SlideShare a Scribd company logo

Code obfuscation

Download as PPT, PDF
B
bijondesai
EducationTechnology
1 of 15
Code Obfuscation Tool for Software Protection
Outline  Why Code Obfuscation  Features of a code obfuscator  Potency  Resilience  Cost  Classification of Obfuscating Transformations
Why use Code Obfuscation Techniques  Mainly to defend against Software Reverse Engineering  We can only make it more difficult for reverse engineers  Available obfuscating tools work in the same way as compiler optimizers  Reduce required space and time for compilation
 The level of security that an Obfuscator adds depends on:  The transformations used  The power of available deobfuscators  The amount of resources available to deobfuscators
Main features of a Code Obfuscator  Potency: is the level up to which a human reader would be confused by the new code  Resilience: is how well the obfuscated code resists attacks by deobfuscation tools  Cost: is how much load is added to the application
Code Obfuscation  Reverse P1 Reverse Engineer engineering P1, P2, .., Pn exatracts piece of Pn program  Obfuscation makes reverse engineering difficult Obfuscation Reverse Engineering fails P1, P2, .., Pn Q1, Q2, .., Qm Transformations
Protection through Obfuscation http://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html
Obfuscation methods  Mainly based on target information that we want to modify/obfuscate
Obfuscation Methods  Lexical transformations  Modify variable names  Control transformations  Change program flow while preserving semantics  Data transformations  Modify data structures  Anti-disassembly  Anti-debugging
Kinds of obfuscation for each target information
Available JavaScript Obfuscators  Most available commercial JavaScript obfuscators work by applying Lexical transformations  Some obfuscators that were considered are:  Stunnix JavaScript Obfuscator  Shane Ng's GPL-licensed obfuscator  Free JavaScript Obfuscator
Example:From Stunnix  Actual code:  Obfuscated code:  function foo( arg1)  function z001c775808(  { z3833986e2c) { var  var myVar1 = "some z0d8bd8ba25= string"; //first comment "x73x6fx6dx65x20x73x 74x72x69x6ex67"; var  var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785- //second comment 0xc04)* (0x1136+6437-  /* here is 0x1c4b); document. write(  a long "x76x61x72x73x20x61  multi-line comment blah */ x72x65x3a"+ z0d8bd8ba25+ "x20"+  document. write( "vars z0ed9bcbcc2+ "x20"+ are:" + myVar1 + " " + z3833986e2c);}; intVar + " " + arg1) ;  };
Step by step examination  The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code  As the obfuscator parses the code, it removes spaces, comments and new line feeds  While doing so, as it encounters user defined names, it replaces them with some random string  It replaces print strings with their hexadecimal values  It replaces integer values with complex equations
 In the sample code that was obfuscated, the following can be observed  User defined variables:  foo replaced with z001c775808  arg1 replaced with z3833986e2c  myvar1 replaced with z0d8bd8ba25  intvar replaced with z0ed9bcbcc2  Integers:  20 replaced with (0x90b+785-0xc04)  3600 replaced with (0x1136+6437-0x1c4b)  Print strings:  “vars are” replaced with x76x61x72x73x20x61x72x65x3a  Space replaced with x20
References  [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/ Obfuscation/index.html  [Stunnix JavaScript Obfuscator] www.stunnix.com  [Shane Ng's GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript- obfuscator.html  [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/

Recommended

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationAmol Kamble
 
Git interview questions | Edureka
Git interview questions | EdurekaGit interview questions | Edureka
Git interview questions | EdurekaEdureka!
 
Code obfuscation theory and practices
Code obfuscation theory and practicesCode obfuscation theory and practices
Code obfuscation theory and practicesnlog2n
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
 
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesNext-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesVMware Tanzu
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformAlex Mags
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 

Recommended

Code obfuscation
Code obfuscationCode obfuscation
Code obfuscationAmol Kamble
 
Git interview questions | Edureka
Git interview questions | EdurekaGit interview questions | Edureka
Git interview questions | EdurekaEdureka!
 
Code obfuscation theory and practices
Code obfuscation theory and practicesCode obfuscation theory and practices
Code obfuscation theory and practicesnlog2n
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
 
Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesNext-Generation Cloud Native Apps with Spring Cloud and Kubernetes
Next-Generation Cloud Native Apps with Spring Cloud and KubernetesVMware Tanzu
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformAlex Mags
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
Typescript ppt
Typescript pptTypescript ppt
Typescript pptakhilsreyas
 
Zuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformZuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformMikey Cohen - Hiring Amazing Engineers
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Angular vs. React
Angular vs. ReactAngular vs. React
Angular vs. ReactOPITZ CONSULTING Deutschland
 
