Jump to content

Obfuscation (software): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Reverted 1 edit by 46.56.171.43 (talk): Stray character
(47 intermediate revisions by 32 users not shown)
Line 3: Line 3:
{{short description|Deliberate creation of difficult-to-understand code}}
{{short description|Deliberate creation of difficult-to-understand code}}
{{Use mdy dates|date = March 2019}}
{{Use mdy dates|date = March 2019}}
{{Information security}}


In [[software development]], '''obfuscation''' is the deliberate act of creating [[source code|source]] or [[machine code]] that is difficult for humans to understand. Like [[obfuscation]] in [[natural language]], it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose ([[security through obscurity]]) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter [[reverse engineering]], or even to create a [[puzzle]] or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.<ref>
In [[software development]], '''obfuscation''' is the act of creating [[source code|source]] or [[machine code]] that is difficult for humans or computers to understand. Like [[obfuscation]] in [[natural language]], it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose ([[security through obscurity]]) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter [[reverse engineering]], or even to create a [[puzzle]] or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.<ref>{{Cite web|url=https://searchsoftwarequality.techtarget.com/definition/obfuscation|title=What is obfuscation (obfu)? - Definition from WhatIs.com|website=SearchSoftwareQuality|language=en|access-date=2019-02-01}}</ref>
[[three nano dependencies to form one of a set of three dependencies to gather at, in and from triangular nodes in 3Dspace Cartesian Coordinate Nurbs as synapses of web users, pages and device timer chips. All breached information would be preset by corporate as Cat6 pins to a meraki.
Of all the people, whatever you call them, you picked the best one ever to put ever level in the viewport of accessing your own databases. UNICORE/Raytheon is willing to debrief any other questions you may need in Tucson to the next in line behind this Pythagoræntheorum, circa 1200 B.C.E India/Vedas Hindu – Arabesques, Grotesque and Moresque. ]]
Identify Thieves – thousands of years.
All of which was thought of by few digging to gather elements.
Very interesting ]]
{{Cite web|url=https://searchsoftwarequality.techtarget.com/definition/obfuscation|title=What is obfuscation (obfu)? - Definition from WhatIs.com|website=SearchSoftwareQuality|language=en|access-date=2019-02-01}}</ref>


==Overview==
==Overview==
The architecture and characteristics of some languages may make them easier to obfuscate than others.<ref>{{cite web|last=Binstock |first=Andrew |url=http://www.devx.com/microsoftISV/Article/11351 |title=Obfuscation: Cloaking your Code from Prying Eyes |date=2003-03-06 |access-date=2013-11-25 |url-status=dead |archive-url=https://web.archive.org/web/20080420165109/http://www.devx.com/microsoftISV/Article/11351 |archive-date=April 20, 2008 }}</ref><ref>{{cite web|last=Atwood |first=Jeff |url=http://www.codinghorror.com/blog/archives/000291.html |title=Jeff Atwood, May 15, 2005 |publisher=Codinghorror.com |date=2005-05-15 |access-date=2013-11-25}}</ref> [[C (programming language)|C]],<ref>{{cite web |url=http://www.kenter.demon.nl/obfuscate.html |title=Obfuscation |publisher=Kenter.demon.nl |access-date=2013-11-25 |archive-url=https://web.archive.org/web/20160304033430/http://www.kenter.demon.nl/obfuscate.html |archive-date=March 4, 2016 |url-status=dead }}</ref> [[C++]],<ref>{{cite web|url=http://www.dreamincode.net/forums/index.php?showtopic=38102 |title=C++ Tutorials – Obfuscated Code – A Simple Introduction |publisher=DreamInCode.net |access-date=2013-11-25}}</ref><ref>{{cite web|url=http://sites.google.com/site/rcorcs/posts/obfuscatedcode |title=C Tutorials – Obfuscated Code in C |date=2011-07-07 |access-date=2013-11-25}}</ref> and the [[Perl]] [[programming language]]<ref>{{cite web|author=As of 2013-11-25 18:22 GMT |url=http://www.perlmonks.org/index.pl?node_id=291267 |title=Pe(a)rls in line noise |publisher=Perlmonks.org |access-date=2013-11-25}}</ref> are some examples of languages easy to obfuscate. [[Haskell (programming language)]] is also quite obfuscatable<ref>{{cite web|url=https://wiki.haskell.org/Obfuscation |title=Obfuscation – Haskell Wiki |date=2006-02-16 |access-date=2020-03-03 |url-status=live |archive-url=https://web.archive.org/web/20170830203204/https://wiki.haskell.org/Obfuscation |archive-date=August 30, 2017 }}</ref> despite being quite different in structure.
The architecture and characteristics of some languages may make them easier to obfuscate than others.<ref>{{cite web|last=Binstock |first=Andrew |url=http://www.devx.com/microsoftISV/Article/11351 |title=Obfuscation: Cloaking your Code from Prying Eyes |date=2003-03-06 |access-date=2013-11-25 |url-status=dead |archive-url=https://web.archive.org/web/20080420165109/http://www.devx.com/microsoftISV/Article/11351 |archive-date=April 20, 2008 }}</ref><ref>{{cite web|last=Atwood |first=Jeff |url=http://www.codinghorror.com/blog/archives/000291.html |title=Jeff Atwood, May 15, 2005 |publisher=Codinghorror.com |date=2005-05-15 |access-date=2013-11-25}}</ref> [[C (programming language)|C]],<ref>{{cite web |url=http://www.kenter.demon.nl/obfuscate.html |title=Obfuscation |publisher=Kenter.demon.nl |access-date=2013-11-25 |archive-url=https://web.archive.org/web/20160304033430/http://www.kenter.demon.nl/obfuscate.html |archive-date=March 4, 2016 |url-status=dead }}</ref> [[C++]],<ref>{{cite web|url=http://www.dreamincode.net/forums/index.php?showtopic=38102 |title=C++ Tutorials – Obfuscated Code – A Simple Introduction |publisher=DreamInCode.net |access-date=2013-11-25}}</ref><ref>{{cite web|url=http://sites.google.com/site/rcorcs/posts/obfuscatedcode |title=C Tutorials – Obfuscated Code in C |date=2011-07-07 |access-date=2013-11-25}}</ref> and the [[Perl]] [[programming language]]<ref>{{cite web|author=As of 2013-11-25 18:22 GMT |url=http://www.perlmonks.org/index.pl?node_id=291267 |title=Pe(a)rls in line noise |publisher=Perlmonks.org |access-date=2013-11-25}}</ref> are some examples of languages easy to obfuscate. [[Haskell (programming language)|Haskell]] is also quite obfuscatable<ref>{{cite web|url=https://wiki.haskell.org/Obfuscation |title=Obfuscation – Haskell Wiki |date=2006-02-16 |access-date=2020-03-03 |url-status=live |archive-url=https://web.archive.org/web/20170830203204/https://wiki.haskell.org/Obfuscation |archive-date=August 30, 2017 }}</ref> despite being quite different in structure.


