transformations for obfuscating object-oriented programs
DESCRIPTION
Name: Hao Yuan Supervisor: Len Hamey. Transformations for Obfuscating Object-Oriented Programs. Agenda. Introduction Transformations Conclusion. Problem. Programmers Protected Secured Reverse engineers Decompile the code Opposite goals. Aim. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/1.jpg)
Transformations for Obfuscating Object-Oriented Programs
Name: Hao YuanSupervisor: Len Hamey
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 1
![Page 2: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/2.jpg)
Agenda
Introduction Transformations Conclusion
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 2
![Page 3: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/3.jpg)
Problem
Programmers Protected Secured
Reverse engineers Decompile the code
Opposite goals
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 3
![Page 4: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/4.jpg)
Aim
Describe ways to transform the object-oriented programs
Hard to understanding (confuse human reader)
Difficult to reverse engineer (confuse machine)
Obfuscation examples
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 4
if (true){ if (!true){ execute;}
exit;} else{exit;}
else{execute;}
int A=3; int a1=1;int a2=2;
![Page 5: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/5.jpg)
Significance
Source codes are easily stolen and modified Nolan’s Decompiling Java Reuse, misuse, attack
Protect source code and prevent automated reverse engineering Watermarking, obfuscation, tamper-resistance Obfuscation is the most effective method
▪ protect software against malicious reverse engineering▪ make the code more complex and confusing
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 5
![Page 6: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/6.jpg)
What Has Been Achieved
Obfuscating tools Allatori Dash-O-Pro Proguard RetroGuard yGuard (Free) Zelix Klassmanster
No guarantee Perfect obfuscator
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 6
![Page 7: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/7.jpg)
Evaluation of ObfuscationStrength can be measured by: Potency
E(P’)/E(P)-1 Confuse human reader
Resilience Trivial, weak, strong, full, one-way Confuse automated reverse engineering
Cost Free, cheap, costly, expensive Creation, execute time
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 7
![Page 8: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/8.jpg)
Agenda
Introduction Transformations Conclusion
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 8
![Page 9: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/9.jpg)
Class Level Transformations Relocate the frame of programClass combination
Simple combination Complex combination
Class promotionClass splitting
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 9
![Page 10: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/10.jpg)
Method Level Transformations Affect addressing the methods and
the control flow of programsMethod InterleavingMethod SplittingLoop transformationAdd irrelevant code
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 10
![Page 11: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/11.jpg)
Variable Level Transformations Operate on the data structuresChange EncodingVariable promotion
Variable to object Local variable to global variable
Variable splitting
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 11
![Page 12: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/12.jpg)
Name Level Transformations Typically trivial to perform and reduce
the amount of informationLayout obfuscation:
Affect the comprehensibility of the program removing debugging information and
comments renaming identifiers
Name overloading Same identifier Different identifier
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 12
![Page 13: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/13.jpg)
Agenda
Introduction Transformations Conclusion
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 13
![Page 14: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/14.jpg)
Discussion
Applying one level’s transformations may be not very efficiency E.g. name level transformations, potency
but not resilience. Combine different levels’
transformations may perform much better Name level should be applied
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 14
![Page 15: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/15.jpg)
Illustration of Implementation Viewing current month’s calendar
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 15
public class MonthView{…;}
![Page 16: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/16.jpg)
Implementation (cont.)
Promote the variable to object and class splitting
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 16
public class MonthView{…;}public class ShowMonth {…;}public class MonthNameAndDays
![Page 17: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/17.jpg)
Implementation (cont.)
Method splitting and classing splitting techniques
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 17
public class Print { public static void prt(String s) { System.out.println(s); } public static void prt1(String s){ System.out.print(s); } public static void prt(int i){ System.out.print(i); } public static void prt() { System.out.println(); }}
![Page 18: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/18.jpg)
Implementation (cont.)
Layout obfuscation technique
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 18
public class MV{…;}public class P {…;}public class MND { String[ ] m; int d [ ];…;}public class S {…;}
![Page 19: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/19.jpg)
Implementation (cont.)
Variable splitting and variable promotion
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 19
public int ls=0;public int ls1=1;
![Page 20: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/20.jpg)
Implementation (cont.)
Adding variables and fingerprint code
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 20
public double ls;public int ls1;private double xprivate double y
private static void check_std(int k) {…;}
![Page 21: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/21.jpg)
Implementation (cont.)
Name level obfuscation transformation Same identifier Remove the layer
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 21
![Page 22: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/22.jpg)
Conclusion
Four level transformations Class level Method level Variable level Name level
Most of them seem to produce acceptable substitutes for original source code
Original and obfuscated codes produce identical behavior
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 22
![Page 23: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/23.jpg)
Future recommendation
New obfuscating transformations Quality of obfuscation
Study of measuring potency, resilience and cost
Does the order matter: effects of composing obfuscations
together interaction and ordering between
different transformationsITEC810 Project Transformations for Obfuscating Object-Oriented Programs 23
![Page 24: Transformations for Obfuscating Object-Oriented Programs](https://reader035.vdocuments.site/reader035/viewer/2022062315/568163fe550346895dd59b8f/html5/thumbnails/24.jpg)
Question?
ITEC810 Project Transformations for Obfuscating Object-Oriented Programs 24