Obfuscation techniques in Java

							Obfuscation techniques
       in Java

     Therese Berge
     Jonas Ringedal
              Presentation
•   Goal of the project
•   Background
•   Obfuscation techniques
•   Tests
•   Evaluation and results
         Goal of the project
• Gain knowledge about different
  obfuscation techniques
• Find the best technique for us
  – Testing existing programs
  – Evaluating the techniques
                  Background
• Java increased the threat of reverse engineering
  – High-level bytecode
  – Platform independent
     • Portable
     • Anyone can have access to the bytecode
• Reverse engineering
  – Analyse system to create higher level representation
  – Recreate Java source code
        Obfuscation techniques
•   Layout Obfuscation
•   Data Obfuscation
•   Control Obfuscation
•   Preventative Transformations
        Layout Obfuscation
• Changing variables
• Removing comments
• Both methods:
  – Free of cost
  – One way functions
          Data Obfuscation
• Encoding
          for(int i = 0; i < 100; i++ ){}
          f(i) = 2*i+5
          for(int i = 5; i < 205; i =i+2){}
• Split array
• Change ordering
  – Variable declaration spread out
           Control Obfuscation
• Hide information flow
  – Dead code




  – Parallelize Code
 Preventative Transformations
• Crash deobfuscators
  – Use known weaknesses


                 Stealth
• Hide obfuscation
                 Tests
• Obfuscator: JShrink
• Decompiler: JAD
• Test code: Password.java

             Test results
• JShrink
• JAD from .class
• JAD from obfuscated code
      Evaluation and results
• Obfuscators major tools for protecting
  Java programs from reverse engineering
• Hard to find free programs
• Layout Obfuscation not enough
• Best: Combination of manually changed
  code, stealth and obfuscators.

• Goal achieved