Submitted Successfully!
To reward your contribution, here is a gift for you: A free trial for our video production service.
Thank you for your contribution! You can also upload a video entry or images related to this topic.
Version Summary Created by Modification Content Size Created at Operation
1 handwiki -- 2316 2022-10-11 01:40:19

Video Upload Options

We provide professional Video Production Services to translate complex research into visually appealing presentations. Would you like to try it?

Confirm

Are you sure to Delete?
Cite
If you have any further questions, please contact Encyclopedia Editorial Office.
HandWiki. Obfuscation. Encyclopedia. Available online: https://encyclopedia.pub/entry/28851 (accessed on 16 November 2024).
HandWiki. Obfuscation. Encyclopedia. Available at: https://encyclopedia.pub/entry/28851. Accessed November 16, 2024.
HandWiki. "Obfuscation" Encyclopedia, https://encyclopedia.pub/entry/28851 (accessed November 16, 2024).
HandWiki. (2022, October 11). Obfuscation. In Encyclopedia. https://encyclopedia.pub/entry/28851
HandWiki. "Obfuscation." Encyclopedia. Web. 11 October, 2022.
Obfuscation
Edit

In software development, obfuscation is the act of creating source or machine code that is difficult for humans to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.

obfuscation machine code development

1. Overview

The architecture and characteristics of some languages may make them easier to obfuscate than others.[1][2] C,[3] C++,[4][5] and the Perl programming language[6] are some examples of languages easy to obfuscate. Haskell is also quite obfuscatable[7] despite being quite different in structure.

The properties that make a language obfuscatable are not immediately obvious.

2. Recreational Obfuscation

Writing and reading obfuscated source code can be a brain teaser. A number of programming contests reward the most creatively obfuscated code, such as the International Obfuscated C Code Contest and the Obfuscated Perl Contest.

Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs.

According to Nick Montfort, techniques may include:

  1. naming obfuscation, which includes naming variables in a meaningless or deceptive way;
  2. data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data;
  3. double coding, which can be displaying code in poetry form or interesting shapes.[8]

Short obfuscated Perl programs may be used in signatures of Perl programmers. These are JAPHs ("Just another Perl hacker").[9]

2.1. Examples

This is a winning entry from the International Obfuscated C Code Contest written by Ian Phillipps in 1988[10] and subsequently reverse engineered by Thomas Ball.[11]

/* LEAST LIKELY TO COMPILE SUCCESSFULLY: Ian Phillipps, Cambridge Consultants Ltd., Cambridge, England */ #include <stdio.h> main(t,_,a) char a; { return! 0<t? t<3? main(-79,-13,a+ main(-87,1-_, main(-86, 0, a+1 ) +a)): 1, t<_? main(t+1, _, a ) :3, main ( -94, -27+t, a ) &&t == 2 ?_ <13 ? main ( 2, _+1, "%s %d %d\n" ) :9:16: t<0? t<-72? main( _, t, "@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;\ #q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l q#'+d'K#!/+k#;\ q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; \ r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#\ \ n'wk nw' iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;\ {nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;\ #'rdq#w! nr'/ ') }+}{rl#'{n' ')# }'+}##(!!/") : t<-50? _==*a ? putchar(31[a]): main(-65,_,a+1) : main((*a == '/') + t, _, a + 1 ) : 0<t? main ( 2, 2 , "%s") :*a=='/'|| main(0, main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry") ,a+1);}

It is a C program that when compiled and run will generate the 12 verses of The 12 Days of Christmas. It contains all the strings required for the poem in an encoded form within the code.

A non-winning entry from the same year, this next example illustrates creative use of whitespace; it generates mazes of arbitrary length:[12]

char*M,A,Z,E=40,J[40],T[40];main(C){for(*J=A=scanf(M="%d",&C); -- E; J[ E] =T [E ]= E) printf("._"); for(;(A-=Z=!Z) || (printf("\n|" ) , A = 39 ,C -- ) ; Z || printf (M ))M[Z]=Z[A-(E =A[J-Z])&&!C & A == T[ A] |6<<27<rand()||!C&!Z?J[T[E]=T[A]]=E,J[T[A]=A-Z]=A,"_.":" |"];}

ANSI-compliant C compilers don't allow constant strings to be overwritten, which can be avoided by changing "*M" to "M[3]" and omitting "M=".

