Obfuscation of Abstract Data-Types - Rowan

More documents

Recommendations

Info

CHAPTER 1. OBFUSCATION 15 1.3.1 Commercial Obfuscators We briefly describe a few of the many commercial obfuscators that are available. Many commercial obfuscators employ two common obfuscations: renaming and string encryption. Renaming is a simple obfuscation which consists of taking any objects (such as variables, methods or classes) that have a “helpful” name (such as “total” or “counter”) and renaming them to a less useful name. Strings are often used to output information to the user and so some strings can give information to an attacker. For example, if we saw the string “Enter the password” in a method, we could infer that this method is likely to require the input of passwords! From this, we may be able to see what the correct passwords are or even bypass this particular verification. The idea of string encryption is to encrypt all the strings in a program to make them unreadable so that we can no longer obtain information about code fragments simply by studying the strings. However, string encryption has a major drawback. All of the output strings in a program must be displayed properly on the screen during the execution of a program. Thus the strings must first be decrypted and so the decryption routine will be contained in the program itself, as will the key for the decryption. So by looking in the source code at how strings are processed before being output we should be able to see how the strings are decrypted. Thus we could easily see the decrypted strings by passing them through the decryption method. Thus string encryption should not be considered as strong protection. Here are some obfuscators which are commercially available: • JCloak [26] This works on all classes in a program by looking at the symbolic references in the class file and generating a new unique and unintelligible name for each symbol name. • Dotfuscator [49] This uses a system of renaming classes, fields and methods called “Overload-Induction”. This system induces method overloading as much as possible and it tries to rename methods to a small name (e.g. a single character). It also applies string encryptions and some control-flow obfuscations. • Zelix [57] This obfuscator uses a variety of different methods. One method is the usual name obfuscation and another is string encryption which encrypts strings such as error messages which are decrypted at runtime. It also uses a flow obfuscation that tries to change the structure of loops by using gotos. • Salamander [46] Variable renaming is used to try to convert all names to “A” — overloading is then used to distinguish between different methods and fields. Any unneccesary meta-data (such as debug information and parameter names) is removed. • Smokescreen [48] This uses some control-flow obfuscations. One obfuscation shuffles stack operations so that popping a stack value into a local variable is delayed. The aim of this transformation is to make it more difficult for decompilers to determine where stack values come from. Another obfuscation adds fake exceptions so that the exception block partly overlaps with an existing block of code. The aim is to make control flow analysis more difficult. Another transformation to the control flow is made
CHAPTER 1. OBFUSCATION 16 by changing some switch statements by attempting to make the control flow appear to bypass a switch statement and go straight to a case statement. 1.3.2 Opaque predicates One of the most valuable obfuscation techniques is the use of opaque predicates [10, 12]. An opaque predicate P is a predicate whose value is known at obfuscation time — P T denotes a predicate which is always True (similarly for P F ) and P ? denotes a predicate which sometimes evaluates to True and sometimes to False. Here are some example predicates which are always True (supposing that x and y are integers): x 2 ≥ 0 x 2 (x + 1) 2 ≡ 0 (mod4) x 2 ≠ 7y 2 − 1 Opaque predicates can be used to transform a program block B as follows: • if (P T ) {B; } This hides the fact that B will always be executed. • if (P F ) {B ′ ; } else {B; } Since the predicate is always false we can make the block B ′ to be a copy of B which may contain errors. • if (P ? ) {B; } else {B ′ ; } In this case, we can have