scripts in games and applications,
91
just keep in mind that the final recipient has the decryption key on
92
his system anyway, just obfuscated. So each such encryption is nothing
93
more than just a clever form of obfuscation, nothing mathemetical strong.
95
Some other people might ask why to obfuscate anyway. Well, the reason
96
is theft. Even people who write opensource free software generally
97
like to get some reward for what they do, some fame or atleast some
98
sweet dream to have helped the world go a bit easier in the future.
99
As for program text this is quite natural for the programmers who
100
pick up some code from somewhere else - it happens that most of them
101
have gone through some formation and they know how hard it is to get
102
even some lines of code out of your brain. This is not the case for
103
some artwork and AI parameters, people do not have much respect for
104
those - they just pick it up, put it under their umbrella, and
105
that's it - they even claim they could have done that themselves,
106
and in most cases it is that they never have been really trying to
107
do it and think of it as being comparable to that action-art they've
110
Just be sure that there is nothing wrong with obfuscating
111
things for a binary distribution of your program even for the
112
opensource case - the program text itself is an obfuscation in its
113
source form when being compiled into cpu instructions. Still, the
114
interested people can get hold of the source code since you provide
115
it somewhere and actually the original programmers like to hear
116
from literate people who could help with modifying the project. The
117
same is true for you artwork and AI scripts, the interested people
118
can still see them in the opensource project material, but only
119
those will look who dare to, not just the halfwit next door.
121
Well, you do not need to that on the other hand - ID software has
122
shown that it can be very helpful since people will start to
123
write new maps and new bots, pack them and publish them. An open
124
data format is a form of attraction for people who can use a
125
graphics program and an editor but who do not know how to program.
126
And if you use obfuscation within an opensource program, it is
127
surely enought to just use the xor-format presented here, so that
128
it easy for third people to get involved if they want to, they
129
just have to rewrite their new datapacks with zzxorcopy, and
132
As for the non-opensource projects, be aware that there are
133
some ways to even staticlink the zziplib into your project, so
134
you can even hide that you used zip tools to create your dat files.
135
This is well enough for anyone to do - as soon as a hacker will
136
get to the point to notice you used a zip format, he would have
137
had found any other deobfusation or decryption routine as well.
138
If you are frightened, just encrypt the executable with tools
139
you bought from somewhere else. On the other hand, should there
140
be problems or bugs, you have an easier time to find them when
141
they could be caused by your dat entries, and it is again easy
142
to send a fixup file to your clients, since the command line
143
tools are just a breeze compared with some other anti-hacking
144
tools you'll find on the market.
146
Well, hope this is enough rationale to tell you that I do not
147
see a need to implement anything more than obfuscation within
148
zziplib - if you need real encryption, use real encryption
149
software and its fileformat that supports it, not zip files.
152
<p align="right"><small><small><small>
153
<a href="staticlink.txt">staticlink.txt</a>
154
</small></small></small></p>