Code obfuscation
Upcoming SlideShare
Loading in...5
×
 

Code obfuscation

on

  • 726 views

 

Statistics

Views

Total Views
726
Views on SlideShare
726
Embed Views
0

Actions

Likes
0
Downloads
25
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Code obfuscation Code obfuscation Presentation Transcript

  • Code Obfuscation Tool for Software Protection
  • Outline Why Code Obfuscation Features of a code obfuscator  Potency  Resilience  Cost Classification of Obfuscating Transformations
  • Why use Code ObfuscationTechniques Mainly to defend against Software Reverse Engineering We can only make it more difficult for reverse engineers Available obfuscating tools work in the same way as compiler optimizers Reduce required space and time for compilation
  •  The level of security that an Obfuscator adds depends on:  The transformations used  The power of available deobfuscators  The amount of resources available to deobfuscators
  • Main features of a Code Obfuscator Potency: is the level up to which a human reader would be confused by the new code Resilience: is how well the obfuscated code resists attacks by deobfuscation tools Cost: is how much load is added to the application
  • Code Obfuscation Reverse P1 Reverse Engineer engineering P1, P2, .., Pn exatracts piece of Pn program Obfuscation makes reverse engineering difficult Obfuscation Reverse Engineering fails P1, P2, .., Pn Q1, Q2, .., Qm Transformations
  • Protection through Obfuscationhttp://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html
  • Obfuscation methods Mainly based on target information that we want to modify/obfuscate
  • Obfuscation Methods Lexical transformations  Modify variable names Control transformations  Change program flow while preserving semantics Data transformations  Modify data structures Anti-disassembly Anti-debugging
  • Kinds of obfuscation for each targetinformation
  • Available JavaScript Obfuscators Most available commercial JavaScript obfuscators work by applying Lexical transformations Some obfuscators that were considered are:  Stunnix JavaScript Obfuscator  Shane Ngs GPL-licensed obfuscator  Free JavaScript Obfuscator
  • Example:From Stunnix Actual code:  Obfuscated code: function foo( arg1)  function z001c775808( { z3833986e2c) { var var myVar1 = "some z0d8bd8ba25= string"; //first comment "x73x6fx6dx65x20x73x 74x72x69x6ex67"; var var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785- //second comment 0xc04)* (0x1136+6437- /* here is 0x1c4b); document. write( a long "x76x61x72x73x20x61 multi-line comment blah */ x72x65x3a"+ z0d8bd8ba25+ "x20"+ document. write( "vars z0ed9bcbcc2+ "x20"+ are:" + myVar1 + " " + z3833986e2c);}; intVar + " " + arg1) ; };
  • Step by step examination The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code As the obfuscator parses the code, it removes spaces, comments and new line feeds While doing so, as it encounters user defined names, it replaces them with some random string It replaces print strings with their hexadecimal values It replaces integer values with complex equations
  •  In the sample code that was obfuscated, the following can be observed User defined variables:  foo replaced with z001c775808  arg1 replaced with z3833986e2c  myvar1 replaced with z0d8bd8ba25  intvar replaced with z0ed9bcbcc2 Integers:  20 replaced with (0x90b+785-0xc04)  3600 replaced with (0x1136+6437-0x1c4b) Print strings:  “vars are” replaced with x76x61x72x73x20x61x72x65x3a  Space replaced with x20
  • References [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/ Obfuscation/index.html [Stunnix JavaScript Obfuscator] www.stunnix.com [Shane Ngs GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript- obfuscator.html [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/