Java Logging
Java LoggingJava Logging
Java LoggingZeeshan Bilal
 
Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#Siddharth Bezalwar
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
Real Life Clean Architecture
Real Life Clean ArchitectureReal Life Clean Architecture
Real Life Clean ArchitectureMattia Battiston
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootPurbarun Chakrabarti
 
Testing with JUnit 5 and Spring
Testing with JUnit 5 and SpringTesting with JUnit 5 and Spring
Testing with JUnit 5 and SpringVMware Tanzu
 
Testing Spring Applications
Testing Spring ApplicationsTesting Spring Applications
Testing Spring ApplicationsMuhammad Abdullah
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudVMware Tanzu
 
Modern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga KundzichModern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga KundzichVMware Tanzu
 
An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
 
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...Chris Richardson
 
Jenkins
JenkinsJenkins
JenkinsLhouceine OUHAMZA
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST APIAniruddh Bhilvare
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot MicroservicesNexThoughts Technologies
 
Documenting Bugs in Doxygen
Documenting Bugs in DoxygenDocumenting Bugs in Doxygen
Documenting Bugs in DoxygenPVS-Studio
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerAndrey Karpov
 

More Related Content

What's hot

Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactAraf Karsh Hamid
 
Real Life Clean Architecture
Real Life Clean ArchitectureReal Life Clean Architecture
Real Life Clean ArchitectureMattia Battiston
 
Testing with JUnit 5 and Spring
Testing with JUnit 5 and SpringTesting with JUnit 5 and Spring
Testing with JUnit 5 and SpringVMware Tanzu
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudVMware Tanzu
 
Modern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga KundzichModern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga KundzichVMware Tanzu
 
An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...Claudio Capobianco
 
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...Chris Richardson
 

What's hot (20)

Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | Edureka
 
Typescript ppt
Typescript pptTypescript ppt
Typescript ppt
 
Zuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformZuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne Platform
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Angular vs. React
Angular vs. ReactAngular vs. React
Angular vs. React
 
Java Logging
Java LoggingJava Logging
Java Logging
 
Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito PactMicroservices Testing Strategies JUnit Cucumber Mockito Pact
Microservices Testing Strategies JUnit Cucumber Mockito Pact
 
Real Life Clean Architecture
Real Life Clean ArchitectureReal Life Clean Architecture
Real Life Clean Architecture
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Testing with JUnit 5 and Spring
Testing with JUnit 5 and SpringTesting with JUnit 5 and Spring
Testing with JUnit 5 and Spring
 
Testing Spring Applications
Testing Spring ApplicationsTesting Spring Applications
Testing Spring Applications
 
The Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring CloudThe Beginner’s Guide To Spring Cloud
The Beginner’s Guide To Spring Cloud
 
Modern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga KundzichModern DevOps with Spinnaker - Olga Kundzich
Modern DevOps with Spinnaker - Olga Kundzich
 
An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...An introduction to Rust: the modern programming language to develop safe and ...
An introduction to Rust: the modern programming language to develop safe and ...
 
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
Oracle CodeOne 2019: Descending the Testing Pyramid: Effective Testing Strate...
 
Jenkins
JenkinsJenkins
Jenkins
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
 

Similar to Code obfuscation

Documenting Bugs in Doxygen
Documenting Bugs in DoxygenDocumenting Bugs in Doxygen
Documenting Bugs in DoxygenPVS-Studio
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerAndrey Karpov
 
05 -working_with_the_preproce
05 -working_with_the_preproce05 -working_with_the_preproce
05 -working_with_the_preproceHector Garzo
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects Andrey Karpov
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...David Beazley (Dabeaz LLC)
 
Brief analysis of Media Portal 2 bugs
Brief analysis of Media Portal 2 bugsBrief analysis of Media Portal 2 bugs
Brief analysis of Media Portal 2 bugsPVS-Studio
 
Analyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioAnalyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioPVS-Studio
 
Checking the Source Code of FlashDevelop with PVS-Studio
Checking the Source Code of FlashDevelop with PVS-StudioChecking the Source Code of FlashDevelop with PVS-Studio
Checking the Source Code of FlashDevelop with PVS-StudioPVS-Studio
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindAndreas Czakaj
 
Android RenderScript on LLVM
Android RenderScript on LLVMAndroid RenderScript on LLVM
Android RenderScript on LLVMJohn Lee
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Andrey Karpov
 
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...Alessandro Confetti
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingnong_dan
 
Grow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackGrow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackKeitaSugiyama1
 
Code Difference Visualization by a Call Tree
Code Difference Visualization by a Call TreeCode Difference Visualization by a Call Tree
Code Difference Visualization by a Call TreeKamiya Toshihiro
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 

Similar to Code obfuscation (20)

Documenting Bugs in Doxygen
Documenting Bugs in DoxygenDocumenting Bugs in Doxygen
Documenting Bugs in Doxygen
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
05 -working_with_the_preproce
05 -working_with_the_preproce05 -working_with_the_preproce
05 -working_with_the_preproce
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
 
