PKEncoder ~ Encode your strings

[New]

Hey.
So you know how you make a program and you have some strings that you dont want others to see...

For example:
You know a special link, your program visits that link, but you dont want others to know.
You connect to an smtp email server, and you have your email credinitials.
You want to hide properties of a string to protect from leeching.

You encrypt the program... But then what? Not everyone is stupid, someone is going to decrypt it using some online tool right?

Well, fear no more.

Introducing PKEncoder.

You know how you can encode everything to base64 right?

This program does it for you.

And you may be thinking : "Well thats stupid, people will just decode it using some online base64 decoding site"

Hehehe... This program encodes the strings you want for AS MANY TIMES AS YOU WANT, in less than 2 seconds.

You may be wondering : "That sounds good and all, but how am I supposed to get the actual value of the string?"

Heh.

This program saves vb.net code to desktop OPTIMIZED to decode your string, on runtime.

So for example, if you encode your string 50 times, a txt will be saved on your desktop, where you can get the code from, paste it in vb, and when you run the program you get the decoded value.

Why is this great?
Because leechers, even if they can decrypt your program, when they see the string, they will try to decode it once... twice... thrice... it wont work, because you encoded it so many times. Chances are, they dont even know how to decode it in the first place!

Virus scans:
1
2

Will do:
So that you can change language to C# and vb.net since they are very similar.
And of course, your suggestions.

- - - Updated - - -
@Mayion I'm mentioning you to check and approve this, since you might miss it, section is pretty dead :s

[RoPMadM]

Sounds really nice

Since we are in the vb.net section and there aren't any sensitive data in your project, would you release the source too?

[[MPGH]Mayion]

You do realize it's possible to decompile .NET modules, read the plain code and automatically decrypt the strings by functioning the same loop?
/Approved.

[New]

You do realize it's possible to decompile .NET modules, read the plain code and automatically decrypt the strings by functioning the same loop?
/Approved.

Yea I do realize that. You can however find a way to hide the amount of times it was encoded, and if you encrypt your project as well as encode the strings this way, I think your program would be 100% protected from leechers and even novices at decrypting.

Since we are in the vb.net section and there aren't any sensitive data in your project, would you release the source too?

Sure

Code:

Imports System.Text
Module Module1
    Dim nameofstring As String = ""
    Dim stringvalue As String = ""
    Dim amount As Integer = 1
    Sub Main()
        Console.Write("> ")
        Console.ForegroundColor = ConsoleColor.Cyan
        Console.WriteLine("Name of the string : ")
        Console.ResetColor()
        nameofstring = Console.ReadLine
        Console.Write("> ")
        Console.ForegroundColor = ConsoleColor.Cyan
        Console.WriteLine("String value : ")
        Console.ResetColor()
        stringvalue = Console.ReadLine
        Console.Write("> ")
        Console.ForegroundColor = ConsoleColor.Cyan
        Console.WriteLine("Amount of times to encode : ")
        Console.ResetColor()
        Try
            amount = Console.ReadLine()
        Catch ex As Exception
            amount = 1
        End Try

        Encode()
    End Sub
    Sub Encode()
        Dim code As String = stringvalue
        Dim i As Integer = 0
        Dim bytes As Byte()
        Dim codex As String = ""
        If i = 0 Then
            For k As Integer = 0 To amount
                bytes = Encoding.UTF8.GetBytes(code)
                Dim base64 = Convert.ToBase64String(bytes)

                code = base64
                If k = amount Then

                    codex = codex + "Dim " + nameofstring + " As String = " + Chr(34) + code + Chr(34) + Environment.NewLine
                    codex = codex + "Dim amount As Integer =" + amount.ToString + Environment.NewLine
                    codex = codex + "Dim lol As Integer = -1" + Environment.NewLine
                    codex = codex + "Do until lol = amount" + Environment.NewLine
                    codex = codex + "Dim dataz As Byte() = Convert.FromBase64String(" + nameofstring + ")" + Environment.NewLine
                    codex = codex + nameofstring + " = Encoding.UTF8.GetString(dataz)" + Environment.NewLine
                    codex = codex + "lol += 1" + Environment.NewLine
                    codex = codex + "Loop" + Environment.NewLine
                    codex = codex + "Console.WriteLine(" + nameofstring + ")" + Environment.NewLine
                End If
            Next k

