Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. -www.dictionary.com In Terms of Technology:

Published byLaurence Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. -www.dictionary.com In Terms of Technology:"— Presentation transcript:

1 Vikas Gonti

2 Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. -www.dictionary.com In Terms of Technology: Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering. What is Obfuscation?

3 Obfuscation in.NET: - Technology of shrouding the facts. - Technology that makes.NET assemblies more difficult to decompile and impedes reverse engineering efforts. What is Obfuscation?

4 An obfuscator: An algorithm O, such that for any program P, O(P) is a program such that O(P) has the same functionality as P O(P) is infeasible to analyze/”reverse-engineer” What is an Obfuscator?

5 .NET Software Development Lifecycle 2 1 34 Protect

6 Why Obfuscation?.NET Programs compiled in MSIL, which is at a higher level than binary machine code. So.NET Programs are easy to reverse engineer using decompilation. Attackers can use a.NET decompiler to easily reverse engineer code. The.NET framework ships with a tool (ILDASM) that can disassemble MSIL. Anyone can peruse the details of the software.

7 Obfuscation reduces the size of an executable. Obfuscation improves the application performance at runtime. Properly applied obfuscation increases protection against decompilation Why Obfuscation ctd..?

8 The goal of obfuscation is to create confusion. It says nothing about altering the executable logic, but represents it incomprehensibly. When an obfuscator tool goes to work on readable program instructions, a side effect is the output will confuse a human interpreter and break the decompiler the human interpreter was using. Goal of Obfuscation?

9 Dotfuscator is a post-development recompilation system for.NET applications. It analyzes applications and makes them smaller, faster, and harder to reverse-engineer. In short, it makes them better. Enhanced Code Security. Decreased size of.NET Programs. Improved Run- Time Performance. Dotfuscator – Obfuscator Tool

10 Obfuscation is applied to MSIL and not source code. Obfuscated code is functionally equivalent to traditional MSIL. It executes on CLR with similar results. Dotfuscator – Obfuscator Tool

11 Renaming Control Flow Obfuscation String Encryption Pruning Linking Watermarking Dotfuscator features

12 1. Renaming : Uses a patented Overload-Induction renaming system that Renames as many methods as possible to a same name. Saves space as short names used for renaming. Several Options exist for class renaming. For example, Specify classes to be renamed while keeping their namespace membership (keepnamespace). Rename namespace names while preserving namespace hierarchy (keephierarchy) Rename completely, removing the namespace.(default) Dotfuscator features

13 This methodology is an excellent way to hide the names of your classes while maintaining namespace hierarchy. An example of this type of renaming is: Renaming Options ( keepnamespace )

14 It preserves the namespace hierarchy while renaming the namespace and class names. Renaming Options ( keephierarchy )

15 The default methodology renames the class and namespace name to a new, smaller name. Renaming Options ( default )

16 Dotfuscator implements patented technology for method renaming called Overload-Induction. The underlying idea being that the algorithm attempts to rename as many methods as possible to exactly the same name. After this deep obfuscation, the logic, while not destroyed, is beyond comprehension. The following simple example illustrates the power of the Overload Induction technique: Original Source Code Before Obfuscation private void CalcPayroll(SpecialList employeeGroup) { while (employeeGroup.HasMore()) { employee = employeeGroup.GetNext(true); employee.UpdateSalary(); DistributeCheck(employee); } Overload Induction Method Renaming

17 Reverse-Engineered Source Code private void a(a b) { while (b.a()) { a = b.a(true); a.a(); a(a); } } Renaming makes decompiled output difficult to understand. Since overload-induction tends to use the same letter more often, it reaches into longer length names more slowly (e.g. aa, aaa, etc.). This also saves space.

18 2. String Encryption: Crackers will frequently search for specific strings in an application to locate strategic logic. For example, someone looking to bypass a registration and verification process can search for the string displayed when the program asks the user for a serial number. When the attacker finds the string, he can look for instructions near it and alter the logic. Dotfuscator features ctd..

19 String Encryption makes this much more difficult to do, because the attacker's search will come up empty. The original string is nowhere to be found in the code. Only its encrypted version is present. No strings are encrypted unless you specifically include a method that uses the string. The intention is that you will only want to encrypt strings in the sensitive parts of your application. String Encryption

20 3. Control Flow Obfuscation: Traditional control flow obfuscation Introduces false conditions and other misleading constructs in order to confuse and break decompilers. It destroys the code patterns. The end result is semantically equivalent to original. Dotfuscator features ctd..