The following example by Óscar Toledo Gutiérrez, Best of Show entry in the 19th IOCCC, implements an 8080 emulator complete with terminal and disk controller, capable of booting CP/M-80 and running CP/M applications:[13]

#include <stdio.h> #define n(o,p,e)=y=(z=a(e)%16 p x%16 p o,a(e)p x p o),h( #define s 6[o] #define p z=l[d(9)]|l[d(9)+1]<<8,1<(9[o]+=2)||++8[o] #define Q a(7) #define w 254>(9[o]-=2)||--8[o],l[d(9)]=z,l[1+d(9)]=z>>8 #define O )):(( #define b (y&1?~s:s)>>"\6\0\2\7"[y/2]&1?0:( #define S )?(z-= #define a(f)*((7&f)-6?&o[f&7]:&l[d(5)]) #define C S 5 S 3 #define D(E)x/8!=16+E&198+E*8!=x? #define B(C)fclose((C)) #define q (c+=2,0[c-2]|1[c-2]<<8) #define m x=64&x?*c++:a(x), #define A(F)=fopen((F),"rb+") unsigned char o[10],l[78114],*c=l,*k=l #define d(e)o[e]+256*o[e-1] #define h(l)s=l>>8&1|128&y|!(y&255)*64|16&z|2,y^=y>>4,y^=y<<2,y^=~y>>1,s|=y&4 +64506; e,V,v,u,x,y,z,Z; main(r,U)char**U;{ { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { ; } } { { { } } } { { ; } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } { { { } } } for(v A((u A((e A((r-2?0:(V A(1[U])),"C") ),system("stty raw -echo min 0"),fread(l,78114,1,e),B(e),"B")),"A")); 118-(x =*c++); (y=x/8%8,z=(x&199)-4 S 1 S 1 S 186 S 2 S 2 S 3 S 0,r=(y>5)*2+y,z=(x& 207)-1 S 2 S 6 S 2 S 182 S 4)?D(0)D(1)D(2)D(3)D(4)D(5)D(6)D(7)(z=x-2 C C C C C C C C+129 S 6 S 4 S 6 S 8 S 8 S 6 S 2 S 2 S 12)?x/64-1?((0 O a(y)=a(x) O 9 [o]=a(5),8[o]=a(4) O 237==*c++?((int (*)())(2-*c++?fwrite:fread))(l+*k+1[k]* 256,128,1,(fseek(y=5[k]-1?u:v,((3[k]|4[k]<<8)<<7|2[k])<<7,Q=0),y)):0 O y=a(5 ),z=a(4),a(5)=a(3),a(4)=a(2),a(3)=y,a(2)=z O c=l+d(5) O y=l[x=d(9)],z=l[++x] ,x[l]=a(4),l[--x]=a(5),a(5)=y,a(4)=z O 2-*c?Z||read(0,&Z,1),1&*c++?Q=Z,Z=0:( Q=!!Z):(c++,Q=r=V?fgetc(V):-1,s=s&~1|r<0) O++c,write(1,&7[o],1) O z=c+2-l,w, c=l+q O p,c=l+z O c=l+q O s^=1 O Q=q[l] O s|=1 O q[l]=Q O Q=~Q O a(5)=l[x=q] ,a(4)=l[++x] O s|=s&16|9<Q%16?Q+=6,16:0,z=s|=1&s|Q>159?Q+=96,1:0,y=Q,h(s<<8) O l[x=q]=a(5),l[++x]=a(4) O x=Q%2,Q=Q/2+s%2*128,s=s&~1|x O Q=l[d(3)]O x=Q / 128,Q=Q*2+s%2,s=s&~1|x O l[d(3)]=Q O s=s&~1|1&Q,Q=Q/2|Q<<7 O Q=l[d(1)]O s=~1 &s|Q>>7,Q=Q*2|Q>>7 O l[d(1)]=Q O m y n(0,-,7)y) O m z=0,y=Q|=x,h(y) O m z=0, y=Q^=x,h(y) O m z=Q*2|2*x,y=Q&=x,h(y) O m Q n(s%2,-,7)y) O m Q n(0,-,7)y) O m Q n(s%2,+,7)y) O m Q n(0,+,7)y) O z=r-8?d(r+1):s|Q<<8,w O p,r-8?o[r+1]=z,r [o]=z>>8:(s=~40&z|2,Q=z>>8) O r[o]--||--o[r-1]O a(5)=z=a(5)+r[o],a(4)=z=a(4) +o[r-1]+z/256,s=~1&s|z>>8 O ++o[r+1]||r[o]++O o[r+1]=*c++,r[o]=*c++O z=c-l,w ,c=y*8+l O x=q,b z=c-l,w,c=l+x) O x=q,b c=l+x) O b p,c=l+z) O a(y)=*c++O r=y ,x=0,a(r)n(1,-,y)s<<8) O r=y,x=0,a(r)n(1,+,y)s<<8)))); system("stty cooked echo"); B((B((V?B(V):0,u)),v)); } //print("Hello world")

