String Encryption & File Encryption for Developers

Encrypt strings in source code & files using randomly generated algorithms, and generate the corresponding unique decryption code for any supported programming language.

The problem

I'm a developer, I love programming. I'm also an avid reverse engineer. I perform a wide array of software analysis in my daily work and sometimes I find things in compiled applications that shouldn't be exposed to the first person with a simple hex-editor in hand.

What can be found in application binaries?

I've listed a few examples of the things I find below. Sometimes these things shouldn't even be included in applications at all (they are there due to poor design choices or rushed work), but some are just unavoidable.

Database password
Database passwords
Login credentials
Login credentials
Encryption & decryption key
Encryption & decryption keys
Custom code script
Custom code scripts in readable text
SQL Query in plain text
Complex SQL queries in plain text
Hidden website endpoints
Hidden website endpoints

Why should I care?

If any of these things were to fall into the wrong hands, they could be used to compromise your software or your infrastructure.

Database password in plain text viewed in HIEW hex editor
You don't want this to happen to your software.

Take for example database passwords. They could be used by a competitor to view your database structure or dump all of its contents. You don't want to lose all your hard work just because someone with a simple hex-editor can discover your password in plain text.

The solution — String Encrypt

I decided to create a simple service called String Encrypt for developers, offering fast string & file encryption without the need to write custom encryption tools.

String Encrypt can help you hide the things that shouldn't be visible at first glance to anyone with a hex-editor.

String Encrypt has its own Web API interface that can be used to automate the encryption process, e.g. you could encrypt your sensitive strings before each project build.

How does it work?

I like simplicity and String Encrypt is very simple to use. All you need to do is:

  • Enter the label of your string, say "szSecret"
  • Enter the string content, for example "Hello"
  • Select the output programming language for the decryption code
  • Hit the Encrypt and Generate Decryptor button

The result

String Encrypt uses random encryption code for each string and the sample result might look like this for the supported set of programming languages:

// encrypted with (v1.0.0) [C/C++]
// szSecret = "Hello World!"
wchar_t szSecret[13] = { 0xB13D, 0xB159, 0xB15F, 0xB160, 0xB168, 0xB11A, 0xB152, 0xB169,
			 0xB15F, 0xB16A, 0xB14F, 0xB10B, 0xB0F1 };

for (unsigned int fstHM = 0, TLuIA = 0; fstHM < 13; fstHM++)
	TLuIA = szSecret[fstHM];
	TLuIA = ~TLuIA;
	TLuIA --;
	TLuIA = ~TLuIA;
	TLuIA -= 0xA90C;
	TLuIA ^= fstHM;
	TLuIA += 0xF816;
	szSecret[fstHM] = TLuIA;

// encrypted with (v1.0.0) [C#]
// szSecret = "Hello World!"
String szSecret = "\uFFB6\uFF99\uFF92\uFF92\uFF8F\uFFDE\uFFA7\uFF8F\uFF8C\uFF92\uFF9A\uFFDD";

for (int hcGUs = 0, JBonk = 0; hcGUs < 12; hcGUs++)
	JBonk = szSecret[hcGUs];
	JBonk ++;
	JBonk = ~JBonk;
	JBonk -= hcGUs;
	JBonk += hcGUs;
	szSecret = szSecret.Substring(0, hcGUs) + (char)(JBonk & 0xFFFF) + szSecret.Substring(hcGUs + 1);

// encrypted with (v1.0.0) [Delphi / Pascal]
  // szSecret = "Hello World!"
  szSecret: array[0..13] of WideChar;
  YhZsX: Integer;
  XMSIh: Integer;


  szSecret[12] := WideChar($421E); szSecret[3] := WideChar($427D);
  szSecret[10] := WideChar($427C); szSecret[4] := WideChar($4285);
  szSecret[1] := WideChar($4276); szSecret[5] := WideChar($4237);
  szSecret[6] := WideChar($426F); szSecret[7] := WideChar($4286);
  szSecret[2] := WideChar($427C); szSecret[0] := WideChar($425A);
  szSecret[8] := WideChar($428C); szSecret[11] := WideChar($4238);
  szSecret[9] := WideChar($4277);

  for XMSIh := 0 to 13 do
    YhZsX := Ord(szSecret[XMSIh]);
    YhZsX := YhZsX xor XMSIh;
    YhZsX := not YhZsX;
    YhZsX := YhZsX + $4212;
    YhZsX := not YhZsX;
    szSecret[XMSIh] := WideChar(YhZsX);

