Cryptix: Compile-Time String Encryption & Obfuscation Framework for Rust

Cryptix is a Rust-based compile-time string encryption framework designed to protect sensitive literals from static analysis tools. It provides a powerful set of macro-based tools that obfuscate string constants during compilation, decrypting them only at runtime in memory-safe and optionally customizable ways.

✨ Inspired by litcrypt

• This project is heavily inspired by litcrypt, a compile-time literal encryption crate.

🔧 Why Cryptix? Unlike other crates like litcrypt, Cryptix offers:

• More encryption options.
• Fully customizable encoding behavior.

🚀 Key Features

• Compile-Time Encryption: Encrypts string literals at compile time using a variety of algorithms.

• Macro-Based Usage: Simple two-letter macro interface for embedding encrypted strings in your code (e.g., cx!("my string", "<method>")).

• Multiple Encryption Modules:

  • aes: AES-256-CBC with PKCS7 padding, no block-modes crate.
  • xor: Lightweight XOR-based obfuscation.
  • base64: Custom base64 encoding with a shuffled alphabet.

• Static Key/IV: Secret keys and IVs are embedded directly in the library, no need for environment variables.

• Cross-Platform: Works on both Linux and Windows.

📦 Example Usage

Note on Updates and Releases:

Please be aware that all changes and the latest development are regularly updated on this GitHub repository. The versions available on crates.io might be slightly outdated, so for the most up-to-date version with all the latest features and fixes, please refer to the GitHub repository.

# Cargo.toml

[dependencies]
cryptix_1988 = "0.5.0"
cryptix_macros = "0.2.0"

//main.rs

use cryptix_macros::cx; // new
use std::process::Command;

fn main() {
    let secret_xor = cx!("private-token", "xor");
    println!("Decrypted XOR: {}", secret_xor);

    let secret_aes = cx!("private-token", "aes");
    println!("Decrypted AES: {}", secret_aes);

    let secret_b64 = cx!("private-token", "b64");
    println!("Decode Base64: {}", secret_b64);

    Command::new(cx!("powershell.exe", "xor")) // "xor" method
        .arg(cx!("-NoProfile", "aes")) // "aes" method
        .arg(cx!("-Command", "b64")) // "b64" method
        .arg(cx!("[System.Diagnostics.Process]::Start([System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String('YwBhAGwAYwA=')))", "aes")) // "aes" method
        .status()
        .expect("failed to execute process");
}

This will:

• Encrypt "private-token" at compile time using the xor encryption module.
• Store it encrypted in your binary (not visible via static tools: strings, hexdump, etc).
• Decrypt it at runtime just-in-time for use.

Cryptix will encrypt each string written inside cx! statically.

Check the output binary using strings command to verify:

strings target/debug/my_app | grep private-token

If the output is blank then your valuable string in your app is safe from static analyzer tool

For working example code see ./examples directory, and test using:

cargo run

Disclaimer

All the code are for educational and research purposes only. Do not attempt to violate the law with anything contained in code produced by this repository. Neither the authors of this repository, or anyone else affiliated in any way, is going to accept responsibility for your actions.