Code Obfuscation
- 2021年11月30日
- 未分類
Obfuscation is making something complex and difficult to understand. Programming codes are often obfuscated to decrease the security risks such as preventing an attacker from reverse engineering a software program and protect intellectual properties.
Code obfuscation is not about changing the program’s original code contents, but rather about making the presentation of that code more confusing. Obfuscation does not change how the program works or outputs.
The following are some techniques we should know about obfuscation.
Renaming
The obfuscator alters the methods and names of variables. The new names may include unprintable or invisible characters.
Packing
This compresses the entire program to make the code unreadable.
String encryption
This method uses encryption to hide the strings in the executable and only restores the values when they are needed to run the program. This makes it difficult to go through a program and search for particular strings.
Control flow
The decompiled code is made to look like spaghetti logic, which is unstructured and hard to maintain code where the line of thought is obscured. Results from this code are not clear, and it’s hard to tell what the point of the code is by looking at it.
Instruction pattern transformation
This approach takes common instructions created by the compiler and swaps them for more complex, less common instructions that effectively do the same thing.
Dummy code insertion
Dummy code can be added to a program to make it harder to read and reverse engineer, but it does not affect the program’s logic or outcome.
Metadata or unused code removal
Unused code and metadata give the reader extra information about the program, much like annotations on a Word document, that can help them read and debug it. Removing metadata and unused code leaves the reader with less information about the program and its code.
Summary
Obfuscation techniques are used in various cases. For example, these can be used to stop someone from copying your client-side code. And enterprises also need to make sure that websites are protected against malicious code injection and it difficult to discover useful information such as trade secrets (IP), credentials, or security vulnerabilities from an application.
Hope you enjoy that.
By Asahi
waithaw at 2021年11月30日 10:00:00