Category Archives: Cryptography

Storing encrypted strings in memory

Whenever you want to store values as string in memory, whilst at the same time prevent external tools from either finding the value and changing it. e.g. changing high score values. You can use the built in System.Security namespace to do so, the following code shows an example of this.

using System.Security;
using System.Runtime.InteropServices;

SecureString secureStr = new SecureString();

int Score
{
    get {
        var bStr = Marshal.SecureStringToBSTR(secureStr);
        var scoreStr = Marshal.PtrToStringBSTR(bStr);
        Marshal.FreeBSTR(bStr);
        var score = int.Parse(scoreStr);
        return score;
    }
    set {
        secureStr.Clear();
        var chars = value.ToString().ToCharArray();

        foreach (var c in chars)
        {
            secureStr.AppendChar(c);
        }
    }
}

The caveat to this is that its only supported currently in desktop, so if you’re planning on using this code inside unity it wont work for mobile and web as they dont have Marshalling available within their JIT compilers.

If desktop is not an option, alternatively you can hide the value using simple crytography. In its simplest form this can be achieved by means of XOR’ing the value. To allow it to work, a random secret private key is chosen and this is then used to encrpyt and decrypt the value. The following code snippet shows how

private int key = 9999;

int score;

int Score
{
    get { return score ^ key; }
    set { score = value ^ key; }
}

An even better way is to randomise the key when you store the value, as shown below

int Score
{
    get { return score ^ key; }
    set { 
        key = GetRandom(1, 9999999);
        score = value ^ key; 
    }
}

int GetRandom(int min, int max)
{
    Random rnd = new Random(); 
    return rnd.Next(min, max);
}

This way even if they do stumble across the value, the next time they look for the same value it will have changed. Its fast and its also available on most if not all platforms.

Advertisements

String Encrypt and Decrypt for C#

A neat little encrypt/decryption code written for c# that also serves as an initial test to see how code postings appear inside WordPress. To find out more on how to post source code in wordpress, go here.

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

namespace ConfigurationLibrary
{
    public sealed class CryptoString
    {
        private CryptoString() { }
        private static byte[] savedKey = ASCIIEncoding.UTF8.GetBytes("YOURVALHERE");
        private static byte[] savedIV = ASCIIEncoding.UTF8.GetBytes("YOURVALHEREASWELL");
        public static byte[] Key
        {
            get { return savedKey; }
            set { savedKey = value; }
        }
        public static byte[] IV
        {
            get { return savedIV; }
            set { savedIV = value; }
        }
        private static void RdGenerateSecretKey(RijndaelManaged rdProvider)
        {
            if(savedKey == null)
            {
                rdProvider.KeySize = 256;
                rdProvider.GenerateKey();
                savedKey = rdProvider.Key;
            }
        }
        private static void RdGenerateSecretInitVector(RijndaelManaged rdProvider)
        {
            if(savedIV == null)
            {
                rdProvider.GenerateIV();
                savedIV = rdProvider.IV;
            }
        }
        public static string Encrypt(string originalStr)
        {
            // Encode data string to be stored in memory.
            byte[] originalStrAsBytes = Encoding.ASCII.GetBytes(originalStr);
            byte[] originalBytes = { };
            // Create MemoryStream to contain output.
            using(MemoryStream memStream = new
                     MemoryStream(originalStrAsBytes.Length))
            {
                using(RijndaelManaged rijndael = new RijndaelManaged())
                {
                    // Generate and save secret key and init vector.
                    RdGenerateSecretKey(rijndael);
                    RdGenerateSecretInitVector(rijndael);
                    if(savedKey == null || savedIV == null)
                    {
                        throw (new NullReferenceException(
                                "savedKey and savedIV must be non-null."));
                    }
                    // Create encryptor and stream objects.
                    using(ICryptoTransform rdTransform =
                           rijndael.CreateEncryptor((byte[])savedKey.
                           Clone(), (byte[])savedIV.Clone()))
                    {
                        using(CryptoStream cryptoStream = new CryptoStream(memStream,
                              rdTransform, CryptoStreamMode.Write))
                        {
                            // Write encrypted data to the MemoryStream.
                            cryptoStream.Write(originalStrAsBytes, 0,
                                       originalStrAsBytes.Length);
                            cryptoStream.FlushFinalBlock();
                            originalBytes = memStream.ToArray();
                        }
                    }
                }
            }
            // Convert encrypted string.
            string encryptedStr = Convert.ToBase64String(originalBytes);
            return (encryptedStr);
        }
        public static string Decrypt(string encryptedStr)
        {
            // Unconvert encrypted string.
            byte[] encryptedStrAsBytes = Convert.FromBase64String(encryptedStr);
            byte[] initialText = new Byte[encryptedStrAsBytes.Length];
            using(RijndaelManaged rijndael = new RijndaelManaged())
            {
                using(MemoryStream memStream = new MemoryStream(encryptedStrAsBytes))
                {
                    if(savedKey == null || savedIV == null)
                    {
                        throw (new NullReferenceException(
                                "savedKey and savedIV must be non-null."));
                    }
                    // Create decryptor and stream objects.
                    using(ICryptoTransform rdTransform =
                         rijndael.CreateDecryptor((byte[])savedKey.
                         Clone(), (byte[])savedIV.Clone()))
                    {
                        using(CryptoStream cryptoStream = new CryptoStream(memStream,
                         rdTransform, CryptoStreamMode.Read))
                        {
                            // Read in decrypted string as a byte[].
                            cryptoStream.Read(initialText, 0, initialText.Length);
                        }
                    }
                }
            }
            // Convert byte[] to string.
            string decryptedStr = Encoding.ASCII.GetString(initialText);
            return (decryptedStr);
        }
    }
}