LibHideIP (LIBrary for Hiding the IP) is a library which partially
(read below for limitations) ensures that no program under its control can obtain the local IP
address. LibHideIP does this by intercepting calls to some C library functions and
replacing them by its own substitutes.
The IP address that would be obtained is first changed to a neutral address, like 0.0.0.0 or
127.0.0.1 and returned to the caller.
Requirements for compiling:
- a non-root account. Please, NEVER compile or
make anything as root.
- a working C compiler (C++ compilers won't work due to variable casts)
- development package for the C library (like glibc-devel and glibc-headers).
- Note that some glibc versions (2.11 is known of this) have a bug in their
dl(v)sym implementation, which may cause LibSecRm to hang during searching
for the original versions of the substituted C functions. If you observe
this, it is best to upgrade glibc. If not possible, you can start deleting
substituted functions from open() and check each time it your current
version started to work (yes, this decreases security).
- The sys/stat.h contains functions needed to check an executable's type.
If it is a symbolic link, LibHideIP will follow it.
- The dlfcn.h header contains functions needed to call the original functions.
It has to have RTLD_NEXT defined. LibHideIP wouldn't work without this, so it
won't compile without this.
- libdl, the dynamic loading library, with its development package
(unless the required functions are in the C library)
./configure to configure the library for your system.
If you want to enable the public interface of LibHideIP, configure the
The public interface is compatible with SWIG, so
you can make native bindings to LibHideIP for any supported language.
LibHideIP allows some programs to be banned (not allowed to run under
LibHideIP, because they might need accesss to the IP address). One banning
file is always supported -
/usr/local/etc unless set otherwise during configure).
If you want to disable additional banning files pointed to by environment
variables, configure the library with
If you want to disable additional banning files in users' home directories,
configure the library with
make to compile the library.
LibHideIP assumes that your host has
maximum 100 aliases and addresses. If you think this number is not enough,
configure LibHideIP with
or compile LibHideIP with:
where 'n' is your desired number (10 is minimum).
Documentation comes complied (and can be copied right away), but can be changed
and recompiled, if you have the
makeinfo program (
make install to install the library. Read the docs on how to make the library running.
info libhideip (after installation) or
(before installation) to get help.
- libc.so.6 (GLIBC_2.4)
- libdl.so.2 (GLIBC_2.1)
THE LIBRARY HAS BEEN TESTED, BUT IT MAY NOW OR LATER CONTAIN ERRORS, WHICH MAY LEAD TO
INCORRECT PROGRAM BEHAVIOUR. READ THE LICENSE FOR A WARRANTY (THERE IS NONE).
LibHideIP can do nothing if:
- A program is using direct kernel calls or non-standard calls,
thus bypassing even the C library
- LibHideIP is not loaded (read the "Installing" chapter in the "info" docs).
- A program is linked statically (so it doesn't use shared libraries and has all
the functions compiled in it).
- The operating system doesn't support shared libraries (like DOS)
- The operating system doesn't support preloading shared libraries before system libraries.
- LibHideIP is enabled by setting environment variables and a program is launched by another
program, which clears the environment
variables used by the dynamic linker, so the dynamic linker doesn't preload
LibHideIP. Some Java Runtime Environments seem to do this.
LibHideIP compiles on the following systems:
- Fedora Core 4 GNU/Linux (i686 CPU) - versions up to 0.3 (later not checked)
- Fedora 12 GNU/Linux (i686 CPU) - versions from 0.3 (earlier not checked)
- Mandriva 2008.1 GNU/Linux (i686 CPU)
- Mandriva 2011 GNU/Linux (i686 CPU) - version 0.5 (earlier and later not checked)
- OpenBSD 3.8 (x86 CPU) - versions up to 0.3 (later not checked)
- Debian 5.0 GNU/Linux (x86 CPU) - versions from 0.4 (earlier not checked)
Current version is 1.5.
Download this at SourceForge.
My projects on SourceForge
- Wipe Free Space - a
program for cleaning of free space on filesystems
- LibSecRm - a security
wrapper library for C library functions which insecurely delete data
- JYMAG - a program for Sagem mobile phones
- IMYplay - a program
for playing iMelody ringtones (IMY files) and an IMY-to-MIDI converter
- LibHideIP - a security wrapper
library for C library functions which could lead to revealing your local IP address
- LibNetBlock - a security wrapper
library that ensures that no program under its control can access the network
My other software
See my other free software:
See also my assembly-related free software:
- KonqSec - a set of Konqueror security-related context menu entries
- SOAP Service Tester - a program for testing SOAP services
- Certificate and key generators
- E-mail address verifier
- LastMod - a script that inserts or updates a META element with the
Last-Modified HTTP header
- Atom2Rss - a script that converts an Atom channel XML file
to an RSS 2.0 XML file
- List2Atom - a script that generates an Atom channel XML file from a list of files
- InSyTrack - software to track program flow (calls) across libraries,
threads, programming languages or even different systems on different
- AsmDoc - a HTML documentation generator for assembly language
- source converters between NASM, FASM and GAS
- C header to assembly header converters
- Kate/KWrite syntax highlighting for NASM/FASM
- some FASM macros
- Makefile generator for FASM
- Linux 2.6 kernel module helper for FASM
- A set of Autoconf macros
- Assembly converter for Doxygen
- Asm::X86 Perl module
Contact me: bogdro AT users . sourceforge . net (English accepted, just say '[SOFT]' in the title).
My public certificate:
Certificate MD5 fingerprint:
Certificate SHA1 fingerprint:
Issuer certificate: der format
Issuer certificate MD5 fingerprint:
Issuer certificate SHA1 fingerprint:
Revocation list of the previous certificates:
My public GnuPG /
Key SHA1 fingerprint:
E91E 699F 1026 D0EF 745E EC3B 353A D368 1C56 DA1E
This page is hosted at SourceForge.net.
This page is written using valid
, for all browsers:
This page uses a valid
This page has a content security policy.
This page doesn't use GIF images
and doesn't use JPG images.