In computers, obfuscation is a process to hide the implementation details. In short it obscures the intended meaning of things. So, code obfuscation means anything that is being employed to make a code, or the completed objects making it hard to read and understand. The question is why does anyone want it? Through obscurity, they are the ones who advocate security. One of the arguments is that as the cost of exploiting gets higher, it may go on to discourage some. Though this may seem to be a reasonable one the practice does not suggest so.
The less skilled attackers may encounter a difficult time, as we are witnessing skilled criminals who are part of the bandwagon nowadays. But a point is there is an increase in the costs of an attack. For better Maintenance, the easier the code is understood. The process of simple coding would add new coders to the team. Even it becomes easy to spot bugs or issues and incorporate new features.
The companies that go on to utilize this method, code obfuscation is something that is undertaken at the production release team. The use of automated tools analyzes and obfuscates the source code or the result of byte code projects. But some of them may go on to manually obfuscate the critical function in the source code itself. What it means is that the logic is over-engineered so that the resulting object develops complex codes.
The user cases of code obfuscation
Obfuscation can be applied to the source code itself, or in the list of the compiled objects. The latter is the original one. For centuries people have been using code obfuscation for a number of reasons.
- Project of trade secret projection- here the key algorithm is difficult to detect, extract and reverse engineer.
- Circumvention prevention- since it is hard to interpret the software, abusing it would take a lot of effort.
Considering the other side of the coin as a security measure, it is not something that would provide you with effective protection. There are automated tools in place that is going to simplify the obfuscation process. One thing is for sure we should not rely on security through obfuscation alone. It is not effective as a form of production, but other issues are likely to arise. The stack traces from defects would be harder to interpret. Even it goes on to add to the complexity of the building process.
Before having an idea of how the process of obfuscation works, there is a need to figure out what it is looking to avoid. This is the process of analyzing the functions or architecture of a product. In the domain of software, it indicates developing a code on similar lines. It means that it would be impossible to modify and develop a similar system. This happens to be the same procedure that is used to analyze malware or reverse the cryptographic ransomware challenges.
Diverse approaches exist to reverse engineering software. With the help of statistical analysis, we can translate the binary or bye code objects into a readable form. The results may be in assembly language that is hard to read once again is dependent upon the type of framework that is being used. In an original language, Java can be translated back to its original language.
The dynamic nature of the reverse engineering process stimulates the application to take stock of the outputs, and inputs along with the program call. It may trace the injection of the software with other systems in an external world. In addition, the current decompile tools could use both the approaches to provide better results.
The examples of obfuscation
In this simple Java class let us explain things with an example The sample of the following tools are being used
- Jada- this is termed as an open-source Java decompile. It is known to reverse the JVM bite code back on to the Java code. Though it is quite old it is still reliable and usable.
- Proguard it works out to be an open-source byte code, and an optimizer. The working module is by analyzing the byte code objects. Into the building pipeline it can be easily integrated.
It has come to the fore that in the reengineered code, though the class names was preserved, the comments along with the names were lost. The white loop is being optimized by the Java compiler, into a simple version of a loop. Also we are likely to come across an instantiation method during the process of compilation.
Do you feel whether there is an actual security benefit?
In byte code frameworks, an example would be in the form of Java or Net, with the aid of decompiling, tools it becomes easy to map the class and variable names to something readable. What it means is that you can name a class or a variable, that is going to refract the code accordingly. Even it is possible to map and decode the future compilations so that it could end up cashing in on the benefits of it.
Obfuscation is something that is not bound to make the process of reversing harder, for sure it is not able to prevent it. So it is clearly said and done that the security benefits are not that great. Some have gone one step ahead where they have made an attempt to encrypt the code itself. These are some of the benefits related to code obfuscation that one needs to be aware.