1. Obfuscation
Aparna Belhe
CS-795

2. What is Obfuscation? Dictionary Meaning: Obfuscation in .Net:
To confuse, to make obscure a problem with extraneous information, to darken. -
Obfuscation in .Net:
- Technology of shrouding the facts.
- Removes context from compiled code that humans (and reverse-engineering tools) would use to decipher the code's meaning.

3. .NET Software Development Lifecycle
Protect

4. Why Obfuscation?
.Net Programs compiled in MSIL, which is at a higher level than binary machine code.
So .Net Programs are easy to reverse engineer using decompilation.
MSIL Disassembler (ILDasm) installed in the .Net Framework SDK can be used.
Anyone can peruse the details of the software.

5. Why Obfuscation ctd….
Obfuscation uses various methods to foil decompilers
Obfuscation is different from Encryption.

6. Goal – Create Confusion!!
Not only will the output confuse a human interpreter, it was also break a decomliper.
Forward logic is preserved, reverse semantics are rendered non-deterministic.
Creates decompilation possibilities which produce incorrect logic if recompiled.

7. Dotfuscator
Acts obfuscator, pruner, linker, and watermarker for .NET applications.
Obfuscation is applied to MSIL and not source code.
Obfuscated code is functionally equivalent to traditional MSIL.
It executes on CLR with similar results.

8. Dotfuscator features Renaming :
Uses a patented Overload-Induction renaming system.
Renames as many methods as possible to a same name.
Effective than renaming to unprintable characters.
Saves space as short names used for renaming.

9. Renaming Example Original Source Code Before Obfuscation
private void CalcPayroll(SpecialList employeeGroup)
{ while (employeeGroup.HasMore())
{ employee = employeeGroup.GetNext(true);
employee.UpdateSalary();
DistributeCheck(employee); }
Reverse-Engineered Source Code After Overload Induction Dotfuscation
private void a(a b)
{ while (b.a())
{ a = b.a(true);
a.a(); a(a);

10. Dotfuscator Features ctd…
2. String Encryption:
Strings in sensitive part of the code are encrypted.
3. Control Flow Obfuscation:
- Introduces false conditions and misleading
constructs in decompiled code.
Example:
Before Control Flow Obfuscation
public int CompareTo(Object o)
{ int n = occurrences – ((WordOccurrence)o).occurrences;
if (n == 0)
{ n = String.Compare(word, ((WordOccurrence)o).word);
} return(n); }

11. Reverse Engineered Source Code after Control Flow Obfuscation
public virtual int _a(Object A_0)
{ int local0, local1;
local0 = this.a – (c) A_0.a;
if (local0 != 0) goto i0;
goto i1;
while (true)
{ return local1;
i0: local1 = local0; }
i1: local0 = System.String.Compare(this.b, (c) A_0.b);
goto i0;

12. 4. Pruning:
Determines unused types, methods and fields.
Uses “triggers” for this determination.
Helps reduce size of the assembly.
5. Assembly Linking:
Links multiple assemblies into one or more output assemblies.
6. Watermarking:
- Embeds data (copyright info/unique nos.) into applications, making them unique.

13. 7. Incremental Obfuscation:
- Useful when a bug is found in the code, but it is obfuscated.
Confidential Map file created to inform how renaming was done.
Match the mapfile against the stack trace.
Mapfile can be used as input to Dotfuscator on subsequent runs to dictate that renames used previously should be used again wherever possible.
Use the re-created patched modules.

14. Demonstration

15. Drawbacks Maintaining and Troubleshooting becomes difficult.
Bug Reports are rendered useless.
Hampers the debugging process, as obfuscation alters MSIL.

16. Conclusion Obfuscation is not 100 percent protection.
If a hacker is perseverant enough, they can find the meaning of your code.
The goal of obfuscation is to make the reverse engineering process extremely time consuming and painful so that it not worth the effort.
The goal is to stop all casual hackers and as many serious hackers as possible.

17. References
Professional Visual Studio 2005 – Andrew Parsons and Nick Randolph.

18. THANK YOU !!