Cryptography Reference
In-Depth Information
byaloopthatrepeatsaslongasthecounterislessthan or equal to 9.
Both end at the same time. Bothdo the same thing. But this flexibility
can hide one bit of information. String together 30 of them in the
code and there's a watermark.
Obfuscation offers opportunities for more fun. If the goal is to
keep a human from understanding the code, it can help to rename
the variables with odd names— even words that themselves hide
steganographic messages.
In the end, obfuscation may never be completely secure. If the
software is to be understood by a computer, then it must be in some
form that can be understood by a human— at least as long as the
human is thinking like a computer. The general impression is that
obfuscated code can provide a hurdle for any attacker but will never
reach the security offered by standard encryption packages.
Turn to [BGI + 01] for a
theoretical discussion of
the limits of
obfuscation. The paper
has seven authors and
log 7! bits can be hidden
in the order of their
names.
18.3 Compiling Intelligence
Most of the techniques in this section were originally developed by
compiler developers who wanted to rearrange the order of code so
they could optimize the speed of the processors. Getting informa-
tion from the main memory into the processor chip was often much
slower than using information directly from the small internal mem-
ory, and so the code optimizer would delay the execution until all of
the information was in the internal memory.
Rearranging the code to hide a message or the intent of the code
itself isn't limited by such concerns. Any valid order is okay and so
there are more opportunities to hide messages. If the code obfusca-
tion is done at the source code level, the compiler will probably strip
out many of the hidden bits by optimizing the compiled code. If it is
done at the binary level, obfuscating the code may make it slower. 1
Here is a list of techniques for re-arranging the code.
Worthless Instructions The simplest way to hide bits and add
some confusion to code is to just create new instructions and
interleave them. As long as you don't use any real variables
in your new code, there shouldn't be any weird side-effects,
except perhaps for memory usage if you decide to consume
huge blocks of memory.
Many compilers will strip out the so-called dead code before
generating the object code, an effect that can be useful if you
1 Some languages like Java have binary code that is further refined at runtime by
another layer of translation and compilation. This further optimization can reverse
any of the inefficiencies added by the obfuscation.
Search WWH ::




Custom Search