Re: invitation to discussion: code and protocol obfuscation techniques

glen herrmannsfeldt <gah@ugcs.caltech.edu>
Sun, 4 Aug 2013 03:41:38 +0000 (UTC)

          From comp.compilers

Related articles
invitation to discussion: code and protocol obfuscation techniques isiisorisiaint@gmail.com (Gyll .) (2013-08-01)
Re: invitation to discussion: code and protocol obfuscation techniques gah@ugcs.caltech.edu (glen herrmannsfeldt) (2013-08-04)
Re: invitation to discussion: code and protocol obfuscation techniques isiisorisiaint@gmail.com (Gyll .) (2013-08-05)
Re: invitation to discussion: code and protocol obfuscation techniques isiisorisiaint@gmail.com (Gyll .) (2013-08-05)
Re: invitation to discussion: code and protocol obfuscation techniques gah@ugcs.caltech.edu (glen herrmannsfeldt) (2013-08-06)
Re: invitation to discussion: code and protocol obfuscation techniques isiisorisiaint@gmail.com (2013-08-08)
Re: invitation to discussion: code and protocol obfuscation techniques gah@ugcs.caltech.edu (glen herrmannsfeldt) (2013-08-08)
Re: invitation to discussion: code and protocol obfuscation techniques isiisorisiaint@gmail.com (2013-08-14)
[1 later articles]
| List of all articles for this month |
From: glen herrmannsfeldt <gah@ugcs.caltech.edu>
Newsgroups: comp.compilers
Date: Sun, 4 Aug 2013 03:41:38 +0000 (UTC)
Organization: Aioe.org NNTP Server
References: 13-08-002
Keywords: code, tools
Posted-Date: 06 Aug 2013 09:14:00 EDT

Gyll . <isiisorisiaint@gmail.com> wrote:
> I'd like to get some info on the subject of code obfuscation,
> particularly source code-level obfuscation methods that will not get
> rendered [totally] useless by code optimizers, program flow graph
> extractors, and other program analysis tools.


As far as I know, the usual obfuscator generates a program with the
exact same function, flow, etc, (as seen by a compiler) but harder to
read by humans.


> More specifically, i need to build an obfuscator source code
> preprocessor for a P2P client such that the obfuscator automatically
> introduces additional protocol states to the base protocol in the
> client code (a "protocol state" is state in the client algorithm
> state machine where a [set of] messages are exchanged between
> two P2P clients).


Seems to me that this would require the obfuscator to know much more
about the algorithm than is usual. First of all, it has to recognize
that it is a state machine. It is not so unusual for verilog reading
tools to recognize and optimize state machines, but, as far as I know,
unusual for other languages. Even so, they expect a fairly specific
way of writing the state machine.


> The obfuscator-introduced protocol validation messages
> should be as well obfuscated as possible, in order to make it
> difficult for an attacker which has the original source code
> of the client to determine which new protocol states have
> been introduced (and where inside the code) by the obfuscator.


As usual, how well that can be done depends on how determined the
attacker is. What the value (in actual money) would be to an attacker,
and what tools would be available.


You might, for example, have an obfuscator that makes the code hard
for a human, but a program could determine that the added states
didn't make logical sense, and remove them.


-- glen


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.