blocks|key|2056821|text|不，但是你可以做一些事情来使它变得更难。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2056822|将密码存储为一系列数字，并对其进行计算以生成实际的密码，将部分密码存储在图标等资源中。|2056823|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

No but there are things you can do to make it harder. 

Store the password as a series of numbers, do some calcualtions on them to generate the actual password, store parts of the password in resources such as icons etc.

blocks|key|2059842|text|如果您的程序是Windows程序，只需使用“此程序无法在DOS模式下运行”即可。作为密码。这个字符串几乎存在于每个Windows可执行文件中。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2059843|我只是在开玩笑，因为它可能几乎和用程序中其他地方的密钥对密码进行异或一样安全，而且维护它几乎没有令人头疼的事情。|2059844|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

If your program is a Windows program, just use "This program cannot be run in DOS mode." as the password. That string is in nearly every Windows executable.

I'm only half kidding, since it's probably nearly as secure as XOR-ing the password with a key that's elsewhere in the program and there will be pretty much zero headaches maintaining it.

blocks|key|3480067|text|简而言之，不，任何黑客只会在打开zip文件的函数上设置一个断点，并从那里的RAM中获得密码。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3480068|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

In short, no, Any cracker would just set a breakpoint on the function that opens the zip file, and get the password from RAM there.

blocks|key|5079949|text|将密码的XOR加密版存储为静态变量，而不是实际的密码。当您需要使用它时，只需应用简单的XOR解密来检索实际的密码。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5079950|http://en.wikipedia.org/wiki/XOR_cipher|offset|length|5079951|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|13|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|N|8|@]|9|@$D|O|E|P|1|Q]]|A|$]]|$1|F|3|-4|5|6|7|R|8|@]|9|@]|A|$]]]|G|$H|$5|I|J|K|A|$L|C]]]]

Instead of the actual password store the XOR encrypted version of the password as static variable. When you need to use it you just apply simple XOR decryption to retrieve the actual password.

<a href="http://en.wikipedia.org/wiki/XOR_cipher" rel="noreferrer">http://en.wikipedia.org/wiki/XOR_cipher</a>

blocks|key|1413253|text|一种解决方案是将静态密码与另一个常量甚至另一个字符串进行xor。这会将你的密码分散在不同的部分之间，但需要结合许多部分才能找回密码。编译后的二进制文件中的字符串不会显示pw字符串。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1413254|#include+<stdio.h>

char+pw[8]+=+{124,+109,+127,+127,+123,+99,+126,+104};

int+main(int+argc,+char**+argv)+{
++for+(int+i+=+0;+i+<+8;+i%2B%2B)+{
++++pw[i]+=+pw[i]+%5E+12;
++}
++printf("%25s\n",+pw);++//+=>+'password'
}|code-block|syntax|javascript|1413255|有许多方法可以保护数据不被随意检查，但决意的对手完全是另一回事(只需问问做DRM的人就知道了)。|1413256|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

One solution would be to xor the static password with another constant or even another string. This would spread your password out between however many parts need to be combined to get it back. A strings on the compiled binary doesn't show the pw string.

<pre><code>#include &lt;stdio.h&gt;

char pw[8] = {124, 109, 127, 127, 123, 99, 126, 104};

int main(int argc, char** argv) {
 for (int i = 0; i &lt; 8; i++) {
 pw[i] = pw[i] ^ 12;
 }
 printf("%s\n", pw); // =&gt; 'password'
}
</code></pre>

There are a number of ways to protect data from a casual inspection, a determined adversary is another matter altogether (just ask the folks doing DRM.)

blocks|key|2056920|text|您可以将密码与从程序的某些数据派生的另一个密码进行异或，例如字段(在打包的结构/类中)相对于结构/类开头的相对位置，或者可能使用一些“常量”数据(当前世纪和千禧年在接下来的89年中是非常恒定的:-+)，或者将一些字符从一个代码页转换为另一个代码页，或者可能将一些数字转换为浮点型或双精度型(甚至可能使用一些简单的除法，如2/3、3/5、5/7中的双精度型)。一定要“强制”编译器不要对它们进行优化(可能是从其他“可测量”的东西中得出这个数字，比如一些字符串的长度)。尤其是第一个可能是最容易隐藏的：“测量”字段的相对位置是很常见的。这些方法都不能在黑客的5分钟内存活下来...他们只会防止“十六进制编辑器的随意窥探”。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2056921|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

You could xor the password with another password derived from some data of your program, for example the relative position of a field (in a packed struct/class) relative to the beginning of the struct/class, or perhaps use some "constant" data (the current century and millennium are quite constant, for the next 89 years :-) ), or the conversion of some characters from one codepage to another, or perhaps the conversion of some numbers to float or double (perhaps even some simple divisions like 2/3, 3/5, 5/7 in double used as a password. Be sure to "force" the compiler to not optimize them (probably deriving the number from other "measurable" things, like the length of some strings)). Especially the first one is probably the easiest to hide: it's quite common to "measure" the relative position of a field. None of these methods will survive 5 minutes of an hacker... They'll only protect against "casual snooping with an hex editor".

blocks|key|1413397|text|那么，为什么要存储它呢？为什么没有第二个打包的应用程序，您的第一个应用程序基于xor算法进行加密？这样就根本不需要存储密码了！|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1413398|当然，这种方法有一点困难，但我想说，您不仅可以使用这种方法，而且可以学习使其工作所需的必要知识，从而大大受益。|1413399|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Well why store it at all? Why not have a second packed application that your first encrypts based off of an xor algorithm? That way there is no need to store the password at all!

