Code Obfuscation Tool for Software Protection. Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification.

Slides:

Advertisements

Similar presentations

Chapter 11 Introduction to Programming in C

Advertisements

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

Compilers Course 379K, TTH 9:30-11:00 Instructor: Dr. Doron A. Peled Office Hours: Mon 11:00-12:00.

Introducing JavaScript

Code optimization: –A transformation to a program to make it run faster and/or take up less space –Optimization should be safe, preserve the meaning of.

WEAVING CODE EXTENSIONS INTO JAVASCRIPT Benjamin Lerner, Herman Venter, and Dan Grossman University of Washington, Microsoft Research.

Moving Target Defense in Cyber Security

JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,

Preventing Reverse Engineering by Obfuscating Bharath Kumar.

Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.

Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Working with the data type: char  2000 Prentice Hall, Inc. All rights reserved. Modified for use with this course. Introduction to Computers and Programming.

Obfuscation techniques in Java Therese Berge Jonas Ringedal.

XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding Addresses from Spammers.

Software Uniqueness: How and Why? Puneet Mishra Dr. Mark Stamp Department of Computer Science San José State University, San José, California.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

Rhino – JavaScript for Java. Speaker: Brent Wilkins Hertz – Applications Consultant – Cobol developer – 20+ years – PowerBuilder developer – 6 years –

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.

Application Security Tom Chothia Computer Security, Lecture 14.

Detecting Software Theft via System Call Based Birthmarks Xinran Wang, Yoon-Chan Jhi, Sencun Zhu, Peng Liu ACSAC 2009.

Abstraction Interpretation Abstract Interpretation is a general theory for approximating the semantics of dynamic systems (Cousot & Cousot 1977) Abstract.

Software School of Hunan University Database Systems Design Part III Section 5 Design Methodology.

KEVIN COOGAN, GEN LU, SAUMYA DEBRAY DEPARTMENT OF COMUPUTER SCIENCE UNIVERSITY OF ARIZONA 報告者：張逸文 Deobfuscation of Virtualization- Obfuscated Software.

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Vikram Reddy Enukonda.

D. M. Akbar Hussain: Department of Software & Media Technology 1 Compiler is tool: which translate notations from one system to another, usually from source.

 Three-Schema Architecture Three-Schema Architecture  Internal Level Internal Level  Conceptual Level Conceptual Level  External Level External Level.

RIVERSIDE RESEARCH INSTITUTE Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation Eric Laspe, Reverse Engineer Jason.

Case study Students. Array of objects Arrays can hold objects (ref to objects!) Each cell in an array of objects is null by default Sample: from student.

1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.

Computer Engineering Rabie A. Ramadan Lecture 5.

Algorithms  Problem: Write pseudocode for a program that keeps asking the user to input integers until the user enters zero, and then determines and outputs.

Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.

Presented by Teererai Marange. According to Caliskan-Islam et al.(2015), authorship attribution using the Code Stylometry feature set is possible when.

Introduction to Compilers. Related Area Programming languages Machine architecture Language theory Algorithms Data structures Operating systems Software.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

A Generic Approach to Automatic Deobfuscation of Executable Code Paper by Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, Saumya Debray.

Using Dynamic Compilers for Software Testing Ben Breech Lori Pollock John Cavazos.

Operating System Protection Through Program Evolution Fred Cohen Computers and Security 1992.

Fingerprinting Text in Logical Markup Languages Christian D. Jensen G.I. Davida and Y. Frankel (Eds.): Proc. Information Security Conference 2001, Lecture.

Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.

CMPE13Cyrus Bazeghi 1 Chapter 11 Introduction to Programming in C.

Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer.

Compilers and Security

Focused obfuscation for 1-day attack delaying

Application of Obfuscation Techniques on Android Applications

Introduction to Compiler Construction

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Attacking an obfuscated cipher by injecting faults

Algorithms Problem: Write pseudocode for a program that keeps asking the user to input integers until the user enters zero, and then determines and outputs.

