Howto obfuscate OBJECT code (and not source code)?


M

Matt

I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. I am
told by others that some could reverse-engineer this object/machine
code to generate some or all of the source, and while it may not be a
trivial task, it would not be impossible.

Do tools, processes, or other means exist by which I could do this?

I'm looking for something analogous to code obfuscation (sp?) on the
source-code side, but applied to the object code.

I am told that there may be mechanisms to do this for Java bytecode
objects to make them difficult to reverse engineer. Might there be
something similar for general object code (at least for C++
compilers/linkers)?

Thanks in advance,
-Matt
--
[Decompiling any but the smallest machine code libraries, particularly
in the absence of debugging symbols, is a great deal of work. You can
disassemble them easily enough, but figuring out what the code does is
a slog. Unless your library does something like solving the
travelling salesman problem in O(n^2) time, I wouldn't worry about it.
-John]
 
Ad

Advertisements

R

Rapscallion

Matt said:
I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. I am
told by others that some could reverse-engineer this object/machine
code to generate some or all of the source, and while it may not be a
trivial task, it would not be impossible.

Haha, demonstrate it! I give you the cake and you reproduce the eggs,
ok? But seriously, no offense intended, 95% of all C++ code is not
worth to be stolen!

Best wishes,
R.C.
[Someone else pointed out that Java bytecode is a lot higher level and
a lot easier to decompile than machine language, whether from C++ or
any other language. I'd think that C++ would be particularly hard to
decompile because templates and overloading generate really bloated,
messy object code. -John]
 
I

Ioannis Vranos

Matt said:
I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. ...

I am told that there may be mechanisms to do this for Java bytecode
objects to make them difficult to reverse engineer. Might there be
something similar for general object code (at least for C++
compilers/linkers)?


There are obfuscators for .NET code (for C++ and other languages), but
I haven't heard anything about native code.
 
M

Michael Tiomkin

Matt said:
I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. ...

I'm looking for something analogous to code obfuscation (sp?) on the
source-code side, but applied to the object code.

I am told that there may be mechanisms to do this for Java bytecode
objects to make them difficult to reverse engineer. Might there be
something similar for general object code (at least for C++
compilers/linkers)?
[Decompiling any but the smallest machine code libraries,
particularly in the absence of debugging symbols, is a great deal of
work. You can disassemble them easily enough, but figuring out what
the code does is a slog. Unless your library does something like
solving the travelling salesman problem in O(n^2) time, I wouldn't
worry about it. -John]

Well, you can also make the code hard to disassemble. There are
products for "code compression", and methods for creating executable
binary code that is hard to decode. Look at the book of P. Cerven for
some Win/x86 examples.

The easiest way of binary obfuscation is using inlined functions,
high level of optimization and stripping the code of debug info, as
John wrote. Recall that without at least -O2 or -O3 the compiled code
will be very similar to the source.

Theoretically, any standalone code can be understood - just run it
(and the OS) through simulator and analyze the trace for different
inputs/situations.

The problem in most cases is how much resources your opponents have,
and what is the size and complexity of your code.

For C/C++ you can process pieces of the code on source level, and
this can make code obfuscation much easier. One of my students had got
a small obfuscation project as a part of advanced programming course.
His system creates randomly looking self-modifying code in parts of
the program defined by the user. I think he would be able to publish
his code when he finishes the project.

Michael
[Ah, but if he publishes his code, will we be able to figure out out?
-John]
 
G

glen herrmannsfeldt

Most people seem to consider C and C++ code difficult to reverse
engineer. Recovering source is a lot of work, but generating assembly
code is much less work. For reasonably large programs, it isn't
usually considered worthwhile. If your code contains million dollar
ideas, though, it might be.
Haha, demonstrate it! I give you the cake and you reproduce the eggs,
ok? But seriously, no offense intended, 95% of all C++ code is not
worth to be stolen!
[Someone else pointed out that Java bytecode is a lot higher level and
a lot easier to decompile than machine language, whether from C++ or
any other language. I'd think that C++ would be particularly hard to
decompile because templates and overloading generate really bloated,
messy object code. -John]

It doesn't seem that it is that much higher level, but it does seem to
be much easier to decompile. As I understand it, part of the reason
is that there are more restrictions on executing Java code related to
exceptions, so there aren't as many things that optimizers can do.