21 Original Source Code Before Obfuscation public int CompareTo(Object o) { int n = occurrences – ((WordOccurrence)o).occurrences; if (n == 0) { n = String.Compare(word, ((WordOccurrence)o).word); } return(n); } After Control Flow Obfuscation public virtual int _a(Object A_0) { int local0; int local1; local0 = this.a – (c) A_0.a; if (local0 != 0) goto i0; goto i1; while (true) { return local1; i0: local1 = local0;} i1: local0 = System.String.Compare(this.b, (c) A_0.b); goto i0; } Control flow obfuscation

22 4. Pruning: Determines unused types, methods and fields. It extracts exactly the pieces you need for any given application. Helps reduce size of the assembly. The static analysis works by traversing your code, starting at a set of methods called “triggers”. (Application Entry Points) In standalone application, the Main method would be defined as a trigger. As it traverse each trigger method’s code, it notes which fields, methods, types are being used. Dotfuscator features ctd..

23 Conditional Inclusion: It allows you to specify types, methods, and/or fields that you wish to be definitely included (i.e. Not pruned) in your final application. Removal Report: It generates a removal report in XML format that lists all input assemblies and how each was pruned. The report includes pruning status of: types, methods, fields, properties, and managed resources. If a type was pruned, then obviously all its members are pruned. Constructors are named.ctor, while static constructors are named.cctor. Pruning

24 5. Assembly Linking: Also called merging, Links multiple assemblies into one or more output assemblies. The only rule is that you can't link the same input assembly into multiple output assemblies. The linking feature is fully integrated. Prime Assemblies: When you set up linking, you must specify one of the input assemblies as the prime assembly. Dotfuscator features ctd..

25 Name Mangling: When the linker is merging assemblies, the linker sometimes encounters situations where a name needs to be changed in order to prevent a naming collision. For example, if two of the input assemblies contain private classes with identical names then the linker must change one of the names in order to merge the assemblies. Assembly Linking

26 6. Watermarking: Used to Embed data (copyright info/unique nos.) into applications, making them unique. This is one method that can be used to track unauthorized copies of your software back to the source. To watermark an application Select the assemblies to watermark. Select whether the watermark string is to be encrypted and provide a passphrase if so. Provide a string and an encoding that will be the watermark. Select how Dotfuscator will behave if the watermark string is too large to fit in a selected assembly. Dotfuscator features ctd..

27 Maintaining and Troubleshooting becomes difficult. Can break code that depends on reflection, serialization or remoting. Hampers the debugging process, as obfuscation alters MSIL. Drawbacks

28 Obfuscation is not 100 percent protection. If a hacker is perseverant enough, they can find the meaning of your code. The goal of obfuscation is to make the reverse engineering process extremely time consuming and painful so that it not worth the effort. Conclusion & References

29 References Professional Visual Studio 2005 – Andrew Parsons and Nick Randolph. http://aspnet.4guysfromrolla.com http://www.preemptive.com http://msdn2.microsoft.com/en- us/library/ms227295(VS.80).aspxmsdn2.microsoft.com/en- us/library/ms227295(VS.80

Download ppt "Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. -www.dictionary.com In Terms of Technology:"

Similar presentations

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C
Chapter 1: Computer Systems

Chapter 1: Computer Systems
Chapter 4: Trees Part II - AVL Tree

Chapter 4: Trees Part II - AVL Tree
SYSTEM PROGRAMMING & SYSTEM ADMINISTRATION

SYSTEM PROGRAMMING & SYSTEM ADMINISTRATION
Systems Software.

Systems Software.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Abstract Data Types Data abstraction, or abstract data types, is a programming methodology where one defines not only the data structure to be used, but.

Abstract Data Types Data abstraction, or abstract data types, is a programming methodology where one defines not only the data structure to be used, but.
Microsoft VB 2005: Reloaded, Advanced Chapter 5 Input Validation, Error Handling, and Exception Handling.

Microsoft VB 2005: Reloaded, Advanced Chapter 5 Input Validation, Error Handling, and Exception Handling.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
CS 106 Introduction to Computer Science I 11 / 09 / 2007 Instructor: Michael Eckmann.

CS 106 Introduction to Computer Science I 11 / 09 / 2007 Instructor: Michael Eckmann.
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
The Java Programming Language

The Java Programming Language
Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 12 Separate Compilation Namespaces Simple Make Files (Ignore all class references.

Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 12 Separate Compilation Namespaces Simple Make Files (Ignore all class references.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
C How to Program, 6/e Summary ©1992-2010 by Pearson Education, Inc. All Rights Reserved.

C How to Program, 6/e Summary © by Pearson Education, Inc. All Rights Reserved.
Programming a computer. What does programming a computer mean ? Programming a computer: Since a computer can only execute machine instructions (encoded.

Programming a computer. What does programming a computer mean ? Programming a computer: Since a computer can only execute machine instructions (encoded.
1 Chapter-01 Introduction to Computers and C++ Programming.

1 Chapter-01 Introduction to Computers and C++ Programming.
Introduction to .Net Framework

Introduction to .Net Framework
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.
Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.

Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.

Similar presentations

Ads by Google