![References
[Collberg] C. Collberg, “The Obfuscation and
Software Watermarking homepage”,
http://www.cs.arizona.edu/collberg/Research/
Obfuscation/index.html
[Stunnix JavaScript Obfuscator]
www.stunnix.com
[Shane Ng's GPL-licensed obfuscator]
http://daven.se/usefulstuff/javascript-
obfuscator.html
[Free JavaScript Obfuscator]
http://www.javascriptobfuscator.com/](https://image.slidesharecdn.com/codeobfuscation-120823220625-phpapp02/85/Code-obfuscation-15-320.jpg)
Code obfuscation
- 1. Code Obfuscation Tool for Software Protection
- 2. Outline Why Code Obfuscation Features of a code obfuscator Potency Resilience Cost Classification of Obfuscating Transformations
- 3. Why use Code Obfuscation Techniques Mainly to defend against Software Reverse Engineering We can only make it more difficult for reverse engineers Available obfuscating tools work in the same way as compiler optimizers Reduce required space and time for compilation
- 4. The level of security that an Obfuscator adds depends on: The transformations used The power of available deobfuscators The amount of resources available to deobfuscators
- 5. Main features of a Code Obfuscator Potency: is the level up to which a human reader would be confused by the new code Resilience: is how well the obfuscated code resists attacks by deobfuscation tools Cost: is how much load is added to the application
- 6. Code Obfuscation Reverse P1 Reverse Engineer engineering P1, P2, .., Pn exatracts piece of Pn program Obfuscation makes reverse engineering difficult Obfuscation Reverse Engineering fails P1, P2, .., Pn Q1, Q2, .., Qm Transformations
- 8. Obfuscation methods Mainly based on target information that we want to modify/obfuscate
- 9. Obfuscation Methods Lexical transformations Modify variable names Control transformations Change program flow while preserving semantics Data transformations Modify data structures Anti-disassembly Anti-debugging
- 10. Kinds of obfuscation for each target information
- 11. Available JavaScript Obfuscators Most available commercial JavaScript obfuscators work by applying Lexical transformations Some obfuscators that were considered are: Stunnix JavaScript Obfuscator Shane Ng's GPL-licensed obfuscator Free JavaScript Obfuscator
- 12. Example:From Stunnix Actual code: Obfuscated code: function foo( arg1) function z001c775808( { z3833986e2c) { var var myVar1 = "some z0d8bd8ba25= string"; //first comment "x73x6fx6dx65x20x73x 74x72x69x6ex67"; var var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785- //second comment 0xc04)* (0x1136+6437- /* here is 0x1c4b); document. write( a long "x76x61x72x73x20x61 multi-line comment blah */ x72x65x3a"+ z0d8bd8ba25+ "x20"+ document. write( "vars z0ed9bcbcc2+ "x20"+ are:" + myVar1 + " " + z3833986e2c);}; intVar + " " + arg1) ; };
- 13. Step by step examination The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code As the obfuscator parses the code, it removes spaces, comments and new line feeds While doing so, as it encounters user defined names, it replaces them with some random string It replaces print strings with their hexadecimal values It replaces integer values with complex equations
- 14. In the sample code that was obfuscated, the following can be observed User defined variables: foo replaced with z001c775808 arg1 replaced with z3833986e2c myvar1 replaced with z0d8bd8ba25 intvar replaced with z0ed9bcbcc2 Integers: 20 replaced with (0x90b+785-0xc04) 3600 replaced with (0x1136+6437-0x1c4b) Print strings: “vars are” replaced with x76x61x72x73x20x61x72x65x3a Space replaced with x20
- 15. References [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, http://www.cs.arizona.edu/collberg/Research/ Obfuscation/index.html [Stunnix JavaScript Obfuscator] www.stunnix.com [Shane Ng's GPL-licensed obfuscator] http://daven.se/usefulstuff/javascript- obfuscator.html [Free JavaScript Obfuscator] http://www.javascriptobfuscator.com/