1. Code Obfuscation
Tool for Software Protection

2. Outline
 Why Code Obfuscation
 Features of a code obfuscator
 Potency
 Resilience
 Cost
 Classification of Obfuscating
Transformations

3. Why use Code Obfuscation
Techniques
 Mainly to defend against Software
Reverse Engineering
 We can only make it more difficult for
reverse engineers
 Available obfuscating tools work in
the same way as compiler optimizers
 Reduce required space and time for
compilation

4.  The level of security that an
Obfuscator adds depends on:
 The transformations used
 The power of available deobfuscators
 The amount of resources available to
deobfuscators

5. Main features of a Code Obfuscator
 Potency: is the level up to which a
human reader would be confused by
the new code
 Resilience: is how well the obfuscated
code resists attacks by deobfuscation
tools
 Cost: is how much load is added to
the application

6. Code Obfuscation
 Reverse P1
Reverse Engineer
engineering P1, P2, .., Pn
exatracts piece of
Pn
program
 Obfuscation makes
reverse
engineering
difficult
Obfuscation Reverse Engineering fails
P1, P2, .., Pn Q1, Q2, .., Qm
Transformations

7. Protection through Obfuscation
http://www.cs.arizona.edu/~collberg/Research/Obfuscation/Resources.html

8. Obfuscation methods
 Mainly based on target information that we
want to modify/obfuscate

9. Obfuscation Methods
 Lexical transformations
 Modify variable names
 Control transformations
 Change program flow while preserving
semantics
 Data transformations
 Modify data structures
 Anti-disassembly
 Anti-debugging

10. Kinds of obfuscation for each target
information

11. Available JavaScript Obfuscators
 Most available commercial JavaScript
obfuscators work by applying Lexical
transformations
 Some obfuscators that were
considered are:
 Stunnix JavaScript Obfuscator
 Shane Ng's GPL-licensed obfuscator
 Free JavaScript Obfuscator

12. Example:From Stunnix
 Actual code:  Obfuscated code:
 function foo( arg1)  function z001c775808(
 { z3833986e2c) { var
 var myVar1 = "some z0d8bd8ba25=
string"; //first comment "x73x6fx6dx65x20x73x
74x72x69x6ex67"; var
 var intVar = 24 * 3600; z0ed9bcbcc2= (0x90b+785-
//second comment 0xc04)* (0x1136+6437-
 /* here is 0x1c4b); document. write(
 a long "x76x61x72x73x20x61
 multi-line comment blah */ x72x65x3a"+
z0d8bd8ba25+ "x20"+
 document. write( "vars z0ed9bcbcc2+ "x20"+
are:" + myVar1 + " " + z3833986e2c);};
intVar + " " + arg1) ;
 };

13. Step by step examination
 The Stunnix obfuscator targets at obfuscating
only the layout of the JavaScript code
 As the obfuscator parses the code, it removes
spaces, comments and new line feeds
 While doing so, as it encounters user defined
names, it replaces them with some random
string
 It replaces print strings with their hexadecimal
values
 It replaces integer values with complex
equations

14.  In the sample code that was obfuscated, the following
can be observed
 User defined variables:
 foo replaced with z001c775808
 arg1 replaced with z3833986e2c
 myvar1 replaced with z0d8bd8ba25
 intvar replaced with z0ed9bcbcc2
 Integers:
 20 replaced with (0x90b+785-0xc04)
 3600 replaced with (0x1136+6437-0x1c4b)
 Print strings:
 “vars are” replaced with
x76x61x72x73x20x61x72x65x3a
 Space replaced with x20

15. References
 [Collberg] C. Collberg, “The Obfuscation and
Software Watermarking homepage”,
http://www.cs.arizona.edu/collberg/Research/
Obfuscation/index.html
 [Stunnix JavaScript Obfuscator]
www.stunnix.com
 [Shane Ng's GPL-licensed obfuscator]
http://daven.se/usefulstuff/javascript-
obfuscator.html
 [Free JavaScript Obfuscator]
http://www.javascriptobfuscator.com/