The properties that make a language obfuscatable are not immediately obvious.
The properties that make a language obfuscatable are not immediately obvious.


== Techniques ==
==Recreational obfuscation==
{{Expand section|date=March 2023|explaining more obfuscation techniques in general}}

Writing and reading obfuscated source code can be a [[brain teaser]]. A number of programming contests reward the most creatively obfuscated code, such as the [[International Obfuscated C Code Contest]] and the [[Obfuscated Perl Contest]].

Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs.
Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs.


According to [[Nick Montfort]], techniques may include:
According to [[Nick Montfort]], techniques may include:
# naming obfuscation, which includes naming variables in a meaningless or deceptive way;
# naming obfuscation, which includes naming variables in a meaningless or deceptive way;
# data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data;
# data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data;
# double coding, which can be displaying code in poetry form or interesting shapes.<ref>{{cite web |last=Montfort |first=Nick |url=http://obfuscationsymposium.org/wp-content/uploads/2014/01/Montfort__Obfuscated_Code.pdf |title=Obfuscated code |access-date=2017-11-24 |archive-url=https://web.archive.org/web/20190424012657/http://obfuscationsymposium.org/wp-content/uploads/2014/01/Montfort__Obfuscated_Code.pdf |archive-date=April 24, 2019 |url-status=dead }}</ref>
# double coding, which can be displaying code in poetry form or interesting shapes.<ref>{{cite web |last=Montfort |first=Nick |title=Obfuscated code |url=http://obfuscationsymposium.org/wp-content/uploads/2014/01/Montfort__Obfuscated_Code.pdf |url-status=dead |archive-url=https://web.archive.org/web/20190424012657/http://obfuscationsymposium.org/wp-content/uploads/2014/01/Montfort__Obfuscated_Code.pdf |archive-date=April 24, 2019 |access-date=2017-11-24}}</ref>


=== Automated tools<span class="anchor" id="Obfuscating software"></span><span class="anchor" id="Examples"></span> ===
Short obfuscated [[Perl]] programs may be used in [[Signature block|signatures]] of Perl programmers. These are JAPHs ("[[Just another Perl hacker]]").<ref>{{cite web |url=http://rochester.pm.org/talks/japh_discussion.txt |title=JAPH – Just Another Perl Hacker |author=<!--Staff writer(s); no by-line.--> |website=pm.org |publisher=Perl Mongers |archive-url=https://web.archive.org/web/20130516074850/http://rochester.pm.org/talks/japh_discussion.txt |archive-date=16 May 2013 |access-date=27 February 2015 }}</ref>
A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and [[open-source software]]. Deobfuscation tools also exist that attempt to perform the reverse transformation.


Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by [[Java (programming language)|Java]] and [[.NET]], there are also some that work directly on compiled binaries.
===Examples===


*Some [[Python (programming language)|Python]] examples can be found in the [https://docs.python.org/3/faq/programming.html#is-it-possible-to-write-obfuscated-one-liners-in-python official Python programming FAQ] and elsewhere.<ref>{{cite web |author=Ben Kurtovic |title=Obfuscating "Hello world!" |url=https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html |website=benkurtovic.com}}</ref><ref>{{cite web |date= |title=Obfuscated Python |url=http://wiki.c2.com/?ObfuscatedPython |website=wiki.c2.com}}</ref><ref>{{cite web |title=The First Annual Obfuscated Python Content |url=https://code.activestate.com/lists/python-list/16171/ |website=code.activestate.com}}</ref>
This is a winning entry from the [[International Obfuscated C Code Contest]] written by Ian Phillipps in 1988<ref>{{cite web |url=http://www.ioccc.org/years.html#1988_phillipps |title=International Obfuscated C Code Winners 1988 – Least likely to compile successfully |publisher=Ioccc.org |access-date=2013-11-25 |archive-url=https://web.archive.org/web/20090409235720/http://www.ioccc.org/years.html#1988_phillipps |archive-date=April 9, 2009 |url-status=dead }}</ref> and subsequently reverse engineered by Thomas Ball.<ref>{{cite web|url=http://research.microsoft.com/~tball/papers/XmasGift/ |archive-url=https://web.archive.org/web/20071213181151/http://research.microsoft.com/~tball/papers/XmasGift/ |archive-date=2007-12-13 |title="Reverse Engineering the Twelve Days of Christmas" by Thomas Ball |publisher=Research.microsoft.com |access-date=2013-11-25}}</ref>
* The ''movfuscator'' [[C (programming language)|C]] [[compiler]] for the [[X86|x86_32 ISA]] uses only the [[X86 instruction listings|''mov'']] instruction in order to obfuscate.<ref>{{Citation |last=domas |title=xoreaxeaxeax/movfuscator |date=2022-11-03 |url=https://github.com/xoreaxeaxeax/movfuscator |access-date=2022-11-05}}</ref><ref>{{Citation |title=Break Me00 The MoVfuscator Turning mov into a soul crushing RE nightmare Christopher Domas |url=https://www.youtube.com/watch?v=R7EEoWg6Ekk |access-date=2022-11-05 |language=en}}</ref><ref>{{cite web |url=https://hackaday.com/2021/05/21/one-instruction-to-rule-them-all-c-compiler-emits-only-mov/ |title=One Instruction To Rule Them All: C Compiler Emits Only MOV |last=Williams |first=Al |publisher=[[Hackaday]] |date=2021-03-21 |accessdate=2023-10-23 }}</ref>


=== Recreational ===
<syntaxhighlight lang="c">
Writing and reading obfuscated source code can be a [[brain teaser]]. A number of programming contests reward the most creatively obfuscated code, such as the [[International Obfuscated C Code Contest]] and the [[Obfuscated Perl Contest]].
/*
LEAST LIKELY TO COMPILE SUCCESSFULLY:
Ian Phillipps, Cambridge Consultants Ltd., Cambridge, England
*/


Short obfuscated [[Perl]] programs may be used in [[Signature block|signatures]] of Perl programmers. These are JAPHs ("[[Just another Perl hacker]]").<ref>{{cite web |url=http://rochester.pm.org/talks/japh_discussion.txt |title=JAPH – Just Another Perl Hacker |author=<!--Staff writer(s); no by-line.--> |website=pm.org |publisher=Perl Mongers |archive-url=https://web.archive.org/web/20130516074850/http://rochester.pm.org/talks/japh_discussion.txt |archive-date=16 May 2013 |access-date=27 February 2015 }}</ref>
#include <stdio.h>
main(t,_,a)
char
*
a;
{
return!

0<t?
t<3?

main(-79,-13,a+
main(-87,1-_,
main(-86, 0, a+1 )

+a)):

1,
t<_?
main(t+1, _, a )
:3,

main ( -94, -27+t, a )
&&t == 2 ?_
<13 ?

main ( 2, _+1, "%s %d %d\n" )

:9:16:
t<0?
t<-72?
main( _, t,
"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;\
#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l q#'+d'K#!/+k#;\
q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; \
r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#\
\
n'wk nw' iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;\
{nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;\
#'rdq#w! nr'/ ') }+}{rl#'{n' ')# }'+}##(!!/")
:
t<-50?
_==*a ?
putchar(31[a]):

main(-65,_,a+1)
:
main((*a == '/') + t, _, a + 1 )
:

0<t?

main ( 2, 2 , "%s")
:*a=='/'||

main(0,

main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry")

,a+1);}

</syntaxhighlight>
It is a [[C (programming language)|C]] program that when compiled and run will generate the 12 verses of ''[[The Twelve Days of Christmas (song)|The 12 Days of Christmas]]''. It contains all the strings required for the poem in an encoded form within the code.

A non-winning entry from the same year, this next example illustrates creative use of whitespace; it generates mazes of arbitrary length:<ref>Don Libes, ''Obfuscated C and Other Mysteries'', John Wiley & Sons, 1993, pp 425. {{ISBN|0-471-57805-3}}</ref>

<syntaxhighlight lang="c">
char*M,A,Z,E=40,J[40],T[40];main(C){for(*J=A=scanf(M="%d",&C);
-- E; J[ E] =T
[E ]= E) printf("._"); for(;(A-=Z=!Z) || (printf("\n|"
) , A = 39 ,C --
) ; Z || printf (M ))M[Z]=Z[A-(E =A[J-Z])&&!C
& A == T[ A]
|6<<27<rand()||!C&!Z?J[T[E]=T[A]]=E,J[T[A]=A-Z]=A,"_.":" |"];}
</syntaxhighlight>
ANSI-compliant C compilers don't allow constant strings to be overwritten, which can be avoided by changing "*M" to "M[3]" and omitting "M=".

