How to XOR scramble a string in C and back again with the same function?

Question

I am trying to obfuscate a string in a program. Currently, I only have a simple string reversal working. I would like to be able to perform XOR scrambling on the data to make it much more secure, however the method I have tried is not working.

The same function and input type is used to decode the string. This is no problem with string reversal, as it just reverses back, but can this be done easily with XORing without getting too complex? I would prefer if the process kept just the one string, like the reversal does. Here is my reversal function.

void reverse_string(unsigned char *buf, int length)
{
int i;
unsigned char temp;

    for (i = 0; i < length / 2; i++)
    {
        temp = buf[i];
        buf[i] = buf[length - i - 1];
        buf[length - i - 1] = temp;
    } 
}

And here is the attempt at a XOR function

void charxor(char * text, int len) {
const unsigned char enc[8]={173,135,131,121,110,119,187,143};
char ch;
int i;
int ind=0;
for (i=0;i<len;i++) {
    ch=*text++;
    if (ch)
        *text = ch ^ enc[ind++];
    ind %=8;
}


}

Can anyone help? Would be much appreciated!

Answer 1

You seem to be overcomplicating things a bit. Try this instead:

void charxor (unsigned char *text, int len) {
    const unsigned char enc[8] = {173,135,131,121,110,119,187,143};
    int i;
    for (i = 0; i < len; i++) {
        text[i] ^= enc[i % 8];
    }
}

Note that the XOR operation can introduce null chars into the string, so you really do need to keep track of its length instead of just relying on the presence of a trailing null char.

Also keep in mind that, while this may indeed be relatively speaking "much more secure" than just reversing the string, any reasonably clever person with access to enough samples of the output can probably figure out how to decode it in around fifteen minutes or so.

Answer 2

this is a pbox, it would require you to make a non repeating integer key - random - same size as said block. the last block would start with the offset which could be just random data. Doesn't cover null terminators so decide where the data is going / what your doing with it. you could realloc(buff, "A") to use memmove. make 3 64 bit boxes, and a subset of 16 4 bit boxes from the output of the 64 and it starts to look like a poor implementation of des, which openssl has build into it. The fundamental advantage is being able to encrypt/decrypt with the same function / address space. This could also allow you to encrypt in place without a extra buffer. KSZ is the length of your block(s)/key

char
*zecr
(bff, zbf, ky, ze)
 char *bff;
 char *zbf;
 unsigned int ky[];
 short ze;
{
/* main encrypt decrypt function */

int i=0;
while( i < KSZ ) {
 int dx = ky[i];

 if( ze == 1 ) {            // encrypt
    char c = bff[dx];
    sprintf(zbf + i, "%c", c);

 } else {                   // decrypt
    char c = bff[i];
    char tk[1] = "";
    sprintf(tk, "%c", c);
    memmove(zbf +dx,  tk, 1);
 }

 i++;
}

return zbf;
}

xoring is a binary operation, which will yield vastly different results depending on how you cast it. You got the right idea using ocdec but if the idea is to keep it simple im going to assume you don't actually know assembly despite the requested reference, stick with c calls its simpler for how you are most likely going to be using the data.

-the female orgasm, that's the myth. -SUN TZU