Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,

Published byArabella Cox Modified over 9 years ago

Similar presentations

Presentation on theme: "Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,"— Presentation transcript:

1 Java Code Obfuscation Neerja Bhatnagar

2 Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property, needs protection Money, intelligence, hard work, time put to work to develop code

3 Problem of Reverse Engineering Java code especially prone to reverse engineering, because Java byte code well documented and well structured (freely available in JVM specs) Most of the information contained in source code also present in byte code. Software engineers have little control over distribution of Java applications and their source code because most Java applications distributed over the Internet (easy downloads)

4 Code Obfuscation Technique to discourage and deter reverse engineering Scrambles byte code to make it unintelligible, difficult to understand Alters structure and appearance of code Attempts to make in uneconomical for an attacker to reverse engineer code Does not affect function of original program Does not alter source code, alters byte code

5 Code Obfuscation Techniques Low-Level Layout Obfuscations Control Obfuscations Data Obfuscations High-Level or Design Obfuscations Class Coalescing Obfuscation Class Splitting Obfuscation Type Hiding

6 Design Obfuscations Low-level obfuscation techniques not sufficient because they do not hide design information Design information can facilitate an attacker from gaining general understanding of code and what it does Design obfuscations aim at hiding valuable high-level design information

7 Class Coalescing Obfuscation Combines two or more classes into a single class If the classes to be coalesced have attributes with same name, these are renamed to distinguish among them have non-constructor methods with same signature, except for one non-constructor methods, all others are renamed and altered

8 Class Coalescing Obfuscation Example

9 public class Animal { String name; int age; public Animal() { name = “Goofy”; age = 1; } public int calcAge() { return 2004 – 1985; } public void comments() { System.out.println(“Fluffy”); } public class A { String name; String model; int age; int age2; public Animal() { name = “Goofy”; age = 1; } public Car() { name = “VW”; age = 2; } public int calcAge() { return 2004 – 1985; } public int calcAge(int make) { return 2004 – make; } public void comments() { System.out.println(“Fluffy”); } public void commentsFromCar() { System.out.println(“Smooth”); } public class Car { String model; int age; public Car() { name = “VW”; age = 2; } public int calcAge(int make) { return 2004 – make; } public void comments() { System.out.println(“Smooth”); }

10 Class Coalescing Obfuscation Shortcomings Becomes very complicated when classes extend other classes or implement interfaces because superclasses and interfaces need to be coalesced too variable names and method signatures cannot be altered in any way Cannot be performed when classes extend classes from Java standard library Java standard library classes need to be coalesced too Makes code non-portable Classes with native methods cannot be coalesced because analyzing native code very difficult

11 Class Splitting Obfuscation Splits a class into multiple classes Several ways to split a class Valid split function preserves dependencies among class’s methods and fields Valid split functions include Split class A into classes A1 and A2, where A2 extends A1 Split methods defined in class A between classes A1 and A2

12 Class Splitting Obfuscation Example

13 public class Dog { String name; int age; String sound; public Dog() { name = “Bruno”; age = 5; sound = “woof”; } public void bark() { System.out.println(“Woof! Woof!”); } public void sleep() { System.out.println(“zzz…zzz”); } public class Animal { String name; int age; public Animal() { name = “Bruno”; age = 5; } public void sleep() { System.out.println(“zzz…zzz”); } public class Doggie extends Animal { String sound; public Doggie() { super(); sound = “woof”; } public void bark() { System.out.println(“Woof! Woof!”); }

14 Class Splitting Obfuscation Shortcomings Splitting a class very difficult unless initial design faulty May have reverse effect Splitting a class may improve overall code design, and get rid of spaghetti code! Might actually help the attacker, rather than deter him

15 Type Hiding Uses the concept of Java interface Transforms a concrete class into several interfaces Each interface contains a random subset of the concrete class’s methods and fields Obscures by declaring a concrete class that implements those interfaces

