Design and usage of the memfrob function
The purpose of memfrob()
(if you want to call that a purpose) is to hide strings so you don't see them when you run strings
. This might be useful when your binary contains plaintext passwords and you want to stop nosey people from finding out what these passwords are. Of course, it's not hard to crack XOR-by-42, but it's better than nothing.
The number to XOR with can be arbitrary but it needs to stay constant over successive releases of the glibc so code that relies on the number being 42 doesn't break.
Some people consider memfrob()
to be a joke function, but I am not sure if this is really the case. None the less, you should not use it because it isn't a standard function (and thus not available on non-glibc platforms) and because obfuscation is not a substitute for proper security.
The joke of it is that it is the meaning of Life. It's similar to rot-13 in that it's a most trivial encryption and running it again restores the string. Rot-13 doesn't do anything to spaces in the plaintext while memfrob has the odd result of swapping spaces and line feeds:
space = 100000 (32), 42 = 101010, 32^42 = 001010 (10 = LF, and 10^42 back to 32)
While these obfuscate they are poor encryption because they can be recognized just by looking at the result: lots of r's and n's then it's rot13; lots of CRs, \ and ^ then memfrob.