An example of a JAPH:

@P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{ @p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord ($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&& close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print

This slowly displays the text "Just another Perl / Unix hacker", multiple characters at a time, with delays.[14]

Some Python examples can be found in the official Python programming FAQ and elsewhere.[15][16][17]

3. Advantages of Obfuscation

3.1. Faster Loading Time

The scripts used by web-pages have to be sent over the network to the user agent that will run them. The smaller they are, the faster the download. In such use-cases, minification (a relatively trivial form of obfuscation) can produce real advantages.

3.2. Reduced Memory Usage

In antique run-time interpreted languages (more commonly known as script), like older versions of BASIC, programs executed faster and took less RAM if they used single letter variable names, avoided comments and contained only necessary blank characters (in brief, the shorter the faster).

3.3. Protection for Trade Secrets

Where the source code of a program must be sent to the user, for example JavaScript in a web page, any trade secret, licensing mechanism or other intellectual property contained within the program is accessible to the user. Obfuscation makes it harder to understand the code and make modifications to it.

Desktop programs sometimes include features that help to obfuscate their code. Some programs may not store their entire code on disk, and may pull a portion of their binary code via the web at runtime. They may also use compression and/or encryption, adding additional steps to the disassembly process.

3.4. Prevention of Circumvention

Obfuscating the program can, in such cases, make it harder for users to circumvent license mechanisms or obtain information the program's supplier wished to hide. It can also be used to make it harder to hack multiplayer games.

3.5. Prevention of Virus Detection

Malicious programs may use obfuscation to disguise what they are really doing. Most users do not even read such programs; and those that do typically have access to software tools that can help them to undo the obfuscation, so this strategy is of limited efficacy.

4. Disadvantages of Obfuscation

  • While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible.[18]
  • It adds time and complexity to the build process for the developers.
  • It can make debugging issues after the software has been obfuscated extremely difficult.
  • Once code becomes abandonware and is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code.
  • Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.

5. Decompilers

A decompiler can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "man-in-the-middle". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).

6. Cryptographic Obfuscation

Recently, cryptographers have explored the idea of obfuscating code so that reverse-engineering the code is cryptographically hard. This is formalized in the many proposals for indistinguishability obfuscation, a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, black-box obfuscation, was shown impossible in 2001 when researchers constructed programs that cannot be obfuscated in this notion.)[19][20]

7. Notifying Users of Obfuscated Code

Some anti-virus softwares, such as AVG AntiVirus,[21] will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software.

Certain major browsers such as Firefox and Chrome also disallow browser extensions containing obfuscated code.[22][23]

8. Obfuscating Software

A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and open-source software. Deobfuscation tools also exist that attempt to perform the reverse transformation.

Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.