Un</br>able’s MySecretSecrets

Chapter 11 Introduction to Programming in C

Security by Obscurity: Code Obfuscation

Chapter 11 Introduction to Programming in C

Suppose I want to add all the even integers from 1 to 100 (inclusive)

Chapter 11 Introduction to Programming in C

Variables Here we go.

Software Development Environment, File Storage & Compiling

Re- engineeniering.

String Analysis for JavaScript Programs Using JSAI

Format String Vulnerability

Presentation transcript:

Code Obfuscation Tool for Software Protection

Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification of Obfuscating Transformations

Why use Code Obfuscation Techniques  Mainly to defend against Software Reverse Engineering  We can only make it more difficult for reverse engineers  Available obfuscating tools work in the same way as compiler optimizers  Reduce required space and time for compilation

 The level of security that an Obfuscator adds depends on: The transformations used The power of available deobfuscators The amount of resources available to deobfuscators

Main features of a Code Obfuscator  Potency: is the level up to which a human reader would be confused by the new code  Resilience: is how well the obfuscated code resists attacks by deobfuscation tools  Cost: is how much load is added to the application

Code Obfuscation  Reverse engineering exatracts piece of program  Obfuscation makes reverse engineering difficult P1, P2,.., Pn Reverse Engineer P1 Pn P1, P2,.., Pn Obfuscation Q1, Q2,.., Qm Reverse Engineering fails Transformations

Protection through Obfuscation

Obfuscation methods  Mainly based on target information that we want to modify/obfuscate

Kinds of Obfuscating Transformations Obfuscation Methods  Lexical transformations Modify variable names  Control transformations Change program flow while preserving semantics  Data transformations Modify data structures  Anti-disassembly  Anti-debugging

Kinds of obfuscation for each target information

Available JavaScript Obfuscators  Most available commercial JavaScript obfuscators work by applying Lexical transformations  Some obfuscators that were considered are: Stunnix JavaScript Obfuscator Shane Ng's GPL-licensed obfuscator Free JavaScript Obfuscator

Example:From Stunnix  Actual code:  function foo( arg1)  {  var myVar1 = "some string"; //first comment  var intVar = 24 * 3600; //second comment  /* here is  a long  multi-line comment blah */  document. write( "vars are:" + myVar1 + " " + intVar + " " + arg1) ;  } ;  Obfuscated code:  function z001c775808( z e2c) { var z0d8bd8ba25= "\x73\x6f\x6d\x65\x20\x73\x 74\x72\x69\x6e\x67"; var z0ed9bcbcc2= (0x90b xc04)* (0x x1c4b); document. write( "\x76\x61\x72\x73\x20\x61\ x72\x65\x3a"+ z0d8bd8ba25+ "\x20"+ z0ed9bcbcc2+ "\x20"+ z e2c);};

Step by step examination  The Stunnix obfuscator targets at obfuscating only the layout of the JavaScript code  As the obfuscator parses the code, it removes spaces, comments and new line feeds  While doing so, as it encounters user defined names, it replaces them with some random string  It replaces print strings with their hexadecimal values  It replaces integer values with complex equations

 In the sample code that was obfuscated, the following can be observed  User defined variables: foo replaced with z001c arg1 replaced with z e2c myvar1 replaced with z0d8bd8ba25 intvar replaced with z0ed9bcbcc2  Integers: 20 replaced with (0x90b+785-0xc04) 3600 replaced with (0x x1c4b)  Print strings: “vars are” replaced with \x76\x61\x72\x73\x20\x61\x72\x65\x3a Space replaced with \x20

References  [Collberg] C. Collberg, “The Obfuscation and Software Watermarking homepage”, Obfuscation/index.html Obfuscation/index.html  [Stunnix JavaScript Obfuscator]  [Shane Ng's GPL-licensed obfuscator] obfuscator.html obfuscator.html  [Free JavaScript Obfuscator]