HOME

TheInfoList



Click Here for Items Related To - obfuscation (software)
OR:
obfuscation (software) on:   [Wikipedia]   [Google]   [Amazon]

In
software development Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development invol ...
, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like
obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
in
natural language In neuropsychology, linguistics, and philosophy of language, a natural language or ordinary language is any language that has evolved naturally in humans through use and repetition without conscious planning or premeditation. Natural languages ...
, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose ( security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
, or even to create a
puzzle A puzzle is a game, Problem solving, problem, or toy that tests a person's ingenuity or knowledge. In a puzzle, the solver is expected to put pieces together (Disentanglement puzzle, or take them apart) in a logical way, in order to arrive at th ...
or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.


Overview

The architecture and characteristics of some languages may make them easier to obfuscate than others. C, C++, and the Perl programming language are some examples of languages easy to obfuscate. Haskell is also quite obfuscatable despite being quite different in structure. The properties that make a language obfuscatable are not immediately obvious.


Recreational obfuscation

Writing and reading obfuscated source code can be a brain teaser. A number of programming contests reward the most creatively obfuscated code, such as the International Obfuscated C Code Contest and the
Obfuscated Perl Contest The Obfuscated Perl Contest was a competition for programmers of Perl which was held annually between 1996 and 2000. Entrants to the competition aimed to write "devious, inhuman, disgusting, amusing, amazing, and bizarre Perl code". It was run by ...
. Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs. According to Nick Montfort, techniques may include: # naming obfuscation, which includes naming variables in a meaningless or deceptive way; # data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data; # double coding, which can be displaying code in poetry form or interesting shapes. Short obfuscated Perl programs may be used in signatures of Perl programmers. These are JAPHs (" Just another Perl hacker").


Examples

* Some Python examples can be found in th
official Python programming FAQ
and elsewhere. * The ''movfuscator'' C compiler for the x86_32 ISA uses only the ''mov'' instruction in order to obfuscate


Disadvantages of obfuscation

* While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible. * It adds time and complexity to the build process for the developers. * It can make debugging issues after the software has been obfuscated extremely difficult. * Once code becomes abandonware and is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code. * Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.


Decompilers

A decompiler can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as " man-in-the-middle". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).


Cryptographic obfuscation

Cryptographers have explored the idea of obfuscating code so that reverse-engineering the code is ''cryptographically'' hard. This is formalized in the many proposals for indistinguishability obfuscation, a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, black-box obfuscation, was shown impossible in 2001 when researchers constructed programs that cannot be obfuscated in this notion.)


Notifying users of obfuscated code

Some anti-virus softwares, such as AVG AntiVirus, will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software. Mozilla and Google disallow browser extensions containing obfuscated code in their add-ons store.


Obfuscating software

A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and open-source software. Deobfuscation tools also exist that attempt to perform the reverse transformation. Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.


Obfuscation and copyleft licenses

There has been debate on whether it is illegal to skirt copyleft software licenses by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the GNU General Public License by requiring the "preferred form for making modifications" to be made available. The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."


See also

*
AARD code The AARD code was a segment of code in a beta release of Microsoft Windows 3.1 that would determine whether Windows was running on MS-DOS or PC DOS, rather than a competing workalike such as DR-DOS, and would result in a cryptic error messag ...
* Spaghetti code * Write-only language * Decompilation * Esoteric programming language * Quine * Overlapping instructions * Polymorphic code *
Hardware obfuscation Hardware obfuscation is a technique by which the description or the structure of electronic hardware is modified to intentionally conceal its function (engineering), functionality, which makes it significantly more difficult to reverse-engineer. I ...
*
Underhanded C Contest The Underhanded C Contest is a programming contest to turn out code that is malicious, but passes a rigorous inspection, and looks like an honest mistake even if discovered. The contest rules define a task, and a malicious component. Entries m ...
* Source-to-source compiler * ProGuard (Java Obfuscator) * Dotfuscator (.Net Obfuscator) *
Digital rights management Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) such as access control technologies can restrict the use of proprietary hardware and copyrighted works. ...
* Indistinguishability obfuscation *
Source code beautification Pretty-printing (or prettyprinting) is the application of any of various stylistic formatting conventions to text files, such as source code, markup, and similar kinds of content. These formatting conventions may entail adhering to an indentatio ...


Notes


References

* Seyyedhamzeh, Javad
ABCME: A Novel Metamorphic Engine
17th National Computer Conference, Sharif University of Technology, Tehran, Iran, 2012. *B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang
"On the (Im)possibility of Obfuscating Programs"
''21st Annual International Cryptology Conference'', Santa Barbara, California, USA. Springer Verlag LNCS Volume 2139, 2001. *


External links


The International Obfuscated C Code Contest
ACM Crossroads, Spring 1998 issue

* * c2:BlackBoxComputation {{DEFAULTSORT:Obfuscated Code Anti-patterns Articles with example C code Obfuscation Source code Program transformation es:Ofuscación#Informática