Code Obfuscation - PowerPoint PPT Presentation

About This Presentation
Title:

Code Obfuscation

Description:

Available obfuscating tools work in the same way as compiler optimizers ... Mainly based on target information that we want to modify/obfuscate ... Obfuscated code: ... – PowerPoint PPT presentation

Number of Views:982
Avg rating:3.0/5.0
Slides: 16
Provided by: rag41
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Code Obfuscation


1
Code Obfuscation
  • Tool for Software Protection

2
Outline
  • Why Code Obfuscation
  • Features of a code obfuscator
  • Potency
  • Resilience
  • Cost
  • Classification of Obfuscating Transformations

3
Why use Code Obfuscation Techniques
  • Mainly to defend against Software Reverse
    Engineering
  • We can only make it more difficult for reverse
    engineers
  • Available obfuscating tools work in the same way
    as compiler optimizers
  • Reduce required space and time for compilation

4
  • The level of security that an Obfuscator adds
    depends on
  • The transformations used
  • The power of available deobfuscators
  • The amount of resources available to deobfuscators

5
Main features of a Code Obfuscator
  • Potency is the level up to which a human reader
    would be confused by the new code
  • Resilience is how well the obfuscated code
    resists attacks by deobfuscation tools
  • Cost is how much load is added to the application

6
Code Obfuscation
  • Reverse engineering exatracts piece of program
  • Obfuscation makes reverse engineering difficult

7
Protection through Obfuscation
http//www.cs.arizona.edu/collberg/Research/Obfus
cation/Resources.html
8
Obfuscation methods
  • Mainly based on target information that we want
    to modify/obfuscate

9
Kinds of Obfuscating Transformations

Obfuscation Methods
  • Lexical transformations
  • Modify variable names
  • Control transformations
  • Change program flow while preserving semantics
  • Data transformations
  • Modify data structures
  • Anti-disassembly
  • Anti-debugging

10
Kinds of obfuscation for each target information
11
Available JavaScript Obfuscators
  • Most available commercial JavaScript obfuscators
    work by applying Lexical transformations
  • Some obfuscators that were considered are
  • Stunnix JavaScript Obfuscator
  • Shane Ng's GPL-licensed obfuscator
  • Free JavaScript Obfuscator

12
ExampleFrom Stunnix
  • Actual code
  • function foo( arg1)
  • var myVar1 "some string" //first comment
  • var intVar 24 3600 //second comment
  • / here is
  • a long
  • multi-line comment blah /
  • document. write( "vars are" myVar1 " "
    intVar " " arg1)
  • Obfuscated code
  • function z001c775808( z3833986e2c) var
    z0d8bd8ba25 "\x73\x6f\x6d\x65\x20\x73\x74\x72\x69
    \x6e\x67" var z0ed9bcbcc2 (0x90b785-0xc04)
    (0x11366437-0x1c4b) document. write(
    "\x76\x61\x72\x73\x20\x61\x72\x65\x3a"
    z0d8bd8ba25 "\x20" z0ed9bcbcc2 "\x20"
    z3833986e2c)

13
Step by step examination
  • The Stunnix obfuscator targets at obfuscating
    only the layout of the JavaScript code
  • As the obfuscator parses the code, it removes
    spaces, comments and new line feeds
  • While doing so, as it encounters user defined
    names, it replaces them with some random string
  • It replaces print strings with their hexadecimal
    values
  • It replaces integer values with complex equations

14
  • In the sample code that was obfuscated, the
    following can be observed
  • User defined variables
  • foo replaced with z001c775808
  • arg1 replaced with z3833986e2c
  • myvar1 replaced with z0d8bd8ba25
  • intvar replaced with z0ed9bcbcc2
  • Integers
  • 20 replaced with (0x90b785-0xc04)
  • 3600 replaced with (0x11366437-0x1c4b)
  • Print strings
  • vars are replaced with \x76\x61\x72\x73\x20\x61\
    x72\x65\x3a
  • Space replaced with \x20

15
References
  • Collberg C. Collberg, The Obfuscation and
    Software Watermarking homepage,
    http//www.cs.arizona.edu/collberg/Research/Obfusc
    ation/index.html
  • Stunnix JavaScript Obfuscator www.stunnix.com
  • Shane Ng's GPL-licensed obfuscator
    http//daven.se/usefulstuff/javascript-obfuscator.
    html
  • Free JavaScript Obfuscator http//www.javascript
    obfuscator.com/
Write a Comment
User Comments (0)
About PowerShow.com