source/libs/zziplib/zziplib-0.13.62/docs/zzip-xor.htm

   1 <section> <date> 15. July 2002 </date>
   2 <h2> ZIP Obfuscation </h2>       Using obfuscations like XOR.
   3
   4 <!--border-->
   5
   6 <section>
   7 <h3> The EXT/IO calls </h3>
   8
   9 <P>
  10   You really should read the section about the
  11   <a href="zzip-extio.html">EXT/IO feature</a> of the zziplib since the
  12   obfuscation routines are built on top of it. In order to use obfuscation,
  13   you will generally need to use all the three additional argument that
  14   can be passsed to _open_ext_io functions. For the XOR-example, only one
  15   IO-handler is modified being the read()-call that will simply xor each
  16   data byte upon read with a specific value. It two advantages - doing an
  17   xor twice does yield the same data, so as a developer you do not have
  18   to wonder about the encryption/decryption pair, and it is a stateless
  19   obfuscation that does not need to know about the current position
  20   within the zip-datafile or zippedfile-datatream.
  21 </P><P>
  22   The examples provided just use a simple routine for xoring data that
  23   is defined in all the three of the example programs: <pre>
  24       static int xor_value = 0x55;
  25       static zzip_ssize_t xor_read (int f, void* p, zzip_size_t l)
  26       {
  27           zzip_size_t r = read(f, p, l);
  28           zzip_size_t x;  char* q = p;
  29           for (x=0; x &lt; r; x++) q[x] ^= xor_value;
  30           return r;
  31       }
  32   </pre>
  33 </P><P>
  34   and place this routine into the io-handlers after initializing
  35   the structure: <pre>
  36     zzip_init_io (&amp;xor_handlers, 0); xor_handlers.read = &amp;xor_read;
  37   </pre>
  38 </P>
  39
  40 </section><section>
  41 <h3> The examples </h3>
  42
  43 <P>
  44   There are three example programs. The first one is
  45   <a href="zzxorcopy.c">zzxorcopy.c</a> which actually is not a zziplib
  46   based program. It just opens a file via stdio, loops through all data bytes
  47   it can read thereby xor'ing it, and writes it out to the output file. A
  48   call like <code><nobr>"zzxorcopy file.zip file.dat"</nobr></code> will
  49   create an obfuscated dat-file from a zip-file that has been possibly
  50   create with the normal infozip tools or any other archive program to
  51   generate a zip-file. The output dat-file is not recognized by normal
  52   zip-enabled apps - the filemagic is obfuscated too. This output
  53   dat-file however is subject to the other two example programs.
  54 </P><P>
  55   The <a href="zzxordir.c">zzxordir.c</a> program will open such an obfuscated
  56   zip file and decode the central directory of that zip. Everything is
  57   still there in just the way it can be shown with the normal unzip
  58   programs and routines. And the <a href="zzxorcat.c">zzxorcat.c</a> program
  59   can extract data from this obfuscated zip - and print it un-obfuscated
  60   to the screen. These example programs can help you jumpstart with
  61   your own set of obfuscator routines, possibly more complex ones.
  62 </P><P>
  63   By the way, just compare those with their non-xor counterparts that
  64   you can find in <a href="zzdir.c">zzdir.c</a> and
  65   <a href="zzxorcat.c">zzxorcat.c</a>. Notice that the difference is
  66   in the setup part until the _open_ call after which one can just
  67   use the normal zzip_ routines on that obfuscated file. This is
  68   great for developing since you can start of with the magic-wrappers
  69   working on real-files then slowly turning to pack-files that hold
  70   most of the data and finally ending with a zip-only and obfuscated
  71   dat-file for your project.
  72 </P>
  73
  74 <p align="right"><small><small>
  75 <a href="copying.html">staticlinking?</a>
  76 </small></small></p>
  77 </section></section>