9. Obfuscation and Copyleft Licenses

There has been debate on whether it is illegal to skirt copyleft software licenses by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the GNU General Public License by requiring the "preferred form for making modifications" to be made available.[24] The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."[25]

References

  1. Binstock, Andrew (2003-03-06). "Obfuscation: Cloaking your Code from Prying Eyes". http://www.devx.com/microsoftISV/Article/11351. 
  2. Atwood, Jeff (2005-05-15). "Jeff Atwood, May 15, 2005". Codinghorror.com. http://www.codinghorror.com/blog/archives/000291.html. 
  3. "Obfuscation". Kenter.demon.nl. http://www.kenter.demon.nl/obfuscate.html. 
  4. "C++ Tutorials – Obfuscated Code – A Simple Introduction". DreamInCode.net. http://www.dreamincode.net/forums/index.php?showtopic=38102. 
  5. "C Tutorials – Obfuscated Code in C". 2011-07-07. http://sites.google.com/site/rcorcs/posts/obfuscatedcode. 
  6. As of 2013-11-25 18:22 GMT. "Pe(a)rls in line noise". Perlmonks.org. http://www.perlmonks.org/index.pl?node_id=291267. 
  7. "Obfuscation – Haskell Wiki". 2006-02-16. https://wiki.haskell.org/Obfuscation. 
  8. Montfort, Nick. "Obfuscated code". http://obfuscationsymposium.org/wp-content/uploads/2014/01/Montfort__Obfuscated_Code.pdf. 
  9. "JAPH – Just Another Perl Hacker". Perl Mongers. http://rochester.pm.org/talks/japh_discussion.txt. 
  10. "International Obfuscated C Code Winners 1988 – Least likely to compile successfully". Ioccc.org. http://www.ioccc.org/years.html#1988_phillipps. 
  11. ""Reverse Engineering the Twelve Days of Christmas" by Thomas Ball". Research.microsoft.com. http://research.microsoft.com/~tball/papers/XmasGift/. 
  12. Don Libes, Obfuscated C and Other Mysteries, John Wiley & Sons, 1993, pp 425. ISBN:0-471-57805-3
  13. Óscar Toledo Gutiérrez: Intel 8080 emulator. 19th IOCCC. Best of Show. http://www.nanochess.org/emulator.html
  14. "Obfuscated Perl Program". Perl.plover.com. http://perl.plover.com/obfuscated/. 
  15. Ben Kurtovic. "Obfuscating "Hello world!"". https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html. 
  16. "Obfuscated Python". http://wiki.c2.com/?ObfuscatedPython. 
  17. "The First Annual Obfuscated Python Content". https://code.activestate.com/lists/python-list/16171/. 
  18. ""Can We Obfuscate Programs?" by Boaz Barak". Math.ias.edu. http://www.math.ias.edu/~boaz/Papers/obf_informal.html. 
  19. "Cryptography Breakthrough Could Make Software Unhackable" (in en-us). Wired. ISSN 1059-1028. https://www.wired.com/2014/02/cryptography-breakthrough/. 
  20. Jain, Aayush; Lin, Huijia; Sahai, Amit (2020). Indistinguishability Obfuscation from Well-Founded Assumptions. https://eprint.iacr.org/2020/1003. 
  21. "Blocking website and only way to fix is disabling HTTPS s... | AVG" (in en). 2020-07-21. https://support.avg.com/answers?id=9060N000000gbDLQAY. 
  22. at 05:01, Thomas Claburn in San Francisco 2 Oct 2018. "Google taking action against disguised code in Chrome Web Store" (in en). https://www.theregister.co.uk/2018/10/02/google_chrome_web_store/. 
  23. Cimpanu, Catalin. "Mozilla announces ban on Firefox extensions containing obfuscated code" (in en). https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/. 
  24. "Reasoning behind the "preferred form of the work for making modifications to it" language in the GPL". Lwn.net. https://lwn.net/Articles/431651/. 
  25. "What is free software?". gnu.org. https://www.gnu.org/philosophy/free-sw.html. 
More
Information
Contributor MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register :
View Times: 1.3K
Entry Collection: HandWiki
Revision: 1 time (View History)
Update Date: 11 Oct 2022
1000/1000
ScholarVision Creations