Code Obfuscation by 24oH4qfQ

VIEWS: 5 PAGES: 15

									Code Obfuscation


  Tool for Software Protection
Outline
 Why Code Obfuscation
 Features of a code obfuscator
   Potency
   Resilience
   Cost
 Classification of Obfuscating
  Transformations
Why use Code Obfuscation
Techniques
 Mainly to defend against Software
  Reverse Engineering
 We can only make it more difficult for
  reverse engineers
 Available obfuscating tools work in
  the same way as compiler optimizers
 Reduce required space and time for
  compilation
 The level of security that an
  Obfuscator adds depends on:
   The transformations used
   The power of available deobfuscators
   The amount of resources available to
    deobfuscators
Main features of a Code Obfuscator
 Potency: is the level up to which a
  human reader would be confused by
  the new code
 Resilience: is how well the obfuscated
  code resists attacks by deobfuscation
  tools
 Cost: is how much load is added to
  the application
Code Obfuscation
 Reverse                                                                       P1
                                                            Reverse Engineer
  engineering                           P1, P2, .., Pn
  exatracts piece of
                                                                                Pn
  program
 Obfuscation makes
  reverse
  engineering
  difficult
                     Obfuscation                         Reverse Engineering fails
  P1, P2, .., Pn                     Q1, Q2, .., Qm
                   Transformations
 Protection through Obfuscation




http://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html
Obfuscation methods




 Mainly based on target information that we
  want to modify/obfuscate
Obfuscation Methods
 Lexical transformations
   Modify variable names
 Control transformations
   Change program flow while preserving
    semantics
 Data transformations
   Modify data structures
 Anti-disassembly
 Anti-debugging
Kinds of obfuscation for each target
information
Available JavaScript Obfuscators
 Most available commercial JavaScript
  obfuscators work by applying Lexical
  transformations
 Some obfuscators that were
  considered are:
   Stunnix JavaScript Obfuscator
   Shane Ng's GPL-licensed obfuscator
   Free JavaScript Obfuscator
Example:From Stunnix
   Actual code:                    Obfuscated code:
   function foo( arg1)             function z001c775808(
   {                                z3833986e2c) { var
     var myVar1 = "some             z0d8bd8ba25=
    string"; //first comment         "\x73\x6f\x6d\x65\x20\x73\x
                                     74\x72\x69\x6e\x67"; var
     var intVar = 24 * 3600;        z0ed9bcbcc2= (0x90b+785-
    //second comment                 0xc04)* (0x1136+6437-
     /* here is                     0x1c4b); document. write(
   a long                           "\x76\x61\x72\x73\x20\x61\
   multi-line comment blah */       x72\x65\x3a"+
                                     z0d8bd8ba25+ "\x20"+
     document. write( "vars         z0ed9bcbcc2+ "\x20"+
    are:" + myVar1 + " " +           z3833986e2c);};
    intVar + " " + arg1) ;
   };
Step by step examination
 The Stunnix obfuscator targets at obfuscating
  only the layout of the JavaScript code
 As the obfuscator parses the code, it removes
  spaces, comments and new line feeds
 While doing so, as it encounters user defined
  names, it replaces them with some random
  string
 It replaces print strings with their hexadecimal
  values
 It replaces integer values with complex
  equations
 In the sample code that was obfuscated, the following
  can be observed
 User defined variables:
   foo replaced with z001c775808
   arg1 replaced with z3833986e2c
   myvar1 replaced with z0d8bd8ba25
   intvar replaced with z0ed9bcbcc2
 Integers:
   20 replaced with (0x90b+785-0xc04)
   3600 replaced with (0x1136+6437-0x1c4b)
 Print strings:
   “vars are” replaced with
      \x76\x61\x72\x73\x20\x61\x72\x65\x3a
   Space replaced with \x20
References
 [Collberg] C. Collberg, “The Obfuscation and
  Software Watermarking homepage”,
  http://www.cs.arizona.edu/collberg/Research/
  Obfuscation/index.html
 [Stunnix JavaScript Obfuscator]
  www.stunnix.com
 [Shane Ng's GPL-licensed obfuscator]
  http://daven.se/usefulstuff/javascript-
  obfuscator.html
 [Free JavaScript Obfuscator]
  http://www.javascriptobfuscator.com/

								
To top