The following example by Óscar Toledo Gutiérrez, Best of Show entry in the 19th [[International Obfuscated C Code Contest|IOCCC]]<!-- in 2010 or 2011? -->, implements an [[8080]] emulator complete with terminal and disk controller, capable of booting [[CP/M-80]] and running CP/M applications:<ref name="emulator_8080">Óscar Toledo Gutiérrez: ''[http://www.nanochess.org/emulator.html Intel 8080 emulator. 19th IOCCC. Best of Show.]''</ref>

<syntaxhighlight lang="c">
#include <stdio.h>
#define n(o,p,e)=y=(z=a(e)%16 p x%16 p o,a(e)p x p o),h(
#define s 6[o]
#define p z=l[d(9)]|l[d(9)+1]<<8,1<(9[o]+=2)||++8[o]
#define Q a(7)
#define w 254>(9[o]-=2)||--8[o],l[d(9)]=z,l[1+d(9)]=z>>8
#define O )):((
#define b (y&1?~s:s)>>"\6\0\2\7"[y/2]&1?0:(
#define S )?(z-=
#define a(f)*((7&f)-6?&o[f&7]:&l[d(5)])
#define C S 5 S 3
#define D(E)x/8!=16+E&198+E*8!=x?
#define B(C)fclose((C))
#define q (c+=2,0[c-2]|1[c-2]<<8)
#define m x=64&x?*c++:a(x),
#define A(F)=fopen((F),"rb+")
unsigned char o[10],l[78114],*c=l,*k=l
#define d(e)o[e]+256*o[e-1]
#define h(l)s=l>>8&1|128&y|!(y&255)*64|16&z|2,y^=y>>4,y^=y<<2,y^=~y>>1,s|=y&4
+64506; e,V,v,u,x,y,z,Z; main(r,U)char**U;{

{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { ; } } { { { } } } { { ; } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }
{ { { } } } { { { } } } { { { } } } { { { } } }

for(v A((u A((e A((r-2?0:(V A(1[U])),"C")
),system("stty raw -echo min 0"),fread(l,78114,1,e),B(e),"B")),"A")); 118-(x
=*c++); (y=x/8%8,z=(x&199)-4 S 1 S 1 S 186 S 2 S 2 S 3 S 0,r=(y>5)*2+y,z=(x&
207)-1 S 2 S 6 S 2 S 182 S 4)?D(0)D(1)D(2)D(3)D(4)D(5)D(6)D(7)(z=x-2 C C C C
C C C C+129 S 6 S 4 S 6 S 8 S 8 S 6 S 2 S 2 S 12)?x/64-1?((0 O a(y)=a(x) O 9
[o]=a(5),8[o]=a(4) O 237==*c++?((int (*)())(2-*c++?fwrite:fread))(l+*k+1[k]*
256,128,1,(fseek(y=5[k]-1?u:v,((3[k]|4[k]<<8)<<7|2[k])<<7,Q=0),y)):0 O y=a(5
),z=a(4),a(5)=a(3),a(4)=a(2),a(3)=y,a(2)=z O c=l+d(5) O y=l[x=d(9)],z=l[++x]
,x[l]=a(4),l[--x]=a(5),a(5)=y,a(4)=z O 2-*c?Z||read(0,&Z,1),1&*c++?Q=Z,Z=0:(
Q=!!Z):(c++,Q=r=V?fgetc(V):-1,s=s&~1|r<0) O++c,write(1,&7[o],1) O z=c+2-l,w,
c=l+q O p,c=l+z O c=l+q O s^=1 O Q=q[l] O s|=1 O q[l]=Q O Q=~Q O a(5)=l[x=q]
,a(4)=l[++x] O s|=s&16|9<Q%16?Q+=6,16:0,z=s|=1&s|Q>159?Q+=96,1:0,y=Q,h(s<<8)
O l[x=q]=a(5),l[++x]=a(4) O x=Q%2,Q=Q/2+s%2*128,s=s&~1|x O Q=l[d(3)]O x=Q /
128,Q=Q*2+s%2,s=s&~1|x O l[d(3)]=Q O s=s&~1|1&Q,Q=Q/2|Q<<7 O Q=l[d(1)]O s=~1
&s|Q>>7,Q=Q*2|Q>>7 O l[d(1)]=Q O m y n(0,-,7)y) O m z=0,y=Q|=x,h(y) O m z=0,
y=Q^=x,h(y) O m z=Q*2|2*x,y=Q&=x,h(y) O m Q n(s%2,-,7)y) O m Q n(0,-,7)y) O
m Q n(s%2,+,7)y) O m Q n(0,+,7)y) O z=r-8?d(r+1):s|Q<<8,w O p,r-8?o[r+1]=z,r
[o]=z>>8:(s=~40&z|2,Q=z>>8) O r[o]--||--o[r-1]O a(5)=z=a(5)+r[o],a(4)=z=a(4)
+o[r-1]+z/256,s=~1&s|z>>8 O ++o[r+1]||r[o]++O o[r+1]=*c++,r[o]=*c++O z=c-l,w
,c=y*8+l O x=q,b z=c-l,w,c=l+x) O x=q,b c=l+x) O b p,c=l+z) O a(y)=*c++O r=y
,x=0,a(r)n(1,-,y)s<<8) O r=y,x=0,a(r)n(1,+,y)s<<8))));
system("stty cooked echo"); B((B((V?B(V):0,u)),v)); }

