Programming with C++: How to hide strings in binaries

Client software that communicates with services on the network should encrypt their data. And the servers should only offer their application programming interface (API) to authorized clients. Both require secrets, such as API keys, passwords or certificates. The client software must therefore contain this data – and it must be encrypted so that no user can discover it. But also in such a way that the software can decrypt it itself.

Security professionals are now squeaking: ugh, that’s security by obscurity! – Is correct. Security through obfuscation, also known as obfuscation, is no protection against ambitious hackers. But it is still sometimes unavoidable and the chosen method should be a high hurdle for everyone else.

However, a method that provides this protection should not be a hurdle for programmers. Complicated, error-prone steps such as pre-processing using scripts are therefore only second choice. Ideally, the strings to be hidden end up in the source text as usual. In C++ this is possible. In the following we present a method for C++14, i.e. for a fairly old standard, with which all reasonably modern compilers such as g++, clang and the Microsoft compiler (MSVC) get along. Attention: For g++ and MSVC does not suffice with the invocation parameter -std:c++14 turn on C++14 support, both require C++20.