Of course this method is a little more difficult, But I would say you greatly benefit from not only using this method, but learning the necessary things required to make it work.

blocks|key|2056953|text|向用户显示带有另一个斜体代码的图片，并插入一个文本框，用户可以在其中输入写入图片中的代码。将ZIP文件的密码与图片中的代码进行异或运算。结果可以实现为硬编码。程序必须将硬编码的代码与用户的输入进行异或运算，以获得ZIP文件的代码。您也可以选择使用另一个单向代码来验证输入的代码。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2056954|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Show a picture with another code in italics to the user and insert a text box where the user can enter the code that is written in the picture. XOR the password of the ZIP file with the code in the picture. The result can be implemented hardcoded. The program has to XOR the hardcoded code with the input of the user to get the code of the ZIP file.
Optionally, you can verify the inputted code using another one-way-code.

blocks|key|5080200|text|使用perl脚本模糊密码。黑客仍然可以反向工程你的机器code...but，至少你的密码从十六进制编辑器中是不明显的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5080201|obfuscate_password("my_password434");

sub+obfuscate_password($)+{

++my+$string+=+shift;
++my+@c+=+split(//,+$string);
++push(@c,+"skip");+#+Skip+Null+Terminator
++++++++++++++++++++#+using+memset+to+clear+this+byte
++#+Add+Decoy+Characters
++for($i=0;+$i+<+100;+$i%2B%2B)+{
++++$ch+=+rand(255);
++++next+if+($ch+==+0);
++++push(@c,+chr($ch));
++}+++++++++++++++++++++
++my+$count1+=+@c;
++print+"++int+x1,+x2,+x3,+x4,+x5;\n";
++print+"++char+password[$count1];\n";
++print+"++memset(password,+0,+$count1);\n";
++my+$count2+=+0;
++my+%25dict++=+();
++while(1)+{
++++my+$x+=+int(rand($count1));
++++$y+=+obfuscate_expr($count1,+$x);
++++next+if+(defined($dict{$x}));
++++$dict{$x}+=+1;
++++last+if+($count2%2B1+==+$count1);
++++if+($c[$x]+ne+"skip")+{
++++++#print+"++$y\n";
++++++print+"++$y+password[x4]+=+(char)"+.+ord($c[$x])+.+";\n";
++++}
++++$count2%2B%2B;
++}
}

sub+obfuscate_expr($$)+{
++++my+$count++=+shift;
++++my+$target+=+shift;
++++#return+$target;

++++while(1)+{

+++++++my+$a+=+int(rand($count*2));
+++++++my+$b+=+int(rand($count*2));
+++++++my+$c+=+int(rand($count*2));
+++++++next+if+(($a+==+0)+%7C%7C+($b+==+0)+%7C%7C+($c+==+0));
+++++++my+$y+=+$a+-+$b;
+++++++#print+"$target:+$y+:+$a+-+$b\n";
+++++++if+($y+==+$target)+{
++++++++++#return+"$a+-+$b+%2B+$c";
++++++++++return+"x1=$a;+x2=$b;+x3=$c;+x4=x1-x2%2Bx3;+x5=+%2B=x4;";
+++++++}
++++}+
}|code-block|syntax|javascript|5080202|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

obfuscate the password with a perl script. Hackers can still reverse engineer your machine code...but at least your password its not obvious from a hex editor.

<pre><code>obfuscate_password("my_password434");

sub obfuscate_password($) {

 my $string = shift;
 my @c = split(//, $string);
 push(@c, "skip"); # Skip Null Terminator
 # using memset to clear this byte
 # Add Decoy Characters
 for($i=0; $i &lt; 100; $i++) {
 $ch = rand(255);
 next if ($ch == 0);
 push(@c, chr($ch));
 } 
 my $count1 = @c;
 print " int x1, x2, x3, x4, x5;\n";
 print " char password[$count1];\n";
 print " memset(password, 0, $count1);\n";
 my $count2 = 0;
 my %dict = ();
 while(1) {
 my $x = int(rand($count1));
 $y = obfuscate_expr($count1, $x);
 next if (defined($dict{$x}));
 $dict{$x} = 1;
 last if ($count2+1 == $count1);
 if ($c[$x] ne "skip") {
 #print " $y\n";
 print " $y password[x4] = (char)" . ord($c[$x]) . ";\n";
 }
 $count2++;
 }
}

sub obfuscate_expr($$) {
 my $count = shift;
 my $target = shift;
 #return $target;

 while(1) {

 my $a = int(rand($count*2));
 my $b = int(rand($count*2));
 my $c = int(rand($count*2));
 next if (($a == 0) || ($b == 0) || ($c == 0));
 my $y = $a - $b;
 #print "$target: $y : $a - $b\n";
 if ($y == $target) {
 #return "$a - $b + $c";
 return "x1=$a; x2=$b; x3=$c; x4=x1-x2+x3; x5= +=x4;";
 }
 } 
}
</code></pre>

... so that browsing the disassembly won't immediately expose the password (declared as a static variable). As an example, imagine a program that has a zip file attached that it must open for assets but is not easily accessible to prying eyes.

I know that it is impossible to completely hide or protect that zip but I'm curious what means are available to at least hold off a casual snooper.

Thanks!

Is it possible to hide a password defined within C++ code

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

..。这样浏览反汇编就不会立即暴露密码(声明为静态变量)。例如，假设一个程序附加了一个zip文件，它必须为资产打开，但不容易被窥探的眼睛访问。我知道完全隐藏或保护拉链是不可能的，但我很好奇有什么方法可以至少阻止一个不经意的窥探。谢谢!

问是否可以隐藏在C++代码中定义的密码
EN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问是否可以隐藏在C++代码中定义的密码EN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问是否可以隐藏在C++代码中定义的密码
EN