Obfuscating software

From Wikipedia, the free encyclopedia

It has been suggested that this article or section be merged with obfuscated code. (Discuss)

Obfuscating software (also known as obfuscators) is software designed to inhibit reverse engineering of software even when source code is available, by converting it to obfuscated code, making the source code far less readable and almost impossible to understand by a human being. Thus, the basic function of an obfuscator is to over-complicate the source code for readers so that it can not be successfully decompiled. There are also deobfuscators, which do the reverse. Although reverse engineering always existed in computer software, in recent times has it become a significant problem. The exposure is far greater in newer computing environments such as Java and Microsoft's .NET.

[edit] Explanation

Programs written in languages such as C++ or Pascal are compiled into the machine language of a given computer before they become a program. Programmers write "source code", computers run "machine code" so this conversion is necessary. There is (generally) a one way transformation from source code to machine code. Machine code is not encrypted and is easy for anyone to see, but the format is so tedious for humans that reverse-engineering efforts are slow and painful.

Java and .NET languages (C#, Visual Basic, etc) take a different approach to compilation. These languages are highly powerful, flexible and understandable. However, the inherent flexibility and understandability present in these languages makes them far easier to reverse engineer because they do not compile to machine code, they compile into intermediate code.

Microsoft recommends using the Script Encoder to obfuscate the ASP files, so in case the web server is compromised, the hacker (or cracker) would be unable to find out how your ASP applications work. The Script Encoder works also on JScript and VBScript files. Note that the encoded JScript is only functional in Internet Explorer. However, in the documentation, it states that "Note that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you've done and how.". In fact, it is indeed possible, as shown by the Windows Script Decoder, created on August 1, 2000 by Mr. Brownstone.

The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.