Re: Howto obfuscate OBJECT code (and not source code)?

"Michael Tiomkin" <tmk@netvision.net.il>
14 May 2005 19:00:56 -0400

          From comp.compilers

Related articles
Howto obfuscate OBJECT code (and not source code)? matt@mengland.net (Matt) (2005-05-14)
Re: Howto obfuscate OBJECT code (and not source code)? raps72583m@spambob.com (Rapscallion) (2005-05-14)
Re: Howto obfuscate OBJECT code (and not source code)? ivr@grad.com (Ioannis Vranos) (2005-05-14)
Re: Howto obfuscate OBJECT code (and not source code)? tmk@netvision.net.il (Michael Tiomkin) (2005-05-14)
Re: Howto obfuscate OBJECT code (and not source code)? gah@ugcs.caltech.edu (glen herrmannsfeldt) (2005-05-15)
Re: Howto obfuscate OBJECT code (and not source code)? walter@digitalmars.com (Walter) (2005-05-15)
Re: Howto obfuscate OBJECT code (and not source code)? jkherciueh@gmx.net (Kai-Uwe Bux) (2005-05-15)
Re: Howto obfuscate OBJECT code (and not source code)? DrDiettrich@compuserve.de (Hans-Peter Diettrich) (2005-05-15)
Re: Howto obfuscate OBJECT code (and not source code)? tk@ic.unicamp.br (Tomasz Kowaltowski) (2005-05-16)
Re: Howto obfuscate OBJECT code (and not source code)? devnull@eecs.harvard.edu (Christian Lindig) (2005-05-18)
| List of all articles for this month |

From: "Michael Tiomkin" <tmk@netvision.net.il>
Newsgroups: comp.lang.c++,comp.compilers
Date: 14 May 2005 19:00:56 -0400
Organization: http://groups.google.com
References: 05-05-092
Keywords: code
Posted-Date: 14 May 2005 19:00:56 EDT

Matt wrote:
> I have object/machine code in static library (written and compiled
> using C++) that I wish to make difficult to reverse-engineer. ...
>
> I'm looking for something analogous to code obfuscation (sp?) on the
> source-code side, but applied to the object code.
>
> I am told that there may be mechanisms to do this for Java bytecode
> objects to make them difficult to reverse engineer. Might there be
> something similar for general object code (at least for C++
> compilers/linkers)?


> [Decompiling any but the smallest machine code libraries,
> particularly in the absence of debugging symbols, is a great deal of
> work. You can disassemble them easily enough, but figuring out what
> the code does is a slog. Unless your library does something like
> solving the travelling salesman problem in O(n^2) time, I wouldn't
> worry about it. -John]


    Well, you can also make the code hard to disassemble. There are
products for "code compression", and methods for creating executable
binary code that is hard to decode. Look at the book of P. Cerven for
some Win/x86 examples.


    The easiest way of binary obfuscation is using inlined functions,
high level of optimization and stripping the code of debug info, as
John wrote. Recall that without at least -O2 or -O3 the compiled code
will be very similar to the source.


    Theoretically, any standalone code can be understood - just run it
(and the OS) through simulator and analyze the trace for different
inputs/situations.


    The problem in most cases is how much resources your opponents have,
and what is the size and complexity of your code.


    For C/C++ you can process pieces of the code on source level, and
this can make code obfuscation much easier. One of my students had got
a small obfuscation project as a part of advanced programming course.
His system creates randomly looking self-modifying code in parts of
the program defined by the user. I think he would be able to publish
his code when he finishes the project.


    Michael
[Ah, but if he publishes his code, will we be able to figure out out?
-John]



Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.