1 / 12

Code Obfuscation

Code Obfuscation. Its limits in today Software & Hardware By Shahid Razzaq. What is this Obfuscation?. Literal Meaning of Obfuscation: The word ‘obfuscation' refers to the concept of concealing the meaning of communication by making it more confusing and harder to interpret.

ronli
Download Presentation

Code Obfuscation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Code Obfuscation Its limits in today Software & Hardware By Shahid Razzaq

  2. What is this Obfuscation? • Literal Meaning of Obfuscation: • The word ‘obfuscation' refers to the concept of concealing the meaning of communication by making it more confusing and harder to interpret. • Code Obfuscation: • Code obfuscation is the generation or alteration of source code and/or object code in such a way that it is easy for the computer to comprehend but considerably difficult to reverse engineer.

  3. Reverse Engineering Code • Normal Engineering: Dude writes code -> Dude compiles -> Dude parties with the binary • Reverse Engineering:Evil dude gets the binary -> Uses powerful tools (e.g IDA Pro) to gain knowledge about program -> Gets to know code structure, control flow, and valuable assets, keys, alrogithms, PI • IDA Pro: How much can it do?

  4. How can Obfuscation Help • Types of Obfuscation: • Code Structure Obfuscation • Data Obfuscation • Control Obfuscation • Preventive Obfuscation • Effects of Obfuscation on Code: • Code logic doesn’t change • Decreases footprint of code • Decreases performance (w.r.t time) • Harder for developers during product cycle & possibly support

  5. Obfuscation in Action • Widely used in Intermediate Compiled Languages .Net, Java • Dotfuscator (.Net, Microsoft Visual Studio) • ProGuard (Java, free) • Factor that prevent use of Obfuscation • Cost of Obfuscation • Execution time of code • High Program complexity

  6. Limits to Obfuscation • No obfuscation enough against extremely dedicated hackers • Prevents against easy reverse engineering using tools • How can Software Help: • Built-in support in OS • Public APIs • Hardware Assisted Obfuscation: • Use of hardware for decryption • How are decryption keys transferred?

  7. Obfuscation in Future • Interesting Scenario: ‘Brain’ obfuscation • Processor detached from memory • Non conventional use of processor registers • Memory kept relatively in-accessable, encrypted • Obfuscation in design, like a real brain. Example?

  8. What does this do? #include <stdio.h> main(t,_,a)char *a;{return!0<t?t<3?main(-79,-13,a+main(-87,1-_,main(-86,0,a+1)+a)):1,t<_?main(t+1,_,a):3,main(-94,-27+t,a)&&t==2?_<13?main(2,_+1,"%s %d %d\n"):9:16:t<0?t<-72?main(_,t,"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#\;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l \q#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# \){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw' \iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c \;;{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n' ')# \}'+}##(!!/"):t<-50?_==*a?putchar(31[a]):main(-65,_,a+1):main((*a=='/')+t,_,a+1) :0<t?main(2,2,"%s"):*a=='/'||main(0,main(-61,*a,"!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry"),a+1);}

  9. Q & A

More Related