Developers and Software Security – Code Obfuscation

Few methods can be employed to prevent piracy in a relatively secure way. An example is server-side kmspico execution of software, another is encryption where the entire decryption/execution process takes place in specific hardware. Those options both offer good software protection against reverse engineering because the attacker suffers a severe problem reaching the code. However, there are some serious downsides to these techniques. Server-side execution performs worse than if run locally and hardware execution requires the end-user to have specific hardware.

There are more protection options available though, one of which is code obfuscation. Still, code obfuscation is rather a way of making reverse engineering economically infeasible in terms of time and resources needed. Of course, the employed techniques must be able to stave off attacks with deobfuscator tools.

Code obfuscation is difficult to define: it is not encryption nor is it scrambling of code. In fact, the technique means to generate code which is still perfectly executable and understandable by computers, but is very difficult for humans to understand. From a computer point of view, the technique resembles a translation, or just making up code in a very different way, without changing the actual functioning of the program.

Given enough time and perseverance, an experienced attacker will always find vulnerabilities that enable reverse engineering a program. Still, code obfuscation is employed to make the attack too costly in time and resources, so that even the experienced cracker may give up or go away.

Different types of obfuscation can be applied, depending on the format in which the software is distributed. When the source code of a program is distributed, source code obfuscation is often applied. Bytecode obfuscation is applied on Java bytecode and MS.NET, binary code obfuscation can be applied to all programs compiled to native code.

Java and .NET languages take a different approach to compilation. While this achieves platform independence, it also makes programs easy to decompile and reverse engineer. Thus, authors often grab to obfuscation techniques for better software protection. Still, authors must obfuscate without changing a program’s logic. Indeed, the purpose is to protect and not to deform.

Binary code obfuscation is sometimes also referred to as code morphing. It obfuscates the machine language or object code rather than the source code. Binary code obfuscation techniques transform code at binary level, hence in the compiled executable.

Leave a Reply

Your email address will not be published. Required fields are marked *