How to encode external files that come with the .exe

Question

So I made an application with visual 2012 that loades images and shaders (plain text). But really, I don't want people to open the images and shaders and mess around. How can I compress all this external files into a single or multiple files but still readable by the executable?

Answer 1

This question is difficult to answer authoritatively because without tamper-proof hardware it is essentially impossible to secure content against a sophisticated hacker. But given the clarification that a simple deterrent is good enough, how about just embedding your content as resources in the executable? Note that there are tools freely available to extract resources from .exe files.

Alternatively you could encrypt each file and decrypt it when your application loads it. The encryption could be as simple as xor-ing each byte with a known constant byte or you could use a real encryption algorithm like one from the Microsoft CryptoAPI. Using a real algorithm will improve obfuscation but still won't be truly secure.

Here's a simple program that uses this RC4 implementation (which is easier to use than CryptoAPI) to encrypt or decrypt a file and write it to stdout:

#include <algorithm>
#include <iostream>
#include <fstream>
#include <iterator>
#include <vector>

// insert RC4 implementation here

int main(int argc, char *argv[]) {
   const std::string password = "no more secrets";
   const std::string filename = argv[1];

   // Read file into a buffer.
   std::ifstream f(filename.c_str(), std::ios::in | std::ios::binary);
   std::vector<char> buffer;
   f >> std::noskipws;
   std::copy(
      std::istream_iterator<char>(f), std::istream_iterator<char>(),
      std::back_inserter(buffer));

   // Initialize the key from a password.
   rc4_key key;
   prepare_key((unsigned char *)password.data(), (int)password.size(), &key);

   // Encrypt or decrypt (same operation).
   rc4((unsigned char *)&buffer[0], (int)buffer.size(), &key);

   // Write result to stdout.
   std::cout.write(&buffer[0], buffer.size());

   return 0;
}

Note that this is not a secure way to use RC4 and the RC4 algorithm itself is no longer considered secure.

Answer 2

Check out http://en.wikipedia.org/wiki/PAK_(file_format)
There is a library on SourceForge for Quake2 pak files: http://sourceforge.net/projects/paklib/
However, I recomend going directly to the source: https://github.com/id-Software/Quake-2/blob/master/qcommon/files.c

Answer 3

Encode the files into your executable in source code. Create an array with each byte of the file encoded one byte at a time. It is a very simple technique to include data in an executable.