Code obfuscation

1,221 views

Published on

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,221
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
49
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Code obfuscation

  1. 1. Code Obfuscation Tool for Software Protection
  2. 2. Outline Why Code Obfuscation Features of a code obfuscator  Potency  Resilience  Cost Classification of Obfuscating Transformations
  3. 3. Why use Code ObfuscationTechniques Mainly to defend against Software Reverse Engineering We can only make it more difficult for reverse engineers Available obfuscating tools work in the same way as compiler optimizers Reduce required space and time for compilation
  4. 4.  The level of security that an Obfuscator adds depends on:  The transformations used  The power of available deobfuscators  The amount of resources available to deobfuscators
  5. 5. Main features of a Code Obfuscator Potency: is the level up to which a human reader would be confused by the new code Resilience: is how well the obfuscated code resists attacks by deobfuscation tools Cost: is how much load is added to the application
  6. 6. Code Obfuscation Reverse P1 Reverse Engineer engineering P1, P2, .., Pn exatracts piece of Pn program Obfuscation makes reverse engineering difficult Obfuscation Reverse Engineering fails P1, P2, .., Pn Q1, Q2, .., Qm Transformations
  7. 7. Protection through Obfuscationhttp://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html
  8. 8. Obfuscation methods Mainly based on target information that we want to modify/obfuscate
  9. 9. Obfuscation Methods Lexical transformations  Modify variable names Control transformations  Change program flow while preserving semantics Data transformations  Modify data structures Anti-disassembly Anti-debugging
  10. 10. Kinds of obfuscation for each targetinformation
  11. 11. Available JavaScript Obfuscators Most available commercial JavaScript obfuscators work by applying Lexical transformations Some obfuscators that were considered are:  Stunnix JavaScript Obfuscator  Shane Ngs GPL-licensed obfuscator  Free JavaScript Obfuscator
  12. 12. Example:From Stunnix Actual code:  Obfuscated code: function foo( arg1)  function z001c775808( { z3833986e2c) { var var myVar1 = "some z0d8bd8ba25= string"; //first comment "x73x6fx6dx65x20x73x 74x72x69x6ex67"; var var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785- //second comment 0xc04)* (0x1136+6437- /* here is 0x1c4b); document. write( a long "x76x61x72x73x20x61 multi-line comment blah */ x72x65x3a"+ z0d8bd8ba25+ "x20"+ document. write( "vars z0ed9bcbcc2+ "x20"+ are:" + myVar1 + " " + z3833986e2c);}; intVar + " " + arg1) ; };
  13. 13. Step by step examination The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code As the obfuscator parses the code, it removes spaces, comments and new line feeds While doing so, as it encounters user defined names, it replaces them with some random string It replaces print strings with their hexadecimal values It replaces integer values with complex equations
  14. 14.  In the sample code that was obfuscated, the following can be observed User defined variables:  foo replaced with z001c775808  arg1 replaced with z3833986e2c  myvar1 replaced with z0d8bd8ba25  intvar replaced with z0ed9bcbcc2 Integers:  20 replaced with (0x90b+785-0xc04)  3600 replaced with (0x1136+6437-0x1c4b) Print strings:  “vars are” replaced with x76x61x72x73x20x61x72x65x3a  Space replaced with x20
  15. 15. References [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/ Obfuscation/index.html [Stunnix JavaScript Obfuscator] www.stunnix.com [Shane Ngs GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript- obfuscator.html [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/

×