How to encrypt strings in your applications

I have seen many examples and available solutions for string encryption, but they mostly force you to bloat your code with a lot of garbage. Usually it's something in form of randomly generated lines of code that will fill a buffer with the desired string or something in form of:
XorString("\xf0\xdb\x5c\xc3\x6e\xd3\x0d\xd6\x90\xde", 0x6b1c485a, 10)

While these truly are string encryptions and they do their job, it's very hard to quickly modify such strings in your code. In either of those two examples you would have to go back to the application/site that generates the code for you, plus it also makes the code very hard to read.

Writing a string encryption tool takes literally not more than 15-20 minutes and you get to decide how it behaves, which type of encryption you want, etc.

I've written some code quickly to make an easy to understand example. I wanted it to be easy to read and change strings in the code, like this:

After compiling this code, you need to pass it to the string encryption tool:

I won't be explaining the code in details, it's really nothing special and should be easy to understand. Please note that this is just a PoC and that normally you would add a better encryption than simple xor, you would make sure it doesn't leak memory (se_decrypt returns malloc'd memory which is not freed - or you'd make it not allocate new memory, but replace the encrypted string with decrypted, but it involves usage of VirtualProtect), etc.

Download: string_encrypt.zip

x86obf source code

After releasing the x86obf tool for free I received quite a few requests
for the source code. It was planned for the future, but I've decided to
release it sooner.

The source code has been slightly stripped. Junk code generators are
removed (they emit NOP only), data encryption is removed and so is
bytecode encryption/obfuscation.

Virtualization handlers have been removed for some important and some
not so important instructions. One of the important handlers were Jxx
instructions which cannot be executed by the VM in its native form. In
fact, every instruction that somehow changes execution flow (e.g. CALL,
RET, JMP, Jxx, etc) must be handled manually.

I am releasing this as a learning material, not a ready to use
compile-my-own-protector source. It will successfully virtualize and
produce working binaries for short blocks of code which don't have
conditional jumps. If you want to build a real protector on top of this,
you will have to develop some code yourself.

x86obf was initially meant to be a commercial application, but it didn't
work out. It had two versions, local and remote, which is why it's split
into two projects and still has context data transferring code which is
not needed in its current state.

If you have any questions, feel free to send me an email!

The public version of x86obf will continue to be developed, in fact it's
being rewritten slightly to provide better functionality and also to
compensate for this source code release - I am changing its internal VM
design.

You're free to use this source code in free and commercial projects, but
please do credit me.

Writing virtualization handlers is straightforward:

Download:  x86obf_source.zip

x86obf code virtualizer released for free

x86obf is now a free and public project. There are no limitations on number of blocks and number of instructions you can protect.

What is x86obf?
x86obf is a tool for executable binary protection. It works by locating marked code blocks of code and converting them to a series of instructions understood only by a randomly generated virtual machine in order to make reverse engineering harder.

x86obf currently supports only 32bit PE files (EXE and DLLs, kernel drivers are not yet supported).

Please note that not all x86 instructions are virtualized yet and there may be bugs - please report if you find any.

The instructions on how to use and a sample project are inside the archive.

Download: x86obf.zip