From the man page of memfrob
:
void *memfrob(void *s, size_t n);
The memfrob() function encrypts the first n bytes of the memory area s by exclusive-ORing each character with the number 42. The effect can be reversed by using memfrob() on the encrypted memory area.
Note that this function is not a proper encryption routine as the XOR constant is fixed, and is only suitable for hiding strings.
I have the following questions regarding the memfrob
function:
memfrob
did not leave choice of the constant to the user?The purpose of memfrob()
(if you want to call that a purpose) is to hide strings so you don't see them when you run strings
. This might be useful when your binary contains plaintext passwords and you want to stop nosey people from finding out what these passwords are. Of course, it's not hard to crack XOR-by-42, but it's better than nothing.
The number to XOR with can be arbitrary but it needs to stay constant over successive releases of the glibc so code that relies on the number being 42 doesn't break.
Some people consider memfrob()
to be a joke function, but I am not sure if this is really the case. None the less, you should not use it because it isn't a standard function (and thus not available on non-glibc platforms) and because obfuscation is not a substitute for proper security.
The joke of it is that it is the meaning of Life. It's similar to rot-13 in that it's a most trivial encryption and running it again restores the string. Rot-13 doesn't do anything to spaces in the plaintext while memfrob has the odd result of swapping spaces and line feeds:
space = 100000 (32), 42 = 101010, 32^42 = 001010 (10 = LF, and 10^42 back to 32)
While these obfuscate they are poor encryption because they can be recognized just by looking at the result: lots of r's and n's then it's rot13; lots of CRs, \ and ^ then memfrob.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With