code obfuscation
DESCRIPTION
Code ObfuscationTRANSCRIPT
Code Obfuscation
Amol Kamble
Why We Need Code Security?
How Decompilationworks?
“ Code obfuscation is the practice of making code unintelligible , or at the very least, hard to understand ”
“General code obfuscation techniques aim to confuse the understanding of the way in which program functions.”
Who use the Code Obfuscation?
code obfuscation is used to protect intellectual property by software companies.
it is also used extensively by authors of malicious code to avoid detection from virus scanner.
Obfuscation Quality Potency
Resilience
Stealth
Cost
General Methods for Obfuscation
Obfuscating control transformations
Aggregation transformation
Control ordering transformations
Computation Transformation
Computation Transformation As the number of predicates increase in a body of code,
insertion of dead or irrelevant code into the program becomes easier.
Inserting Opaque Predicate
Computation Transformationobfuscate a loop
Obfuscating data abstractions
Modifying inheritance relations
Restructure Arrays
Obfuscating Procedural Abstractions Inline and Outline Methods Clone Methods
Obfuscating built-in data types Split variables Convert static to procedural data Merge scalar variables
Modifying inheritance relations
The complexity of a program increases with
greater depth of the inheritance tree.
Along these lines, we can artificially increase the complexity of a program
Increasing Depth of Inheritance Introducing Bogus Classes
Merge Scalar Variables
This method of obfuscation involves merging two or more scalar variables into a single variable.
The variables v1, v2 . . . vk can be merged into one variable Vm provided the the combined ranges of v1, v2 . . . vk fit within the precision of Vm.
Converting Static Data to Procedural Data
Split Variables Variables of restricted range can be split up into
two or more variables.
In order to split a variable V of type T into two variables p and q of type U,
1. A function f(p,q) that maps the values of p and q into the corresponding value of V.
2. a function g(V) that maps the value of V into the corresponding values of p and q.
3. new operations cast in terms of operationson p and q.
Inlining and Outlining Methods
Clone Methods
ADD(){
int a=1,b=2,c;c=a+b;
}---------------------------------ADDITION(){
int a=1,b=2,c;c=a+b;
}----------------------------------AddTwoNumber(){
int a=1,b=2,c;c=a+b;
}
Program :{
Add();.. Addition();...AddTowNumber();
}
Control-flow Transformations
Data-flow Transformations
Code obfuscation by obstructing static analysis of programs
Code Obfuscation in Disassembly Phase
Thwarting disassembly
Junk Insertion
Thwarting Linear Sweep
Thwarting Recursive Traversal Branch functions Call conversion Opaque predicates Jump Table Spoofing
Code Obfuscation in Disassembly Phase
Code Obfuscation as it Relates to Viruses
Code Obfuscation as it Relates to Viruses
Virus Types Polymorphic Metamorphic
Obfuscation Techniques Dead Code Insertion Code Transposition Register Reassignment Instruction Substitution Comparisons
Another Angle
Conclusion
No obfuscation has yet been found that can completely resist reverse engineering.
Code obfuscation increases the code decreases performance, and can hinder certain compiler optimizations.
when used sparingly, and combined appropriately, can add a layer of protection against theft and insertion of malicious code
Conclusion
How much Attention should be given to Software Protection?
Software Users
Group 1True ClientWho buy
software license.
Group 2
Client ,Programmers.
Group 3
Professional Hackers.
Thank you!!!