Code Obfuscation

Its limits in today Software & Hardware

By Shahid Razzaq
 What is this Obfuscation?
Literal Meaning of Obfuscation:
 The word ‘obfuscation' refers to the concept of
concealing the meaning of communication by making
it more confusing and harder to interpret.
Code Obfuscation:
 Code obfuscation is the generation or alteration of
source code and/or object code in such a way that it
is easy for the computer to comprehend but
considerably difficult to reverse engineer.
 Reverse Engineering Code
Normal Engineering:
Dude writes code -> Dude compiles ->
Dude parties with the binary

Reverse Engineering:
Evil dude gets the binary -> Uses powerful
tools (e.g IDA Pro) to gain knowledge about
program -> Gets to know code structure, control
flow, and valuable assets, keys, alrogithms, PI

IDA Pro: How much can it do?

 How can Obfuscation Help
Types of Obfuscation:
 Code Structure Obfuscation
 Data Obfuscation
 Control Obfuscation
 Preventive Obfuscation

Effects of Obfuscation on Code:

 Code logic doesn’t change
 Decreases footprint of code
 Decreases performance (w.r.t time)
 Harder for developers during product cycle & possibly
support
 Obfuscation in Action
Widely used in Intermediate Compiled
Languages .Net, Java
 Dotfuscator (.Net, Microsoft Visual Studio)
 ProGuard (Java, free)

Factor that prevent use of Obfuscation

 Cost of Obfuscation
 Execution time of code
 High Program complexity
 Limits to Obfuscation
No obfuscation enough against extremely dedicated
hackers
Prevents against easy reverse engineering using tools

How can Software Help:

 Built-in support in OS
 Public APIs

Hardware Assisted Obfuscation:

 Use of hardware for decryption
 How are decryption keys transferred?
 Obfuscation in Future
Interesting Scenario: ‘Brain’ obfuscation
 Processor detached from memory
 Non conventional use of processor registers
 Memory kept relatively in-accessable,
encrypted
 Obfuscation in design, like a real brain.
Example?
 What does this do?
#include <stdio.h>

main(t,_,a)char *a;{return!0<t?t<3?main(-79,-13,a+main(-87,1-_,main(-
86,0,a+1)+a)):1,t<_?main(t+1,_,a):3,main(-94,-27+t,a)&&t==2?
_<13?main(2,_+1,"%s %d %d\n"):9:16:t<0?t<-72?
main(_,t,"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,
+,/n{n+,/+#n+,/#\;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l \
q#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw'
i;# \){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw' \
iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c
\;;{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n'
')# \}'+}##(!!/"):t<-50?_==*a?putchar(31[a]):main(-
65,_,a+1):main((*a=='/')+t,_,a+1) :0<t?main(2,2,"%s"):*a=='/'||
main(0,main(-61,*a,"!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-
O;m .vpbks,fxntdCeghiry"),a+1);}
Q&A