One of the better ways to obscure object code is with a good optimizer.

-- glen
 
W

Walter

Matt said:
I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. I am
told by others that some could reverse-engineer this object/machine
code to generate some or all of the source, and while it may not be a
trivial task, it would not be impossible.

If a machine can execute it, it can be reverse engineered. It all
depends on how much effort it is worth someone to figure it out. It
takes some good assembler skills to do it, which seems to be rare
these days <g>, so just compiling the code with optimization on will
probably be good enough. If it absolutely, positively must be secure,
then you'll need to encrypt the object code with a strong crypto
algorithm, and make sure the key for it is not available to the
crackers.
 
Ad

Advertisements

K

Kai-Uwe Bux

... If it absolutely, positively must be secure, then you'll need to
encrypt the object code with a strong crypto algorithm, and make
sure the key for it is not available to the crackers.

How would you decide whom you may give the key? After all, it appears
that ordinary users would need the key to run the program?

Best

Kai-Uwe Bux
 
I

Ioannis Vranos

Kai-Uwe Bux said:
How would you decide whom you may give the key? After all, it appears
that ordinary users would need the key to run the program?


Talking about Windows, few days ago I came across an MS online source which explained that
in Windows there are two modes of secure encryption. Using a public and private key, and
using local Windows authentication per user mechanism. The latest is about that a program
can encrypt data by using this API and these data are unencryptable only when the specific
user logs in in the local account (account-oriented encryption).

In this case however, if the account is erased or Windows are reinstalled, data can't be
unencrypted any more.
 
H

Hans-Peter Diettrich

Matt said:
I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. I am
told by others that some could reverse-engineer this object/machine
code to generate some or all of the source, and while it may not be a
trivial task, it would not be impossible.

C++ compilers output very descriptive mangled names, and every call to
a library function will reveal parts of your code and data
structures. OO languages in general produce quite well readable binary
code.

DoDi
 
K

Kai-Uwe Bux

Ioannis said:
Talking about Windows, few days ago I came across an MS online source
which explained that in Windows there are two modes of secure encryption.
Using a public and private key, and using local Windows authentication per
user mechanism. The latest is about that a program can encrypt data by
using this API and these data are unencryptable only when the specific
user logs in in the local account (account-oriented encryption).

Interesting,

would that be an authentication via internet or are both keys stored
locally (the private meant to be accessible only via a Windows-API)? In
this case, the user would have private and public key on disk and it would
just be a matter of determination to mount a successful attack.
In this case however, if the account is erased or Windows are reinstalled,
data can't be unencrypted any more.

Hm, sounds like a very bad deal for the user: so far no computer of mine
served for more than five years. It is pretty unacceptable to loose my data
every time I switch the OS or the hardware. Also, from my friends who have
Windows experience, I hear that reinstalls are not exactly rare.


Best

Kai-Uwe Bux
 
I

Ioannis Vranos

Kai-Uwe Bux said:
Interesting,

would that be an authentication via internet or are both keys stored
locally (the private meant to be accessible only via a Windows-API)? In
this case, the user would have private and public key on disk and it would
just be a matter of determination to mount a successful attack.

I did not pay much attention on this webcast. For the help of all Windows programmers,
although off topic I am posting the following links with a wealth of *free* information:


http://msdn.microsoft.com/chats/

http://channel9.msdn.com/ (check the Videos section)

http://www.microsoft.com/events/ (*all* webcasts are free to view/download, including
"on-demand")

http://support.microsoft.com/webcasts (*all* webcasts are free to view/download, including
"on-demand")

http://www.microsoft.com/events/dcc/webcasts (*all* webcasts are free to view/download,
including "on-demand")

http://msdn.microsoft.com/theshow

http://msdn.microsoft.com/msdntv



I think the encryption webcast I talked about, was in the "Developer Community Seminars".
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top