// encrypted with (v1.0.0) [Java]
// szSecret = "Hello World!"
String szSecret = "\uD161\uD14B\uD143\uD144\uD142\uD18E\uD178\uD13F" +

for (int PznwK = 0, NKJoC = 0; PznwK < 12; PznwK++)
	NKJoC = szSecret.charAt(PznwK);
	NKJoC -= PznwK;
	NKJoC += PznwK;
	NKJoC ++;
	NKJoC ^= PznwK;
	NKJoC += 0x16BF;
	NKJoC ^= 0xE869;
	szSecret = szSecret.substring(0, PznwK) + (char)(NKJoC & 0xFFFF) + szSecret.substring(PznwK + 1);

<script type="text/javascript">
// encrypted with (v1.0.0) [JavaScript]
// szSecret = "Hello World!"
var szSecret = "\uD2B6\uD29C\uD298\uD297\uD2B1\uD309\uD2CB\uD298\uD298\uD2B1\uD2C8\uD302";

for (var cXIBk = 0, fyBrc = 0; cXIBk < 12; cXIBk++)
	fyBrc = szSecret.charCodeAt(cXIBk);
	fyBrc += 0x26EE;
	fyBrc ^= 0x0613;
	fyBrc = ~fyBrc;
	fyBrc += cXIBk;
	fyBrc ^= cXIBk;
	fyBrc -= cXIBk;
	szSecret = szSecret.substr(0, cXIBk) + String.fromCharCode(fyBrc & 0xFFFF) + szSecret.substr(cXIBk + 1);

# encrypted with (v1.0.0) [Python]
# szSecret = "Hello World!"
szSecret = [ 0x0046, 0x0061, 0x006E, 0x006C, 0x006D, 0x0020, 0x0055, 0x005F,
             0x0070, 0x006C, 0x0066, 0x0021 ]

for WRUGp in range(12):
  BMbPZ = szSecret[WRUGp]
  BMbPZ += 1
  BMbPZ ^= WRUGp
  BMbPZ += 1
  BMbPZ ^= WRUGp
  szSecret[WRUGp] = BMbPZ

szSecret = ''.join(chr(BMbPZ & 0xFFFF) for BMbPZ in szSecret)

del WRUGp, BMbPZ

-- encrypted with (v1.0.0) [Haskell]
module Main where

import qualified Data.Char
import qualified Data.Bits

main = do
  putStrLn $ szSecret

-- szSecret = "Hello World!"
szSecret = zipWith f [0..] [ 0x751D, 0x753C, 0x7531, 0x7537, 0x753E, 0x754F, 0x7512, 0x753A,
                             0x7527, 0x7533, 0x7549, 0x7588 ]
    f pahnq frsop = let wpsnl0 = frsop
                        wpsnl1 = wpsnl0 `Data.Bits.xor` pahnq
                        wpsnl2 = wpsnl1 + 1
                        wpsnl3 = wpsnl2 - pahnq
                        wpsnl4 = Data.Bits.complement wpsnl3
                        wpsnl5 = wpsnl4 `Data.Bits.xor` 0x8AA6
                        wpsnl6 = wpsnl5 + 1
                    in Data.Char.chr (wpsnl6 Data.Bits..&. 0xFFFF)
; encrypted with (v1.0.0) [MASM Assembler (32 bit)]


	; szSecret = "Hello World!"
	szSecret dw 0D7B3h, 0D799h, 0D791h, 0D792h, 0D798h, 0D7E0h, 0D7B6h, 0D7A1h, 0D791h, 0D7A8h, 0D7A1h, 0D7E7h, 0D807h

	mov	ecx, offset szSecret
	mov	eax, 13
	sub	edx, edx

	mov	bx, word ptr [ecx + edx]
	add	ebx, 02804h
	sub	ebx, edx
	not	ebx
	add	ebx, edx
	xor	ebx, edx
	mov	word ptr [ecx + edx], bx
	inc	edx
	dec	eax
	jne	@b

	push	0
	push	ecx
	push	ecx
	push	0
	call	MessageBoxW
; encrypted with (v1.0.0) [FASM Assembler (32 bit)]

section '.data' data readable writable

	; szSecret = "Hello World!"
	szSecret dw 09AD0h, 09AF5h, 09AFCh, 09AFCh, 09AF9h, 09A88h, 09AC1h, 09AF7h
		 dw 09AF6h, 09AFCh, 09AC4h, 09A89h, 06568h

section '.text' code readable executable

	mov	ebx, szSecret
	mov	eax, 13
	and	edx, 0

	mov	cx, word [ebx + edx]
	xor	ecx, 09A97h
	xor	ecx, edx
	inc	ecx
	add	ecx, edx
	mov	word [ebx + edx], cx
	inc	edx
	dec	eax
	jne	@b

	push	0
	push	ebx
	push	ebx
	push	0
	call	[MessageBoxW]

Overall software protection

String & file encryption will provide you just one layer of protection. You might also be interested in our software protection solution — PELock. It will help you protect your software against experienced reverse engineers & crackers.

Any questions?

If you would like to ask me about the String Encrypt service, or something's not clear, mail me, I'll be happy to help you.