Security by Obscurity: Code Obfuscation

1
Security by Obscurity Code Obfuscation

• Kai-fan Lee

2
Introduction

• Current state of protecting intellectual property
• Legal protection
• Server side execution
• Code encryption
• Code obfuscation
• a transformation that transforms P to P, such
  that P preserves the same observable behavior as
  P, but much more difficult to analyze

3
Goals of Obfuscation

• Collbergs 4 criteria
• Potency adds obscurity to confuse human reader
• Stealth transformation should not look obvious
• ie isPrime(37582346371)
• Resilience hard to remove by automatic method
• Cost should not add too much overhead

4
Classification Of Obfuscation

• Layout Transformation
• Preventive Transformation
• ie Mocha (decompiler) vs. HoseMocha (obfuscator)
• Data Transformation
• Storage ex convert static data to procedure
• Encoding ex redefine data value
• Aggregation
• Ordering
• Control Transformation
• Aggregation ex inline outline
• Ordering spaghetti code
• Computation ex loop transform, dead code
  insertion

5
Opaque Construct

• Dead code insertion is most often used, and
  easiest to implement
• Ex PT (5gt1)predicate always evaluated to be
  true, PF (1gt5)predicate always evaluated to be
  false

If (5gt1)T S else Sbug
If (1gt5)F Sbug S
While (E and (5gt1)T) S

• Problem dead code can be easily removed
• Solution Opaque construct in point p of a
  program is the variable V or a fragment of
  program P, which has a value that is well known
  during the time of obfuscation, but is very hard
  to determine after obfuscation.

6
Opaque Construct (Cont.)

• Mathematical truth
• ((xx2) mod 2 0)T
• ((28x2-13x-5) mod 9 0)T
• Decent resilience, but not very potent and
  stealthy

• Pointer alias problem
• NP hard to solve
• (g ! h)T
• (f ! h)T

7
What goes wrong?

• Hard to debug
• May Promote Piracy

8
Conclusion/Questions?

• Will play an important role in the future because
  of ANDF
• Microsoft already planned to ship their visual
  studio .NET with third party obfuscator
• Thank You!!