70 likes | 161 Views
Software Obfuscation from Crackers’ viewpoint. Y, Hiroki; K, Yuichiro; M Akito, N Masahide; M Ken-ichi Proceedings of the IASTED International Conference ADVANCES IN COMPUTER SCIENCE AND TECHNOLOGY January 23-25, 2006, Puerto Vallarta, Mexico. Presented by Justin Nguyen. Summary.
E N D
Software Obfuscation from Crackers’ viewpoint Y, Hiroki; K, Yuichiro; M Akito, N Masahide; M Ken-ichi Proceedings of the IASTED International Conference ADVANCES IN COMPUTER SCIENCE AND TECHNOLOGY January 23-25, 2006, Puerto Vallarta, Mexico Presented by Justin Nguyen
Summary • “Software obfuscation has become an essential means to hide secrets involved in today’s software system.” • Code obfuscation transforms a program unintelligently to a more complex and difficult to understand yet still functionally equivalent to the original program. • In this paper, the authors look at the problem from cracker’s viewpoint and from there, they discuss techniques for eliminating clues that crackers may find using cracking tools.
Appreciative Comments • The authors have explained very well that how easy a cracker can find clues just by associating the algorithm and the codes. For example: “The result of addition X (32-bit) is divided into four 8-bit blocks x1,…,x4. “ x1 = (X>>24) & 0xff x2 = (X>>16) & 0xff x3 = (X>>8) & 0xff x4 = X & 0xff
Appreciative Comments (cont) • There is a good and clear guideline to explain how to apply obfuscation.
Critical Comments • The article is not completely self-contained. For example: while explaining how the algorithm works, they used a function called “Key Schedule” without explaining how this function works. • There is very little discussion about how we can hide the obfuscation itself.
Question Very often encrypted algorithms contain loops that iterate through and execute a piece of code. This piece of code is usually executed most frequently. Using a tool such as AddTracer or Profiler, a cracker can locate the most frequently executed code. Locating this piece of code, he can easily find out the key that is used to encrypt data. So what you think is the best way to avoid this?