Obfuscation

What is Obfuscation?

Obfuscation is transforming the software program into code that’s difficult to disassemble and understand, but has the same functionality as the original so the software remains completely functional but impervious to reverse-engineering. Obfuscation hides the vulnerabilities of software to prevent theft and safeguard its intellectual property.

Why Obfuscation?

Consider the sample source-code of a function and its compilation to machine code below:

obfuscation

Once the program is converted to machine code, disassemblers such as IDA Pro can reverse-engineer the output. Analysis of the binary easily reveals the control flow of the function.

Can Obfuscation protect your code from tampering and reverse-engineering?

Traditional obfuscation techniques alone will not help protect the program code from static analysis and reverse engineering.

Obfuscation is often confused with simple method renaming techniques and basic string obfuscation technologies, which can be quickly broken and easily reversed.

Arxan offers advanced obfuscation techniques, which go far beyond these traditional techniques and provide strong binary-level obfuscation. In addition to dramatically increasing the level of obfuscation, Arxan’s advanced techniques also give the ability to control the size and fine-tune the performance of the code.

Arxan Offers Advanced Obfuscation

Arxan’s advanced obfuscation offers a variety of patented techniques to transform the program code so it’s extremely difficult to understand and analyze. These advanced techniques are highly effective in concealing the purpose and/or the logic of the software program to:

  • Prevent application tampering
  • Deter reverse engineering
  • Safeguard intellectual property

One of the important functions of Arxan’s advanced techniques is control flow obfuscation. This will provide the strongest level of obfuscation and make your code extremely difficult to analyze, comprehend and reverse-engineer.

Control Flow Obfuscation

Control flow obfuscation removes the structure from the code, eliminates tell-tale patterns and breaks the predictable relationship between bytecode and decompiled source. It merges and flattens the control flow paths of software program in order to make it extremely difficult to trace execution logic, sequence, and entry and exit points.

As illustrated in the following diagram, control flow obfuscation transforms the code to make it extremely difficult to analyze and comprehend:

Arxan’s advanced obfuscation offers a variety of transformation techniques to protect your code. Each technique on its own affects the program orthogonally. Together, they augment the security of the program by building upon each other and combining in unique ways. Examples of these techniques are described below:

Dummy Code Insertion

Inserts code that is executed when the program is run but does not affect the semantics of the program, making any disassembled code more difficult to analyze.

Path Merging

Obfuscates control flow by merging control flow paths. Path merging is implemented using a patented algorithm.

Instruction Substitution

Converts randomly selected common instructions to other, less obvious constructs. Instruction substitution yields similar results to dummy code insertion. However, instead of adding instructions that do not affect the data flow, these instruction substitutions expand simple operations into many instructions.

Symbol Shuffling

Shuffles lists of global variables and functions in the protected module. Symbol shuffling is focused on the re-ordering of symbols. This transformation helps increase entropy from release to release. Neighboring functions and data are not likely to be in the same location across protections.

Function Inlining

Calls functions to help obfuscate the purpose of the calling function. Inlining results in the implementation of one function completely contained within the implementation of the other. The stack record for the inlined function is now merged with the inliner. When this occurs the control flow shows fewer functions in a stack trace.

Opaque Predicate Insertion

Obfuscates control flow by adding branches and cloning existing basic blocks. Opaque predicate insertion adds conditional branches that individually always evaluate to the same result. The result of this condition is known to the obfuscation, but cannot be easily determined by examining the disassembled binary. Basic block cloning is used along the path that will never be executed to further obfuscate the control flow.

Customized Obfuscation

Arxan has many other techniques at our disposal. Depending on the protection needs of your organization, additional techniques may be applied, including deployment of custom techniques unique to your protection.