//print("Hello world")
</syntaxhighlight>

An example of a [[Just another Perl hacker|JAPH]]:

<syntaxhighlight lang="perl">
@P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f^ord
($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print
</syntaxhighlight>

This slowly displays the text "Just another Perl / Unix hacker", multiple characters at a time, with delays.<ref>{{cite web|url=http://perl.plover.com/obfuscated/ |title=Obfuscated Perl Program |publisher=Perl.plover.com |access-date=2013-11-25}}</ref>

Some [[Python (programming language)|Python]] examples can be found in the [https://docs.python.org/3/faq/programming.html#is-it-possible-to-write-obfuscated-one-liners-in-python official Python programming FAQ] and elsewhere.<ref>{{cite web|url=https://benkurtovic.com/2014/06/01/obfuscating-hello-world.html|title=Obfuscating "Hello world!" – Ben Kurtovic|website=benkurtovic.com}}</ref><ref>http://wiki.c2.com/?ObfuscatedPython {{Bare URL inline|date=October 2021}}</ref><ref>https://code.activestate.com/lists/python-list/16171/ "The First Annual Obfuscated Python Content"</ref>

==Advantages of obfuscation==

=== Faster loading time ===
The scripts used by web-pages have to be sent over the network to the user agent that will run them. The smaller they are, the faster the download. In such use-cases, [[Minification (programming)|minification]] (a relatively trivial form of obfuscation) can produce real advantages.

=== Reduced memory usage ===
In antique [[runtime system|run-time]] interpreted languages (more commonly known as [[Scripting language|script]]), like older versions of BASIC, programs executed faster and took less RAM if they used single letter variable names, avoided comments and contained only necessary blank characters (in brief, the shorter the faster).

=== Protection for trade secrets ===
Where the source code of a program must be sent to the user, for example JavaScript in a web page, any trade secret, licensing mechanism or other intellectual property contained within the program is accessible to the user. Obfuscation makes it harder to understand the code and make modifications to it.

Desktop programs sometimes include features that help to obfuscate their code. Some programs may not store their entire code on disk, and may pull a portion of their binary code via the web at runtime. They may also use compression and/or encryption, adding additional steps to the disassembly process.

=== Prevention of circumvention ===
Obfuscating the program can, in such cases, make it harder for users to circumvent license mechanisms or obtain information the program's supplier wished to hide. It can also be used to make it harder to hack multiplayer games.


=== Prevention of virus detection ===
=== Cryptographic ===
{{Further information|Indistinguishability obfuscation|Black-box obfuscation}}
Malicious programs may use obfuscation to disguise what they are really doing. Most users do not even read such programs; and those that do typically have access to software tools that can help them to undo the obfuscation, so this strategy is of limited efficacy.
Cryptographers have explored the idea of obfuscating code so that reverse-engineering the code is ''cryptographically'' hard. This is formalized in the many proposals for [[indistinguishability obfuscation]], a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, [[black-box obfuscation]], is known to be impossible in general.)<ref>{{Cite magazine |title=Cryptography Breakthrough Could Make Software Unhackable |url=https://www.wired.com/2014/02/cryptography-breakthrough/ |magazine=Wired |language=en-us |issn=1059-1028 |access-date=2021-03-14}}</ref><ref>{{Cite journal |last1=Jain |first1=Aayush |last2=Lin |first2=Huijia |last3=Sahai |first3=Amit |date=2020 |title=Indistinguishability Obfuscation from Well-Founded Assumptions |url=https://eprint.iacr.org/2020/1003 |journal=Cryptology ePrint Archive |arxiv=2008.09317}}</ref>


==Disadvantages of obfuscation==
==Disadvantages of obfuscation==
Line 219: Line 42:
* It adds time and complexity to the build process for the developers.
* It adds time and complexity to the build process for the developers.
* It can make debugging issues after the software has been obfuscated extremely difficult.
* It can make debugging issues after the software has been obfuscated extremely difficult.
* Once code becomes [[abandonware]] and is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code.
* Once code is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code.
* Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.
* Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.


=== Notifying users of obfuscated code ===
== Decompilers ==
Some anti-virus softwares, such as [[AVG AntiVirus]],<ref>{{Cite web |date=2020-07-21 |title=Blocking website and only way to fix is disabling HTTPS s... {{!}} AVG |url=https://support.avg.com/answers?id=9060N000000gbDLQAY |access-date=2022-02-04 |website=support.avg.com |language=en}}</ref> will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software.
A [[decompiler]] can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "[[Man-in-the-middle attack|man-in-the-middle]]". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).


