Cryptography Reference
In-Depth Information
•
yGuard
Another Java-based package from yWorks (
www.ywork-
s.com
) will rename variables, methods, classes and what-not
while eliminating other dead code. This can also shrink the size
of the binaries dramatically.
•
SWF Encrypt
A commercial package from Amayeta (
www.amay-
eta.com
)will scramble Flash (SWF) files while encrypting them.
There are also steganographic tools for adding watermarks or
data to source code, obfuscating the behavior a bit in the process.
Hydan, a tool written by Rakan El-Khalil and Angelos D. Keromytis,
will swap equivalent operations in x86 binary code. For instance,
both
add %eax, $20
and
sub %eax, $-20
will add 50 to the register
eax
, providing the opportunity to hide one bit. They report that they
can embed about 1 bit per 110 bits of x86 binary code on average, an
amount they determined empirically by embedding watermarks in
x86 code compiled for Linux, Windows and BSD systems. The soft-
ware can be downloaded from
http://www.crazyboy.com/hydan/
.
[EKK04]
18.5 Summary
Obfuscation is a technique that is normally used to hide the mean-
ing of some software by rearranging the operations, but it can also
be used to add weak watermarks to the code. In both cases, the al-
gorithms rely on a collection of transformations that change the ap-
parent operation of the software without changing the results. An
obfuscated program should produce exactly the same results as an
unobfuscated one.
The Disguise
The results of scrambling these programs can be quite
useful in many simple scenarios. Removing the variable names
and inlining a few instructions will make it difficult for any
reader to follow the simple flow of the software.
How Secure Is It?
There are theoretical proofs that suggest that this
technique will never produce completely inscrutible code—an
understandable result given that any useful software must be
understood by the computer. Still, software written by some-
one else is often hard enough to read. Strip away the com-
ments, the variable names, and some of the structure, and it
could require a lot of work to reassemble.
