Software Obfuscation from Crackers’ viewpoint

Y, Hiroki; K, Yuichiro; M Akito, N Masahide; M Ken-ichi

Proceedings of the IASTED International Conference

ADVANCES IN COMPUTER SCIENCE AND TECHNOLOGY

January 23-25, 2006, Puerto Vallarta, Mexico

Presented by Justin Nguyen

Summary

“Software obfuscation has become an essential means to hide secrets involved in today’s software system.”

Code obfuscation transforms a program unintelligently to a more complex and difficult to understand yet still functionally equivalent to the original program.

In this paper, the authors look at the problem from cracker’s viewpoint and from there, they discuss techniques for eliminating clues that crackers may find using cracking tools.

Appreciative Comments

The authors have explained very well that how easy a cracker can find clues just by associating the algorithm and the codes.

For example: “The result of addition X (32-bit) is divided into four 8-bit blocks x1,

…,x4. “ x1 = (X>>24) & 0xff x2 = (X>>16) & 0xff x3 = (X>>8) & 0xff x4 = X & 0xff

Appreciative Comments (cont)

There is a good and clear guideline to explain how to apply obfuscation.

Critical Comments

The article is not completely self-contained. For example: while explaining how the algorithm works, they used a function called “Key Schedule” without explaining how this function works.

There is very little discussion about how we can hide the obfuscation itself.

Question

Very often encrypted algorithms contain loops that iterate through and execute a piece of code. This piece of code is usually executed most frequently. Using a tool such as AddTracer or Profiler, a cracker can locate the most frequently executed code. Locating this piece of code, he can easily find out the key that is used to encrypt data.

So what you think is the best way to avoid this?

Thanks for your time