Mozilla and Google disallow browser extensions containing obfuscated code in their add-ons store.<ref>{{Cite web |last=at 05:01 |first=Thomas Claburn in San Francisco 2 Oct 2018 |title=Google taking action against disguised code in Chrome Web Store |url=https://www.theregister.co.uk/2018/10/02/google_chrome_web_store/ |access-date=2019-11-12 |website=www.theregister.co.uk |language=en}}</ref><ref>{{Cite web |last=Cimpanu |first=Catalin |title=Mozilla announces ban on Firefox extensions containing obfuscated code |url=https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/ |access-date=2019-11-12 |website=ZDNet |language=en}}</ref>
== Cryptographic obfuscation ==
Recently, [[Cryptography|cryptographers]] have explored the idea of obfuscating code so that reverse-engineering the code is ''cryptographically'' hard. This is formalized in the many proposals for [[indistinguishability obfuscation]], a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, [[black-box obfuscation]], was shown impossible in 2001 when researchers constructed programs that cannot be obfuscated in this notion.)<ref>{{Cite news|title=Cryptography Breakthrough Could Make Software Unhackable|language=en-us|work=Wired|url=https://www.wired.com/2014/02/cryptography-breakthrough/|access-date=2021-03-14|issn=1059-1028}}</ref><ref>{{Cite journal|last1=Jain|first1=Aayush|last2=Lin|first2=Huijia|last3=Sahai|first3=Amit|date=2020|title=Indistinguishability Obfuscation from Well-Founded Assumptions|arxiv=2008.09317|url=https://eprint.iacr.org/2020/1003}}</ref>


=== Obfuscation and copyleft licenses ===
== Notifying users of obfuscated code ==
There has been debate on whether it is illegal to skirt [[copyleft]] [[Software license|software licenses]] by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the [[GNU General Public License]] by requiring the "preferred form for making modifications" to be made available.<ref>{{cite web |title=Reasoning behind the "preferred form of the work for making modifications to it" language in the GPL |url=https://lwn.net/Articles/431651/ |access-date=2013-11-25 |publisher=Lwn.net}}</ref> The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."<ref>{{cite web |title=What is free software? |url=https://www.gnu.org/philosophy/free-sw.html |access-date=2014-12-18 |publisher=gnu.org}}</ref>
Some anti-virus softwares, such as [[AVG AntiVirus]],{{citation needed|date=October 2017}} will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software.


== Decompilers ==
Certain major browsers such as Firefox and Chrome also disallow browser extensions containing obfuscated code.<ref>{{Cite web|url=https://www.theregister.co.uk/2018/10/02/google_chrome_web_store/|title=Google taking action against disguised code in Chrome Web Store|last=at 05:01|first=Thomas Claburn in San Francisco 2 Oct 2018|website=www.theregister.co.uk|language=en|access-date=2019-11-12}}</ref><ref>{{Cite web|url=https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/|title=Mozilla announces ban on Firefox extensions containing obfuscated code|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=2019-11-12}}</ref>
A [[decompiler]] can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-in-the-end (mite) attack, based on the traditional cryptographic attack known as "[[Man-in-the-middle attack|man-in-the-middle]]". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).

==Obfuscating software==
A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and [[open-source software]]. Deobfuscation tools also exist that attempt to perform the reverse transformation.

Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.


== Model obfuscation ==
==Obfuscation and copyleft licenses==


'''Model obfuscation''' is a technique to hide the internal structure of a [[machine learning]] model.<ref>{{cite journal |last1=Zhou |first1=Mingyi |last2=Gao |first2=Xiang |last3=Wu |first3=Jing |last4=Grundy |first4=John C. |last5=Chen |first5=Xiao |last6=Chen |first6=Chunyang |last7=Li |first7=Li |title=Model Obfuscation for Securing Deployed Neural Networks |date=2023 |url=https://openreview.net/forum?id=ib482K6HQod |language=en}}</ref> Obfuscation turns a model into a black box. It is contrary to [[explainable AI]]. Obfuscation models can also be applied to training data before feeding it into the model to add random noise. This hides sensitive information about the properties of individual and groups of samples.<ref>{{cite arXiv|last1=Zhang |first1=Tianwei |title=Privacy-preserving Machine Learning through Data Obfuscation |date=2018-07-12 |eprint=1807.01860 |last2=He |first2=Zecheng |last3=Lee |first3=Ruby B.|class=cs.CR }}</ref>
There has been debate on whether it is illegal to skirt [[copyleft]] [[Software license|software licenses]] by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the [[GNU General Public License]] by requiring the "preferred form for making modifications" to be made available.<ref>{{cite web|url=https://lwn.net/Articles/431651/ |title=Reasoning behind the "preferred form of the work for making modifications to it" language in the GPL |publisher=Lwn.net |access-date=2013-11-25}}</ref> The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."<ref>{{cite web|url=https://www.gnu.org/philosophy/free-sw.html |title=What is free software? |publisher=gnu.org |access-date=2014-12-18}}</ref>


==See also==
==See also==
Line 246: Line 64:
* [[AARD code]]
* [[AARD code]]
* [[Spaghetti code]]
* [[Spaghetti code]]
* [[Write-only language]]
* [[Decompilation]]
* [[Decompilation]]
* [[Esoteric programming language]]
* [[Esoteric programming language]]
Line 261: Line 78:
* [[Source code beautification]]
* [[Source code beautification]]
{{Div col end}}
{{Div col end}}

