1 / 15

Code Obfuscation

Code Obfuscation. Tool for Software Protection. Outline. Why Code Obfuscation Features of a code obfuscator Potency Resilience Cost Classification of Obfuscating Transformations. Why use Code Obfuscation Techniques. Mainly to defend against Software Reverse Engineering

maurilio
Download Presentation

Code Obfuscation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Code Obfuscation Tool for Software Protection

  2. Outline • Why Code Obfuscation • Features of a code obfuscator • Potency • Resilience • Cost • Classification of Obfuscating Transformations

  3. Why use Code Obfuscation Techniques • Mainly to defend against Software Reverse Engineering • We can only make it more difficult for reverse engineers • Available obfuscating tools work in the same way as compiler optimizers • Reduce required space and time for compilation

  4. The level of security that an Obfuscator adds depends on: • The transformations used • The power of available deobfuscators • The amount of resources available to deobfuscators

  5. Main features of a Code Obfuscator • Potency: is the level up to which a human reader would be confused by the new code • Resilience: is how well the obfuscated code resists attacks by deobfuscation tools • Cost: is how much load is added to the application

  6. P1 P1, P2, .., Pn Reverse Engineer Pn P1, P2, .., Pn Obfuscation Q1, Q2, .., Qm Reverse Engineering fails Transformations Code Obfuscation • Reverse engineering exatracts piece of program • Obfuscation makes reverse engineering difficult

  7. Protection through Obfuscation http://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html

  8. Obfuscation methods • Mainly based on target information that we want to modify/obfuscate

  9. Kinds of Obfuscating TransformationsObfuscation Methods • Lexical transformations • Modify variable names • Control transformations • Change program flow while preserving semantics • Data transformations • Modify data structures • Anti-disassembly • Anti-debugging

  10. Kinds of obfuscation for each target information

  11. Available JavaScript Obfuscators • Most available commercial JavaScript obfuscators work by applying Lexical transformations • Some obfuscators that were considered are: • Stunnix JavaScript Obfuscator • Shane Ng's GPL-licensed obfuscator • Free JavaScript Obfuscator

  12. Actual code: function foo( arg1) { var myVar1 = "some string"; //first comment var intVar = 24 * 3600; //second comment /* here is a long multi-line comment blah */ document. write( "vars are:" + myVar1 + " " + intVar + " " + arg1) ; } ; Obfuscated code: function z001c775808( z3833986e2c) { var z0d8bd8ba25= "\x73\x6f\x6d\x65\x20\x73\x74\x72\x69\x6e\x67"; var z0ed9bcbcc2= (0x90b+785-0xc04)* (0x1136+6437-0x1c4b); document. write( "\x76\x61\x72\x73\x20\x61\x72\x65\x3a"+ z0d8bd8ba25+ "\x20"+ z0ed9bcbcc2+ "\x20"+ z3833986e2c);}; Example:From Stunnix

  13. Step by step examination • The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code • As the obfuscator parses the code, it removes spaces, comments and new line feeds • While doing so, as it encounters user defined names, it replaces them with some random string • It replaces print strings with their hexadecimal values • It replaces integer values with complex equations

  14. In the sample code that was obfuscated, the following can be observed • User defined variables: • foo replaced with z001c775808 • arg1 replaced with z3833986e2c • myvar1 replaced with z0d8bd8ba25 • intvar replaced with z0ed9bcbcc2 • Integers: • 20 replaced with (0x90b+785-0xc04) • 3600 replaced with (0x1136+6437-0x1c4b) • Print strings: • “vars are” replaced with \x76\x61\x72\x73\x20\x61\x72\x65\x3a • Space replaced with \x20

  15. References • [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/Obfuscation/index.html • [Stunnix JavaScript Obfuscator] www.stunnix.com • [Shane Ng's GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript-obfuscator.html • [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/

More Related