Code Obfuscation

When it comes to security of an application, Source code piracy is one of the major concerns. If your source code is available to hackers, it means you are totally screwed. Hackers can then easily bypass your applied security controls, re-build application with malicious code snippets and also misuse the business logic used in the application.
Obfuscation is the process of renaming the meta-data in an Assembly so that it is no longer useful to a hacker, but remains usable to the machine for executing the intended operations. It does not modify the actual instructions or mask them from observation by a hacker. Reverse engineering of your proprietary applications by unfair competition or malicious hackers may result in highly undesirable exposure of your algorithms and ideas, proprietary data formats, licensing and security mechanisms, and, most importantly, your customers' data.

Getting into more details about Code Obfuscation as given below.



Name Obfuscation:
Name obfuscation changes the name of your classes and methods to unreadable characters, making your code harder to understand. Name obfuscation makes the decompiled source harder to understand but the overall flow of the code is not obscured.

String Encryption:
Managed software stores all the strings in one place and in a clear structure. This makes it easy to find the strings in a decompiled assembly. By following the references to these strings, it may be possible to understand the purpose of your code, even after obfuscation. String encryption works by moving all user strings to an encrypted block of storage. When needed, the runtime executive decrypts the string in memory.

Control Flow Obfuscation:
Control flow obfuscation is about modifying the program so that it yields the same result when run, but is impossible to decompile into a well-structured source code and is more difficult to understand. Most code obfuscators would replace MSIL instructions produced by a .NET compiler with gotos and other instructions that may not be decompiled into valid source code.

Code Encryption:
Code encryption protects the MSIL instructions by encrypting them and stripping the original instructions from the assembly, encrypted instructions are kept in a secure storage. When the assembly is loaded a native runtime executive assumes control of portions of the .NET runtime and manages decrypting the MSIL as needed.

Code Virtualization:
Code virtualization converts your MSIL code into Virtual Op-codes that will only be understood by a secure Virtual machine. As opposed to protecting MSIL code through encryption where the encrypted code must be decrypted back into MSIL before it can be executed by the CLR, Code Virtualization use a virtual machine which directly processes the protected code in the form of a virtual machine language. Code virtualization feature is by far the strongest protection method available in code protection arena today as it implements a one-way code transformation, code is never translated back to its original form, and instead the virtual machine emulates the original code behavior. Code Virtualization can significantly degrade performance if used unwisely and make debugging very difficult.

Debug info obfuscation:
By default, the javac compiler writes source file names and, optionally, line number information (with -g option) to the resulting class files. Those are required to get meaningful stack traces. An obfuscator may remove that information altogether, or change file names to meaningless strings. If you rely on stack traces when resolving customer issues, make sure your obfuscator comes with a reverse mapping utility that can reconstruct the original stack trace with un-obfuscated names of classes and source files.
Note also that certain third-party libraries and frameworks require stack trace information to function properly. One example is Apache log4j.

Watermarking:
Some obfuscators may embed a hidden customer or distributor ID into your class files, just like in digital media, enabling you to track down software pirates.

Source: https://en.wikipedia.org/
http://www.excelsior-usa.com/articles/java-obfuscators.html
http://www.yworks.com/en/products_yguard_about.html

Comments

Post a Comment

Popular posts from this blog

Source Code Review

Image
Introduction Source Code review is a process which discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Code review helps developers learn the code base, as well as help them learn new technologies and techniques that grow their skill sets. In source code review we are using a combination of scanning tools and manual review to detect insecure coding practices, backdoor, injection flaws, cross site scripting errors, insecure handling of resources, weak cryptography etc. Many claims that this process is time consuming and too costly, but there is no doubt that this process is the fastest and most accurate way to find and diagnose many problems, mostly your code is the base from hackers are taking advantage. There are dozens of security problems that simply can’t be found any other way. A source code review is also the best way to detect intentional or accidental backdoors and logic bombs in applications that you acquire from thi
Read more

Cyber Security and DFIR Interview Questions

Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don't have any idea on what type of questions they might face in an interview. Recently  @Miss_Malware  asked for everyone's favorites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview. Note: All These questions have compiled with the help of @Miss_Malware's twitter thread, contribution from friends and very intelligent internet searches :P, All the relevant sources (Read those I remember) have been mentioned at end of the post. GENERAL What is DNS? Differentiate between TCP and UDP? How does HTTP handle state? Does TLS use symmetric or asymmetric encryption? What is "Risk"? What is "Risk
Read more