==Notes==
{{Reflist|30em}}


==References==
==References==
{{Reflist}}

==Further reading==
{{Refbegin}}
{{Refbegin}}
* Seyyedhamzeh, Javad, [https://archive.today/20121227220116/http://www.csi.org.ir/paper?conf=30&author_name=&paper_name=&abstract=&page=14 ABCME: A Novel Metamorphic Engine], 17th National Computer Conference, Sharif University of Technology, Tehran, Iran, 2012.
* Seyyedhamzeh, Javad, [https://archive.today/20121227220116/http://www.csi.org.ir/paper?conf=30&author_name=&paper_name=&abstract=&page=14 ABCME: A Novel Metamorphic Engine], 17th National Computer Conference, Sharif University of Technology, Tehran, Iran, 2012.
Line 281: Line 98:


==External links==
==External links==
*[http://obfuscator.io/ A free and efficient obfuscator for JavaScript]
*[https://github.com/guillaC/JSBatchobfuscator open source JavaScript obfuscator for batch script]
*[https://www.ioccc.org/ The International Obfuscated C Code Contest]
*[https://www.ioccc.org/ The International Obfuscated C Code Contest]
*[https://www.antispy.xyz/ antispy C/C++ Obfuscation Library for all platforms]
*[https://web.archive.org/web/20050308231232/http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation.html Protecting Java Code Via Code Obfuscation], ACM Crossroads, Spring 1998 issue
*[https://web.archive.org/web/20050308231232/http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation.html Protecting Java Code Via Code Obfuscation], ACM Crossroads, Spring 1998 issue
*[https://web.archive.org/web/20080509122145/http://www.excelsior-usa.com/articles/java-obfuscators.html Protect Your Java Code – Through Obfuscators And Beyond], April 2009
*[https://docs.microsoft.com/en-us/visualstudio/ide/dotfuscator/ Dotfuscator in ] — Visual Studio documentation for built-in .NET obfuscation
*[http://msdn2.microsoft.com/en-us/vcsharp/aa336818.aspx#obfuscators Obfuscation tools for .NET, on MSDN] — Obfuscation resources for .NET, on the Microsoft Developer Center.
*[https://web.archive.org/web/20051124025132/http://www.cs.princeton.edu/~boaz/Papers/obf_informal.html Can we obfuscate programs?]
*[https://web.archive.org/web/20051124025132/http://www.cs.princeton.edu/~boaz/Papers/obf_informal.html Can we obfuscate programs?]
*[http://yury.name/obfuscation.html Yury Lifshits. Lecture Notes on Program Obfuscation (Spring'2005)]
*[http://yury.name/obfuscation.html Yury Lifshits. Lecture Notes on Program Obfuscation (Spring'2005)]
* {{dmoz|Computers/Programming/Languages/Java/Development_Tools/Obfuscators|Java obfuscators}}
* {{dmoz|Computers/Programming/Languages/Java/Development_Tools/Obfuscators|Java obfuscators}}
*[https://web.archive.org/web/20080315222823/http://research.microsoft.com/~tball/papers/XmasGift/ Analysis of the 12 days program]
*[https://tromp.github.io/maze.html Analysis of the obfuscated maze generating program]
*[http://perl.plover.com/obfuscated/ Obfuscated Perl program with explanation]
*[http://javaencrypt.com/?lang=en Analysis of javascript code obfuscation]
*[[c2:BlackBoxComputation]]
*[[c2:BlackBoxComputation]]


{{Information security}}
{{DEFAULTSORT:Obfuscated Code}}
{{DEFAULTSORT:Obfuscated Code}}
[[Category:Anti-patterns]]
[[Category:Software obfuscation| ]]
[[Category:Articles with example C code]]
[[Category:Obfuscation]]
[[Category:Source code]]
[[Category:Source code]]
[[Category:Software obfuscation]]
[[Category:Program transformation]]
[[Category:Program transformation]]


Revision as of 15:51, 13 June 2024

For the term as used in natural language, see obfuscation.

In software development, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.[1]

Overview

The architecture and characteristics of some languages may make them easier to obfuscate than others.[2][3] C,[4] C++,[5][6] and the Perl programming language[7] are some examples of languages easy to obfuscate. Haskell is also quite obfuscatable[8] despite being quite different in structure.

The properties that make a language obfuscatable are not immediately obvious.

Techniques

Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs.

According to Nick Montfort, techniques may include:

  1. naming obfuscation, which includes naming variables in a meaningless or deceptive way;
  2. data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data;
  3. double coding, which can be displaying code in poetry form or interesting shapes.[9]

Automated tools

A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and open-source software. Deobfuscation tools also exist that attempt to perform the reverse transformation.

Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.

Recreational

Writing and reading obfuscated source code can be a brain teaser. A number of programming contests reward the most creatively obfuscated code, such as the International Obfuscated C Code Contest and the Obfuscated Perl Contest.

Short obfuscated Perl programs may be used in signatures of Perl programmers. These are JAPHs ("Just another Perl hacker").[16]

Cryptographic

Further information: Indistinguishability obfuscation and Black-box obfuscation

Cryptographers have explored the idea of obfuscating code so that reverse-engineering the code is cryptographically hard. This is formalized in the many proposals for indistinguishability obfuscation, a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion, black-box obfuscation, is known to be impossible in general.)[17][18]

Disadvantages of obfuscation

  • While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible.[19]
  • It adds time and complexity to the build process for the developers.
  • It can make debugging issues after the software has been obfuscated extremely difficult.
  • Once code is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code.
  • Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.