            Dim file As System****.StreamWriter
            file = My.Computer.FileSystem.OpenTextFileWriter("C:\Users\" + Environment.UserName + "\desktop\YourCode.txt", True)
            file.WriteLine(codex)
            file.Close()
            Console.WriteLine("Done. Code was saved to desktop. Have fun. Press enter to exit.")
            Dim d As String = Console.ReadLine 'Wait until they press enter, Yes I know, lazy way of doing it.
        End If


    End Sub

End Module

[RoPMadM]

Yea I do realize that. You can however find a way to hide the amount of times it was encoded, and if you encrypt your project as well as encode the strings this way, I think your program would be 100% protected from leechers and even novices at decrypting.




Sure

Nice one
thanks +rep

[javalover]

You encrypt the program

Just the strings of the program can be encrypted, the source must be decrypted, else it wouldn't run.

I have a question: what is this program useful to? Why do you need to naively encode your variable, method names if not to try to confound the reader, if he still can see the code?

[New]

Just the strings of the program can be encrypted, the source must be decrypted, else it wouldn't run.

I have a question: what is this program useful to? Why do you need to naively encode your variable, method names if not to try to confound the reader, if he still can see the code?

Ok..

 

 

 

But good luck seeing the code I guess..?

And yes when I say "You encrypt the program" I mean that you use something else to encrypt it aswell. I have encrypted some of mine with random encrypters, people were still able to get the strings tho. With this, what are they going to do, even if they can get the strings? (Which I assure you, noone can decrypt confuserex on maximum.)

[javalover]

You are mixing up some different concepts: obfuscation and deobfuscation with encrypting and decrypting. There is some difference: obfuscation makes just harder (how much harder is it would be just a detail) the code to read; encryption is used to protect stored data with often a secret key (by seeing your code you posted, you are not, so it is more useless).
If an user has an obfuscated code, at least something could be visible; with an encrypted string, you can't decrypt without your secret key (but wait, you are not using a secret key ... what stops me from decoding your string?). The base64 encoded value of the string 'email' is just overlength. You've encoded something else, for sure not an email.

Which I assure you, noone can decrypt confuserex on maximum.

I don't know what's the point of Confuser in this thread. However, you are just wrong. Maybe you can't, but it's probably not possible if you are not familiar with .net reversing, but I can tell you it's possible: when I was a Windows user, I did it with other packers too.

I'm not rude, but I'd suggest you to revalue your program's utility, instead of screening me obfuscated codes with Confuser.

[New]

I don't know what's the point of Confuser in this thread. However, you are just wrong. Maybe you can't, but it's probably not possible if you are not familiar with .net reversing, but I can tell you it's possible: when I was a Windows user, I did it with other packers too.

I'm not rude, but I'd suggest you to revalue your program's utility, instead of screening me obfuscated codes with Confuser.

Everyone is just words. No actions. As I said, it's not possible. End of story. Don't tell me bs that "everything is possible with enough effort". If you want to spend more than 5 years of your life trying to decrypt it, sure it is possible. But lets see you do that.

And you think that EVERYONE knows:
1. What base64 is
2. That the string is encoded more than 1 times just by looking at it
3. That the random person who will try to decompile it, will see a random integer and think "Oh, maybe its encoded this many times".

I don't care how many other packers you did. Which tool did you use? Oh wait, you are probably going to reply "I deobfuscated it myself without the need of ANY tool". Did you know that de4dot doesn't support confuserex? Obviously not. And when I say it's not possible, there is always someone who can do it.

That someone, is not you however.

- - - Updated - - -

revalue your program's utility

Can you read? Obviously not.

leechers and even novices at decrypting.

It's not supposed to protect it from master131, it's supposed to protect it from amateurs, that will look at the huge string and quit trying.

Like this minion for example:



(He gave up.)

- - - Updated - - -

'email' is just overlength. You've encoded something else, for sure not an email.