16 Type Hiding Example

17 public class Dog { String name; int age; String sound; public Dog() { name = “Bruno”; age = 5; sound = “woof”; } public void bark() { System.out.println(“Woof! Woof!”); } public void sleep() { System.out.println(“zzz…zzz”); } interface LivingCreature { public void bark(); } interface Animal { public void sleep(); } public class Doggie { String name; int age; String sound; public Dog() { name = “Bruno”; age = 5; sound = “woof”; } public void bark() { System.out.println(“Woof! Woof!”); } public void sleep() { System.out.println(“zzz…zzz”); }

18 Type Hiding Shortcomings Type hiding done the way described in previous slide especially vulnerable to reverse engineering More effective when combined with low-level obfuscation techniques Can be made stronger when randomly selected classes go through type hiding, instead of all classes

19 Obfuscation Products RetroGuard by Retrologic SystemsRetrologic Systems Klassmaster by ZelixZelix JObfuscator by DuckwareDuckware Semantic Designs

20 Conclusion None of the obfuscation techniques sufficient by themselves A combination of these techniques might provide strong resistance to reverse engineering Some claim code obfuscation slows down an application Impact on performance depends on a particular technique Impact usually minimal or none at all Decision to obfuscate or not is a trade-off between protecting code or taking a slight performance hit

Download ppt "Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,"

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler
METHOD OVERRIDING Sub class can override the methods defined by the super class. Overridden Methods in the sub classes should have same name, same signature.

METHOD OVERRIDING Sub class can override the methods defined by the super class. Overridden Methods in the sub classes should have same name, same signature.
1 Chapter 6: Extending classes and Inheritance. 2 Basics of Inheritance One of the basic objectives of Inheritance is code reuse If you want to extend.

1 Chapter 6: Extending classes and Inheritance. 2 Basics of Inheritance One of the basic objectives of Inheritance is code reuse If you want to extend.
CSE 1302 Lecture 8 Inheritance Richard Gesick Figures from Deitel, “Visual C#”, Pearson.

CSE 1302 Lecture 8 Inheritance Richard Gesick Figures from Deitel, “Visual C#”, Pearson.
Inheritance Inheritance Reserved word protected Reserved word super

Inheritance Inheritance Reserved word protected Reserved word super
SE-1020 Dr. Mark L. Hornick 1 Inheritance and Polymorphism: Abstract Classes The “not quite” classes.

SE-1020 Dr. Mark L. Hornick 1 Inheritance and Polymorphism: Abstract Classes The “not quite” classes.
Sadegh Aliakbary Sharif University of Technology Fall 2010.

Sadegh Aliakbary Sharif University of Technology Fall 2010.
ITEC200 – Week03 Inheritance and Class Hierarchies.

ITEC200 – Week03 Inheritance and Class Hierarchies.
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.

Inheritance and Class Hierarchies Chapter 3. Chapter 3: Inheritance and Class Hierarchies2 Chapter Objectives To understand inheritance and how it facilitates.
CS 106 Introduction to Computer Science I 11 / 15 / 2006 Instructor: Michael Eckmann.

CS 106 Introduction to Computer Science I 11 / 15 / 2006 Instructor: Michael Eckmann.
Obfuscation techniques in Java Therese Berge Jonas Ringedal.

Obfuscation techniques in Java Therese Berge Jonas Ringedal.
CS 2511 Fall 2014.  Abstraction Abstract class Interfaces  Encapsulation Access Specifiers Data Hiding  Inheritance  Polymorphism.

CS 2511 Fall  Abstraction Abstract class Interfaces  Encapsulation Access Specifiers Data Hiding  Inheritance  Polymorphism.
Chapter 10 Classes Continued

Chapter 10 Classes Continued
Computer Science 240 Principles of Software Design.

Computer Science 240 Principles of Software Design.
(c) University of Washington03-1 CSC 143 Java Inheritance Reading: Ch. 10.

(c) University of Washington03-1 CSC 143 Java Inheritance Reading: Ch. 10.
Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.
Inheritance using Java

Inheritance using Java
COP 3003 Object-Oriented Programming - Polymorphism Dr. Janusz Zalewski, Fall 2013 Prepared by Dr Dahai Guo.

COP 3003 Object-Oriented Programming - Polymorphism Dr. Janusz Zalewski, Fall 2013 Prepared by Dr Dahai Guo.
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

Similar presentations

Ads by Google