```Security by Obscurity:
Code Obfuscation
10/4/2015
Kai-fan Lee
1
Introduction

Current state of protecting intellectual
property
–
–
–
–
Legal protection
Server side execution
Code encryption
Code obfuscation

10/4/2015
a transformation that transforms P to P`, such that P`
preserves the same observable behavior as P, but
much more difficult to analyze
2
Goals of Obfuscation

Collberg’s 4 criteria
– Potency: adds obscurity to confuse human
– Stealth: transformation should not look obvious

ie: isPrime(375823463…71)
– Resilience: hard to remove by automatic
method
10/4/2015
3
Classification Of Obfuscation


Layout Transformation
Preventive Transformation
– ie: Mocha (decompiler) vs. HoseMocha (obfuscator)

Data Transformation
–
–
–
–

Storage: ex: convert static data to procedure
Encoding: ex: redefine data value
Aggregation
Ordering
Control Transformation
–
–
–
10/4/2015
Aggregation: ex: inline & outline
Ordering: spaghetti code
Computation: ex: loop transform, dead code insertion
4
Opaque Construct

Dead code insertion is most often used, and easiest to implement
 Ex: PT (5>1):predicate always evaluated to be true, PF (1>5):predicate always
evaluated to be false
If (5>1)T {
S;
} else {
Sbug;
}
If (1>5)F {
Sbug;
}
S;
While (E and (5>1)T) {
S;
}

Problem: dead code can be easily removed
 Solution: Opaque construct in point p of a program is the variable V or a
fragment of program P, which has a value that is well known during the time of
obfuscation, but is very hard to determine after obfuscation.
10/4/2015
5
Opaque Construct (Cont.)

Mathematical truth:



10/4/2015
((x+x2) mod 2 = 0)T
((28x2-13x-5) mod 9 = 0)T
Decent resilience, but not
very potent and stealthy

Pointer alias problem:

NP hard to solve

(g != h)T
(f != h)T

6
What goes wrong?

Hard to debug
 May Promote Piracy
10/4/2015
7
Conclusion/Questions?

Will play an important role in the future
because of ANDF
 Microsoft already planned to ship their
visual studio .NET with third party
obfuscator
Thank You!!
10/4/2015
8
```