two copies of B each with the same functionality. We can also use opaque predicates to manufacture bogus jumps. Section 2.2.2 shows how to use an opaque predicate to create a jump into a while loop so that an irreducible flow graph is produced. When creating opaque predicates, we must ensure that they are stealthy so that it is not obvious to an attacker that a predicate is in fact bogus. So we must choose predicates that match the “style” of the program and if possible use expressions that are already used within the program. A suitable source of opaque predicates can be obtained from considering watermarks, such as the ones discussed in [9, 42]. 1.3.3 Variable transformations In this section, we show how to transform an integer variable i within a method. To do this, we define two functions f and g: f :: X → Y g :: Y → X where X ⊆ Z — this represents the set of values that i takes. We require that g is a left inverse of f (and so f needs to be injective). To replace the variable i with a new variable, j say, of type Y we need to perform two kinds of replacement depending on whether we have an assignment to i or use of i. An assignment to i is a statement of the form i = V and a use of i is an occurrence of i which is not an assignment. The two replacements are:
Page 1 and 2: Obfuscation of Abstract Data-Types
Page 3 and 4: Contents I The Current View of Obfu
Page 5 and 6: 5.4.3 Third Definition . . . . . .
Page 7 and 8: List of Figures 1 An example of obf
Page 9 and 10: 8 public class c { d t1 = new d();
Page 11 and 12: 10 • Obfuscations can be proved c
Page 13 and 14: Chapter 1 Obfuscation Scully: “No
Page 15: CHAPTER 1. OBFUSCATION 14 These thr
Page 19 and 20: CHAPTER 1. OBFUSCATION 18 We could
Page 21 and 22: CHAPTER 1. OBFUSCATION 20 B 1 [0] =
Page 23 and 24: Chapter 2 Obfuscations for Intermed
Page 25 and 26: CHAPTER 2. OBFUSCATIONS FOR INTERME
Page 45 and 46: Chapter 3 Techniques for Obfuscatio
Page 47 and 48: CHAPTER 3. TECHNIQUES FOR OBFUSCATI
Page 63 and 64: Part III Data-Type Case Studies 62
Page 65 and 66: CHAPTER 4. SPLITTING HEADACHES 64 (
Page 67 and 68:
CHAPTER 4. SPLITTING HEADACHES 66 a
Page 69 and 70:
CHAPTER 4. SPLITTING HEADACHES 68 T
Page 71 and 72:
CHAPTER 4. SPLITTING HEADACHES 70 L
Page 73 and 74:
CHAPTER 4. SPLITTING HEADACHES 72 S
Page 75 and 76:
CHAPTER 4. SPLITTING HEADACHES 74 C
Page 77 and 78:
CHAPTER 4. SPLITTING HEADACHES 76 L
Page 79 and 80:
CHAPTER 4. SPLITTING HEADACHES 78 t
Page 81 and 82:
CHAPTER 4. SPLITTING HEADACHES 80 C
Page 83 and 84:
CHAPTER 4. SPLITTING HEADACHES 82 4
Page 85 and 86:
CHAPTER 4. SPLITTING HEADACHES 84 E
Page 87 and 88:
CHAPTER 4. SPLITTING HEADACHES 86 b
Page 89 and 90:
CHAPTER 4. SPLITTING HEADACHES 88 W
Page 91 and 92:
CHAPTER 4. SPLITTING HEADACHES 90 T
Page 93 and 94:
Chapter 5 Sets and the Splitting Bu
Page 95 and 96:
CHAPTER 5. SETS AND THE SPLITTING 9
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
CHAPTER 6. THE MATRIX OBFUSCATED 10
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
CHAPTER 7. CULTIVATING TREE OBFUSCA
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Chapter 8 Conclusions and Further W
Page 137 and 138:
CHAPTER 8. CONCLUSIONS AND FURTHER
Page 139 and 140:
CHAPTER 8. CONCLUSIONS AND FURTHER
Page 141 and 142:
BIBLIOGRAPHY 140 [13] Thomas H. Cor
Page 143 and 144:
BIBLIOGRAPHY 142 [43] Simon Peyton
Page 145 and 146:
Appendix A List assertion We want t
Page 147 and 148:
APPENDIX A. LIST ASSERTION 146 Case
Page 149 and 150:
APPENDIX A. LIST ASSERTION 148 For
Page 151 and 152:
APPENDIX A. LIST ASSERTION 150 Case
Page 153 and 154:
APPENDIX A. LIST ASSERTION 152 1 +
Page 155 and 156:
APPENDIX A. LIST ASSERTION 154 0 +
Page 157 and 158:
APPENDIX A. LIST ASSERTION 156 The
Page 159 and 160:
APPENDIX A. LIST ASSERTION 158 The
Page 161 and 162:
APPENDIX B. SET OPERATIONS 160 Now
Page 163 and 164:
APPENDIX B. SET OPERATIONS 162 Proo
Page 165 and 166:
APPENDIX B. SET OPERATIONS 164 B.2
Page 167 and 168:
Appendix C Matrices We prove the as
Page 169 and 170:
APPENDIX C. MATRICES 168 Base Case
Page 171 and 172:
APPENDIX D. PROVING A TREE ASSERTIO
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187:
APPENDIX E. OBFUSCATION EXAMPLE 186
show all

Obfuscation of Abstract Data-Types - Rowan

Create successful ePaper yourself

Delete template?

Save as template?