Security by Obscurity: Code ObfuscationIntroductionGoals of ObfuscationClassification Of ObfuscationOpaque ConstructOpaque Construct (Cont.)What goes wrong?Conclusion/Questions?01/14/19 1Security by Obscurity: Security by Obscurity: Code ObfuscationCode ObfuscationKai-fan Lee01/14/19 2IntroductionIntroductionCurrent state of protecting intellectual property–Legal protection–Server side execution–Code encryption–Code obfuscationa transformation that transforms P to P`, such that P` preserves the same observable behavior as P, but much more difficult to analyze01/14/19 3Goals of ObfuscationGoals of ObfuscationCollberg’s 4 criteria–Potency: adds obscurity to confuse human reader–Stealth: transformation should not look obviousie: isPrime(375823463…71)–Resilience: hard to remove by automatic method–Cost: should not add too much overhead01/14/19 4Classification Of ObfuscationClassification Of ObfuscationLayout TransformationPreventive Transformation–ie: Mocha (decompiler) vs. HoseMocha (obfuscator)Data Transformation–Storage: ex: convert static data to procedure–Encoding: ex: redefine data value–Aggregation–OrderingControl Transformation–Aggregation: ex: inline & outline–Ordering: spaghetti code–Computation: ex: loop transform, dead code insertion01/14/19 5Opaque ConstructOpaque ConstructDead code insertion is most often used, and easiest to implementEx: PT (5>1):predicate always evaluated to be true, PF (1>5):predicate always evaluated to be falseProblem: dead code can be easily removedSolution: Opaque construct in point p of a program is the variable V or a fragment of program P, which has a value that is well known during the time of obfuscation, but is very hard to determine after obfuscation. If (5>1)T {S;} else {Sbug;} If (1>5)F {Sbug;}S; While (E and (5>1)T) {S;}01/14/19 6Opaque Construct (Cont.)Opaque Construct (Cont.)Mathematical truth:((x+x2) mod 2 = 0)T ((28x2-13x-5) mod 9 = 0)T Decent resilience, but not very potent and stealthyPointer alias problem:NP hard to solve(g != h)T(f != h)T01/14/19 7What goes wrong?What goes wrong?Hard to debug May Promote Piracy01/14/19 8Conclusion/Questions?Conclusion/Questions?Will play an important role in the future because of ANDFMicrosoft already planned to ship their visual studio .NET with third party obfuscatorThank
View Full Document