Lol alright then.
You obviously don't know what you're even talking about
4*(n/3) N at the start is the amount of chars in bytes 1 char = 1 byte.
Look at this example email
example123@domain.com
Chars = 20
So encoding it in base 64 would give us
4*(20/3) bytes
from 20 bytes to 26.6 (approximate) bytes.

Now, this is just encoding it once
But I did this 20 times.

I made this real quick, calculates exactly how many bytes would be after how many chars:


Review the code here and try yourself if you are still in doubt:

Code:

Module Module1
    Dim chars As Integer
    Dim timesx As Integer
    Dim bytes As Integer
    Dim i As Integer = 0
    Sub main()
        Console.WriteLine("How many chars?")
        chars = Console.ReadLine()
        Console.WriteLine("Encode how many times?")
        timesx = Console.ReadLine()
        bytes = timesx
        Do Until i = timesx
            bytes = 4 * (bytes / 3)

            i += 1
            Console.WriteLine(bytes)
        Loop

        Console.ReadLine()

       
    End Sub



End Module

Quote from https://en.wikipedia.org/wiki/Base64
The ratio of output bytes to input bytes is 4:3 (33% overhead). Specifically, given an input of n bytes, the output will be 4*(n/3) bytes long, including padding characters.


And if you think that the image I provided isn't more than 6000 chars, you probably don't know how to count. Any more questions?

[greyb1t]

It's great to see some life in this section!
It's quite funny to read when people are arguing with each other trying to prove that they're the one who's correct.

But I'm sorry to break it for you, it does not matter how many times your encode it in base64. It'll just ruin the performance of the program. Even though you can hide the integer decently you'd still be able to create a program that decodes it without any problems until it normal again. I wrote one below in C# that doesn't need the amount times encoded just for the giggles.

It has quite good performance, but can probably be optimized even more. Feel free to try it out.
Btw, there might be bugs since I wrote it quickly, but those are always fixable!

Code:

        public static string DecodeBase64(string s) {
            byte[] encodedBytes = Convert.FromBase64String(s);
            return Encoding.UTF8.GetString(encodedBytes);
        }

        private static bool IsStringBase64(string s) {
            try {
                if (s.Length % 4 != 0)
                    return false;

                Convert.FromBase64String(s);
                return true;
            }
            catch {
                return false;
            }
        }

        public static bool IsASCII(string value) {
            return Encoding.UTF8.GetByteCount(value) == value.Length;
        }

        public static string DecodeStringBase64UntilNormal(string s) {
            string lastString = s;

            while (IsStringBase64(s)) {
                lastString = s;
                s = DecodeBase64(s);

                // Checks if it decoded beyond the normal string state and prevents it
                if (!IsASCII(s))
                    return lastString;
            }