Notifying users of obfuscated code

Some anti-virus softwares, such as AVG AntiVirus,[20] will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software.

Mozilla and Google disallow browser extensions containing obfuscated code in their add-ons store.[21][22]

Obfuscation and copyleft licenses

There has been debate on whether it is illegal to skirt copyleft software licenses by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the GNU General Public License by requiring the "preferred form for making modifications" to be made available.[23] The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."[24]

Decompilers

A decompiler can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-in-the-end (mite) attack, based on the traditional cryptographic attack known as "man-in-the-middle". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).

Model obfuscation

Model obfuscation is a technique to hide the internal structure of a machine learning model.[25] Obfuscation turns a model into a black box. It is contrary to explainable AI. Obfuscation models can also be applied to training data before feeding it into the model to add random noise. This hides sensitive information about the properties of individual and groups of samples.[26]

See also

References

  1. ^ "What is obfuscation (obfu)? - Definition from WhatIs.com". SearchSoftwareQuality. Retrieved February 1, 2019.
  2. ^ Binstock, Andrew (March 6, 2003). "Obfuscation: Cloaking your Code from Prying Eyes". Archived from the original on April 20, 2008. Retrieved November 25, 2013.
  3. ^ Atwood, Jeff (May 15, 2005). "Jeff Atwood, May 15, 2005". Codinghorror.com. Retrieved November 25, 2013.
  4. ^ "Obfuscation". Kenter.demon.nl. Archived from the original on March 4, 2016. Retrieved November 25, 2013.
  5. ^ "C++ Tutorials – Obfuscated Code – A Simple Introduction". DreamInCode.net. Retrieved November 25, 2013.
  6. ^ "C Tutorials – Obfuscated Code in C". July 7, 2011. Retrieved November 25, 2013.
  7. ^ As of 2013-11-25 18:22 GMT. "Pe(a)rls in line noise". Perlmonks.org. Retrieved November 25, 2013.{{cite web}}: CS1 maint: numeric names: authors list (link)
  8. ^ "Obfuscation – Haskell Wiki". February 16, 2006. Archived from the original on August 30, 2017. Retrieved March 3, 2020.
  9. ^ Montfort, Nick. "Obfuscated code" (PDF). Archived from the original (PDF) on April 24, 2019. Retrieved November 24, 2017.
  10. ^ Ben Kurtovic. "Obfuscating "Hello world!"". benkurtovic.com.
  11. ^ "Obfuscated Python". wiki.c2.com.
  12. ^ "The First Annual Obfuscated Python Content". code.activestate.com.
  13. ^ domas (November 3, 2022), xoreaxeaxeax/movfuscator, retrieved November 5, 2022
  14. ^ Break Me00 The MoVfuscator Turning mov into a soul crushing RE nightmare Christopher Domas, retrieved November 5, 2022
  15. ^ Williams, Al (March 21, 2021). "One Instruction To Rule Them All: C Compiler Emits Only MOV". Hackaday. Retrieved October 23, 2023.
  16. ^ "JAPH – Just Another Perl Hacker". pm.org. Perl Mongers. Archived from the original on May 16, 2013. Retrieved February 27, 2015.
  17. ^ "Cryptography Breakthrough Could Make Software Unhackable". Wired. ISSN 1059-1028. Retrieved March 14, 2021.
  18. ^ Jain, Aayush; Lin, Huijia; Sahai, Amit (2020). "Indistinguishability Obfuscation from Well-Founded Assumptions". Cryptology ePrint Archive. arXiv:2008.09317.
  19. ^ ""Can We Obfuscate Programs?" by Boaz Barak". Math.ias.edu. Archived from the original on March 23, 2016. Retrieved November 25, 2013.
  20. ^ "Blocking website and only way to fix is disabling HTTPS s... | AVG". support.avg.com. July 21, 2020. Retrieved February 4, 2022.
  21. ^ at 05:01, Thomas Claburn in San Francisco 2 Oct 2018. "Google taking action against disguised code in Chrome Web Store". www.theregister.co.uk. Retrieved November 12, 2019.{{cite web}}: CS1 maint: numeric names: authors list (link)
  22. ^ Cimpanu, Catalin. "Mozilla announces ban on Firefox extensions containing obfuscated code". ZDNet. Retrieved November 12, 2019.
  23. ^ "Reasoning behind the "preferred form of the work for making modifications to it" language in the GPL". Lwn.net. Retrieved November 25, 2013.
  24. ^ "What is free software?". gnu.org. Retrieved December 18, 2014.
  25. ^ Zhou, Mingyi; Gao, Xiang; Wu, Jing; Grundy, John C.; Chen, Xiao; Chen, Chunyang; Li, Li (2023). "Model Obfuscation for Securing Deployed Neural Networks". {{cite journal}}: Cite journal requires |journal= (help)
  26. ^ Zhang, Tianwei; He, Zecheng; Lee, Ruby B. (July 12, 2018). "Privacy-preserving Machine Learning through Data Obfuscation". arXiv:1807.01860 [cs.CR].

Further reading

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Obfuscation_(software)&oldid=1228857943"