Brief analysis of Media Portal 2 bugs
Brief analysis of Media Portal 2 bugsBrief analysis of Media Portal 2 bugs
Brief analysis of Media Portal 2 bugs
 
Analyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-StudioAnalyzing the Blender project with PVS-Studio
Analyzing the Blender project with PVS-Studio
 
Checking the Source Code of FlashDevelop with PVS-Studio
Checking the Source Code of FlashDevelop with PVS-StudioChecking the Source Code of FlashDevelop with PVS-Studio
Checking the Source Code of FlashDevelop with PVS-Studio
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
AntiRE en Masse
AntiRE en MasseAntiRE en Masse
AntiRE en Masse
 
Android RenderScript on LLVM
Android RenderScript on LLVMAndroid RenderScript on LLVM
Android RenderScript on LLVM
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
 
Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...Consequences of using the Copy-Paste method in C++ programming and how to dea...
Consequences of using the Copy-Paste method in C++ programming and how to dea...
 
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...
XConf 2022 - Code As Data: How data insights on legacy codebases can fill the...
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
Binary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programmingBinary code obfuscation through c++ template meta programming
Binary code obfuscation through c++ template meta programming
 
Grow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackGrow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM Stack
 
Code Difference Visualization by a Call Tree
Code Difference Visualization by a Call TreeCode Difference Visualization by a Call Tree
Code Difference Visualization by a Call Tree
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 

Code obfuscation

  • 1. Code Obfuscation Tool for Software Protection
  • 2. Outline  Why Code Obfuscation  Features of a code obfuscator  Potency  Resilience  Cost  Classification of Obfuscating Transformations
  • 3. Why use Code Obfuscation Techniques  Mainly to defend against Software Reverse Engineering  We can only make it more difficult for reverse engineers  Available obfuscating tools work in the same way as compiler optimizers  Reduce required space and time for compilation
  • 4.  The level of security that an Obfuscator adds depends on:  The transformations used  The power of available deobfuscators  The amount of resources available to deobfuscators
  • 5. Main features of a Code Obfuscator  Potency: is the level up to which a human reader would be confused by the new code  Resilience: is how well the obfuscated code resists attacks by deobfuscation tools  Cost: is how much load is added to the application
  • 6. Code Obfuscation  Reverse P1 Reverse Engineer engineering P1, P2, .., Pn exatracts piece of Pn program  Obfuscation makes reverse engineering difficult Obfuscation Reverse Engineering fails P1, P2, .., Pn Q1, Q2, .., Qm Transformations
  • 8. Obfuscation methods  Mainly based on target information that we want to modify/obfuscate
  • 9. Obfuscation Methods  Lexical transformations  Modify variable names  Control transformations  Change program flow while preserving semantics  Data transformations  Modify data structures  Anti-disassembly  Anti-debugging
  • 10. Kinds of obfuscation for each target information
  • 11. Available JavaScript Obfuscators  Most available commercial JavaScript obfuscators work by applying Lexical transformations  Some obfuscators that were considered are:  Stunnix JavaScript Obfuscator  Shane Ng's GPL-licensed obfuscator  Free JavaScript Obfuscator
  • 12. Example:From Stunnix  Actual code:  Obfuscated code:  function foo( arg1)  function z001c775808(  { z3833986e2c) { var  var myVar1 = "some z0d8bd8ba25= string"; //first comment "x73x6fx6dx65x20x73x 74x72x69x6ex67"; var  var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785- //second comment 0xc04)* (0x1136+6437-  /* here is 0x1c4b); document. write(  a long "x76x61x72x73x20x61  multi-line comment blah */ x72x65x3a"+ z0d8bd8ba25+ "x20"+  document. write( "vars z0ed9bcbcc2+ "x20"+ are:" + myVar1 + " " + z3833986e2c);}; intVar + " " + arg1) ;  };
  • 13. Step by step examination  The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code  As the obfuscator parses the code, it removes spaces, comments and new line feeds  While doing so, as it encounters user defined names, it replaces them with some random string  It replaces print strings with their hexadecimal values  It replaces integer values with complex equations
  • 14.  In the sample code that was obfuscated, the following can be observed  User defined variables:  foo replaced with z001c775808  arg1 replaced with z3833986e2c  myvar1 replaced with z0d8bd8ba25  intvar replaced with z0ed9bcbcc2  Integers:  20 replaced with (0x90b+785-0xc04)  3600 replaced with (0x1136+6437-0x1c4b)  Print strings:  “vars are” replaced with x76x61x72x73x20x61x72x65x3a  Space replaced with x20
  • 15. References  [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/ Obfuscation/index.html  [Stunnix JavaScript Obfuscator] www.stunnix.com  [Shane Ng's GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript- obfuscator.html  [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/