            return s;
        }

        static void Main(string[] args) {
            string myString = "Vm0wd2QyUXlVWGxXYTFwT1ZsZFNXRll3Wkc5V2JHeDBaRWhrVmxKc2NEQlVWbU0xVmpBeFYySkVUbGhoTVVwVVZtcEtTMU5IVmtkaVIwWlhWakZLU1ZkV1kzaFRNVWw0Vkc1T2FWSnNXbGhaYTJoRFZWWmFkR05GWkZwV01ERTFWa2QwYTFkSFNrZGpSbWhWVmtWYVNGUlVSbXRXTVd0NllVWlNUbFpVVmtsV2JUQXhWakpHYzFOdVVtaFNlbXhXVm0xNGQxWXhjRlpYYlhSWFRWWmFlVnBGV2xOVWJGcFZWbXhzVjFaNlFYaFZla3BIVmpGT2RWVnNXbWxoTUhCWlYxWlNSMWxXWkVkVmJGWlRZbFZhV0ZadGN6RmxSbHBZWlVaa1ZXSkdjRmxhU0hCRFZqSkZlVlJZYUZkaGExcHlWVEJhVDJOdFJraGhSbEpUVmxoQ1dWWXhaREJaVmsxNFdrVmtWMkpyTlZsWmJHaFRZMVpTVjFwRVFrOWlSM2hYVmpJeFIxWlhTa2RqUmxwWFlsaG9lbFpxU2tabFZsSlpZVVprYUdFeGNGbFhhMVpoVkRKTmVWSnJhR3hTYkVwVVZteG9RMWRzV1hoWGJYUk9VbXR3TUZadGRHdGhiRXBZVld4c1dtSkhhRlJaTVZwelkyeGtkRkp0ZUZkaWEwcElWakowYjJFeFdsaFRhMXBxVWxkU1dGUlhOVk5OTVZweFVtMUdUMkpGY0ZwWGExcHJWakZLVjJOR2JGaGhNVnBvVmtSS1RtVldTbkpoUjJoVFlYcFdXbFpYTVRCa01XUlhWMjVLV0dKSFVtRldha1pIVFRGU1ZtRkhPV2hXYTNCSVdUQmFVMWR0U2xsVmFrNWFaV3RhYUZsNlJsZGpNWEJIWVVkc1UySkdhM2hXYTFwaFZqSkZlRmRzYUZSaVJuQlpWbXRXZDFZeGJISlhhM1JVVW14d2VGVnRkREJoYXpGeVRsVndWazF1YUROWlZXUkdaV3hHY21KR1pHbFhSVXBKVm10U1IyRXhaRWRWYmtwb1VtczFjRlZzVWxkbGJHUllaRWRHYTAxWGVGaFdNV2h2V1ZaS1JsTnRPVlZXYkhCWVZHeGFWMlJIVWtoa1IyaFhZWHBXU0ZaSGVHdGlNVnAwVTJ0b2FGSldTbUZhVjNSaFpXeHJlV1ZIUmxkV2EzQXdXbFZhVDJGV1NuVlJiVVpYVFc1U1dGbHFTa1psUm1SWllrWlNhRTFzU25oV1YzaGhaREZaZUZkdVVteFNXRkpZVkZaYVlWTkdWbk5WYms1V1ZteGFWbFJWVW5KUVVUMDk=";
            Console.WriteLine(DecodeStringBase64UntilNormal(myString));
            Console.Read();
        }

[javalover]

You don't need to be presumptuous. Secondly,

As I said, it's not possible. End of story

you clearly do not know that Confuser is vulnerable at memory dumping, in maximum settings too.

If you want to spend more than 5 years of your life trying to decrypt it, sure it is possible.

If you are clever and familiar with .NET reversing you can do it in 10 minutes. All you need to have is de4dot, CFF Explorer to change application CPU architecture if required, and WinDbg to breakpoint some startup functions and then dump the module.

Did you know that de4dot doesn't support confuserex

I don't think many people still use de4dot, anymore. Yes, I know there wasn't a full support for ConfuserEx, at least the last time I used it, but it's able to rename some symbols or deobfuscate control flow, so when you will unpack it manually it will be useful.

And when I say it's not possible, there is always someone who can do it.

This is contradictory.

That someone, is not you however.

Do I know you? Do you know me?

4*(n/3) N at the start is the amount of chars in bytes 1 char = 1 byte.
Look at this example email
example123@domain.com
Chars = 20
So encoding it in base 64 would give us
4*(20/3) bytes
from 20 bytes to 26.6 (approximate) bytes.

After this, I'm assuming you are bad at cryptography. Your code is wrong, because you are getting the unpadded length. The correct formula is:

[IMG]https://late*****decogs.com/gif.latex?4%5B%5Cfrac%7Bn%7D%7B3%7D%5D[/IMG]

and you're not rounding up n of bytes to a multiple of 4. So, this representation to get the number of bytes:

[IMG]https://late*****decogs.com/gif.latex?[\frac{n}{3}][/IMG]

is not rounded up.

example123@domain.com
Chars = 20

It's 21 characters, not 20.

you probably don't know how to count

Me?

Lol alright then.
You obviously don't know what you're even talking about

You didn't know that I was referring to your second screenshot, which I didn't read it was naively and arbitrarily re-encoded many times, that's why the length is very increased.

- - - Updated - - -

I forgot to write the correct way you should do it in your code.
Replace this:

Code:

bytes = 4 * (bytes / 3)

to:

Code:

bytes = 4 * Math.Ceiling(Convert.ToDouble(bytes) / 3)

and you're done. Also remember you are wrongly saving the result to a variable named bytes, when you actually are not getting bytes number with this formula. Your code is ugly too.

