Code Obfuscation

Amol Kamble

Why We Need Code Security?

How Decompilationworks?

“ Code obfuscation is the practice of making code unintelligible , or at the very least, hard to understand ”

“General code obfuscation techniques aim to confuse the understanding of the way in which program functions.”

Who use the Code Obfuscation?

code obfuscation is used to protect intellectual property by software companies.

it is also used extensively by authors of malicious code to avoid detection from virus scanner.

Obfuscation Quality Potency

Resilience

Stealth

Cost

General Methods for Obfuscation

Obfuscating control transformations

Aggregation transformation

Control ordering transformations

Computation Transformation

Computation Transformation As the number of predicates increase in a body of code,

insertion of dead or irrelevant code into the program becomes easier.

Inserting Opaque Predicate

Computation Transformationobfuscate a loop

Obfuscating data abstractions

Modifying inheritance relations

Restructure Arrays

Obfuscating Procedural Abstractions Inline and Outline Methods Clone Methods

Obfuscating built-in data types Split variables Convert static to procedural data Merge scalar variables

Modifying inheritance relations

The complexity of a program increases with

greater depth of the inheritance tree.

Along these lines, we can artificially increase the complexity of a program

Increasing Depth of Inheritance Introducing Bogus Classes

Merge Scalar Variables

This method of obfuscation involves merging two or more scalar variables into a single variable.

The variables v1, v2 . . . vk can be merged into one variable Vm provided the the combined ranges of v1, v2 . . . vk fit within the precision of Vm.

Converting Static Data to Procedural Data

Split Variables Variables of restricted range can be split up into

two or more variables.

In order to split a variable V of type T into two variables p and q of type U,

1. A function f(p,q) that maps the values of p and q into the corresponding value of V.

2. a function g(V) that maps the value of V into the corresponding values of p and q.

3. new operations cast in terms of operationson p and q.

Inlining and Outlining Methods

Clone Methods

ADD(){

int a=1,b=2,c;c=a+b;

}---------------------------------ADDITION(){

int a=1,b=2,c;c=a+b;

}----------------------------------AddTwoNumber(){

int a=1,b=2,c;c=a+b;

}

Program :{

Add();.. Addition();...AddTowNumber();

}

Control-flow Transformations

Data-flow Transformations

Code obfuscation by obstructing static analysis of programs

Code Obfuscation in Disassembly Phase

Thwarting disassembly

Junk Insertion

Thwarting Linear Sweep

Thwarting Recursive Traversal Branch functions Call conversion Opaque predicates Jump Table Spoofing

Code Obfuscation in Disassembly Phase

Code Obfuscation as it Relates to Viruses

Code Obfuscation as it Relates to Viruses

Virus Types Polymorphic Metamorphic

Obfuscation Techniques Dead Code Insertion Code Transposition Register Reassignment Instruction Substitution Comparisons

Another Angle

Conclusion

No obfuscation has yet been found that can completely resist reverse engineering.

Code obfuscation increases the code decreases performance, and can hinder certain compiler optimizations.

when used sparingly, and combined appropriately, can add a layer of protection against theft and insertion of malicious code

Conclusion

How much Attention should be given to Software Protection?

Software Users

Group 1True ClientWho buy

software license.

Group 2

Client ,Programmers.

Group 3

Professional Hackers.

Thank you!!!