- - - Updated - - -

1 char = 1 byte.

Wrong. Since .NET strings are stored as UTF16, 1 char is 2 bytes.

@greyb1t yeah, that's why I call this program naive. But there isn't so much to say to optimize your code, but some simple suggestions I'd say is to not catch generic exception in case Convert.FromBase64String() fails. Catching a FormatException is enough to check if the string is completely Base64. And for DecodeBase64(), doing a simple

Code:

return Encoding.UTF8.GetString(Convert.FromBase64String(s));

is ok, without making other objects.

[New]

It has quite good performance, but can probably be optimized even more. Feel free to try it out.

I haven't looked into the code but does it just loop until the string is no longer in base64? Because I have thought of that concept. Anyways, as I said this is made to protect the string from amateurs/novices.
@javalover

[IMG]https://late*****decogs.com/gif.latex?4%5B%5Cfrac%7Bn%7D%7B3%7D%5D[/IMG] I can't see the difference between that, and 4*(n/3)
You mind explaining?

Do I know you? Do you know me?

I'm just saying. I have seen many good hackers fail.

and you're done. Also remember you are wrongly saving the result to a variable named bytes, when you actually are not getting bytes number with this formula. Your code is ugly too.

Sorry didn't know I had to make my code look beatiful just to show you that the length increases drasticly..

Replace this:

Why exactly? Same thing, and I wasn't trying to make a perfect program, just a demonstration.

It's 21 characters, not 20.

you probably don't know how to count

Me?

Sure you got me.

If you are clever and familiar with .NET reversing you can do it in 10 minutes. All you need to have is de4dot, CFF Explorer to change application CPU architecture if required, and WinDbg to breakpoint some startup functions and then dump the module.

Alright. Since I have never seen anyone who was actually able to do it and you keep saying that you can, should I add you on skype and send you a file, see if you can decrypt it and show me the source code?

It's a simple request. You can deny it of course, but if you want to prove to me that you can do it, then show me. If you don't want to, it's fine.

- - - Updated - - -

Last thing.

This is made to protect the string from amateurs/novices, @javalover

Apparently I don't know what your skills are, but you don't seem like an amateur. If you were one, I feel like you would be lost in the code. Don't you think?

[_NightWare]

How does this compare to Xor-ing it with an xored value from another xored value from another xored value from some random string?
Any advantages/disadvantages?

---

It also helps to obvuscate before compiling, gread job on this!

[javalover]

[IMG]https://late*****decogs.com/gif.latex?4%5B%5Cfrac%7Bn%7D%7B3%7D%5D[/IMG] I can't see the difference between that, and 4*(n/3)
You mind explaining?

I didn't say there is a difference, but I was just going to show where was the error you did later.

Why exactly? Same thing, and I wasn't trying to make a perfect program, just a demonstration.

No, it isn't the same thing, and if you think it is, you have many unclear concepts. Example: use a base64 encoder, encode 5 times, take length everytime you encode your string in base64, run the program, compare each one and you'll see my one is correct and the lengths will match, and your one is not correct and lengths won't match.

Alright. Since I have never seen anyone who was actually able to do it and you keep saying that you can, should I add you on skype and send you a file, see if you can decrypt it and show me the source code?

It's a simple request. You can deny it of course, but if you want to prove to me that you can do it, then show me. If you don't want to, it's fine.

I can't because as I've already said, I'm not a Windows user anymore. I'm running Archlinux, I can't even develop .net if not by using a mono compiler. So I can't do anything with your program, sorry. As I know there are also some automated unpackers, if I remember, DeConfuser, but I didn't never try it, so I can't tell you.

[greyb1t]

If you're looking for a better type of encryption you'd better off by using dnlib to create your custom obfuscator with string encryption.
Most stuff gets quite simple with that library and you'd easily be able to create a string that does not look like a string.

An example of a string when decompiling an application that has been run through my obfuscator which has yet not been decrypted.

Code:

<Module>.pinxalttx = new byte[]
		{
			107,
			96,
			97,
			100,
			107,
			48
		};