Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. -www.dictionary.com In Terms of Technology:

Slides:



Advertisements
Similar presentations
Chapter 11 Introduction to Programming in C
Advertisements

Chapter 1: Computer Systems
Chapter 4: Trees Part II - AVL Tree
SYSTEM PROGRAMMING & SYSTEM ADMINISTRATION
Systems Software.
Digital Signatures and Hash Functions. Digital Signatures.
Abstract Data Types Data abstraction, or abstract data types, is a programming methodology where one defines not only the data structure to be used, but.
Microsoft VB 2005: Reloaded, Advanced Chapter 5 Input Validation, Error Handling, and Exception Handling.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
CS 106 Introduction to Computer Science I 11 / 09 / 2007 Instructor: Michael Eckmann.
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
The Java Programming Language
Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 12 Separate Compilation Namespaces Simple Make Files (Ignore all class references.
Guide To UNIX Using Linux Third Edition
C How to Program, 6/e Summary © by Pearson Education, Inc. All Rights Reserved.
Programming a computer. What does programming a computer mean ? Programming a computer: Since a computer can only execute machine instructions (encoded.
1 Chapter-01 Introduction to Computers and C++ Programming.
Introduction to .Net Framework
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.
Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
Application Security Tom Chothia Computer Security, Lecture 14.
.NET Framework & C#.
Understanding Code Compilation and Deployment Lesson 4.
High level & Low level language High level programming languages are more structured, are closer to spoken language and are more intuitive than low level.
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
Computing with C# and the.NET Framework Chapter 1 An Introduction to Computing with C# ©2003, 2011 Art Gittleman.
CMSC 202 Exceptions. Aug 7, Error Handling In the ideal world, all errors would occur when your code is compiled. That won’t happen. Errors which.
1 “Operating System Protection Through Program Evolution” Dr. Frederick B. Cohen “…one of the major reasons attacks succeed is because of the static nature.
DEV 344.NET Obfuscation – Raising the Security Bar Gabriel Torok – President Bill Leach - CTO PreEmptive Solutions.
11 Web Services. 22 Objectives You will be able to Say what a web service is. Write and deploy a simple web service. Test a simple web service. Write.
Scalable Game Development William Roberts Senior Game Engineer
.NET Framework Danish Sami UG Lead.NetFoundry
Programming in C#. I. Introduction C# (or C-Sharp) is a programming language. C# is used to write software that runs on the.NET Framework. Although C#
Copyright 2003 Scott/Jones Publishing Standard Version of Starting Out with C++, 4th Edition Chapter 13 Introduction to Classes.
Copyright 2004 Scott/Jones Publishing Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 7 Structured Data and Classes.
CS212: Object Oriented Analysis and Design Lecture 9: Function Overloading in C++
Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.
1 Debugging and Syntax Errors in C++. 2 Debugging – a process of finding and fixing bugs (errors or mistakes) in a computer program.
 Programming - the process of creating computer programs.
Operating System Protection Through Program Evolution Fred Cohen Computers and Security 1992.
Reverse Engineering. Reverse engineering is the general process of analyzing a technology specifically to ascertain how it was designed or how it operates.
.NET Mobile Application Development XML Web Services.
Lecture1 Instructor: Amal Hussain ALshardy. Introduce students to the basics of writing software programs including variables, types, arrays, control.
Chapter – 8 Software Tools.
CMSC 104, Version 8/061L09VariablesInC.ppt Variables in C Topics Naming Variables Declaring Variables Using Variables The Assignment Statement Reading.
CSCI 161 Lecture 3 Martin van Bommel. Operating System Program that acts as interface to other software and the underlying hardware Operating System Utilities.
METADATA IN.NET Presented By Sukumar Manduva. INTRODUCTION  What is Metadata ? Metadata is a binary information which contains the complete description.
Software Engineering Algorithms, Compilers, & Lifecycle.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
1 Problem Solving  The purpose of writing a program is to solve a problem  The general steps in problem solving are: Understand the problem Dissect the.
Phoenix Based Dynamic Slicing Debugging Tool Eric Cheng Lin Xu Matt Gruskin Ravi Ramaseshan Microsoft Phoenix Intern Team (Summer '06)
Source Code Inspection and Software Reuse
The need for Programming Languages
Code Optimization.
Working with Java.
Recursion A problem solving technique where an algorithm is defined in terms of itself A recursive method is a method that calls itself A recursive algorithm.
CSCI-235 Micro-Computer Applications
Operating System Protection Through Program Evolution
C# and the .NET Framework
Un</br>able’s MySecretSecrets
CS360 Windows Programming
Introduction to C# AKEEL AHMED.
VISUAL BASIC.
Phil Tayco Slide version 1.0 Created Oct 2, 2017
Microsoft Office Access 2003
Obfuscation in .NET Atchyutuni Shilpa CS-795.
CIS 199 Final Review.
Obfuscation Aparna Belhe CS-795.
CMSC 202 Exceptions.
Presentation transcript:

Vikas Gonti

Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. - In Terms of Technology: Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering. What is Obfuscation?

Obfuscation in.NET: - Technology of shrouding the facts. - Technology that makes.NET assemblies more difficult to decompile and impedes reverse engineering efforts. What is Obfuscation?

An obfuscator: An algorithm O, such that for any program P, O(P) is a program such that O(P) has the same functionality as P O(P) is infeasible to analyze/”reverse-engineer” What is an Obfuscator?

.NET Software Development Lifecycle Protect

Why Obfuscation?.NET Programs compiled in MSIL, which is at a higher level than binary machine code. So.NET Programs are easy to reverse engineer using decompilation. Attackers can use a.NET decompiler to easily reverse engineer code. The.NET framework ships with a tool (ILDASM) that can disassemble MSIL. Anyone can peruse the details of the software.

Obfuscation reduces the size of an executable. Obfuscation improves the application performance at runtime. Properly applied obfuscation increases protection against decompilation Why Obfuscation ctd..?

The goal of obfuscation is to create confusion. It says nothing about altering the executable logic, but represents it incomprehensibly. When an obfuscator tool goes to work on readable program instructions, a side effect is the output will confuse a human interpreter and break the decompiler the human interpreter was using. Goal of Obfuscation?

Dotfuscator is a post-development recompilation system for.NET applications. It analyzes applications and makes them smaller, faster, and harder to reverse-engineer. In short, it makes them better. Enhanced Code Security. Decreased size of.NET Programs. Improved Run- Time Performance. Dotfuscator – Obfuscator Tool

Obfuscation is applied to MSIL and not source code. Obfuscated code is functionally equivalent to traditional MSIL. It executes on CLR with similar results. Dotfuscator – Obfuscator Tool

Renaming Control Flow Obfuscation String Encryption Pruning Linking Watermarking Dotfuscator features

1. Renaming : Uses a patented Overload-Induction renaming system that Renames as many methods as possible to a same name. Saves space as short names used for renaming. Several Options exist for class renaming. For example, Specify classes to be renamed while keeping their namespace membership (keepnamespace). Rename namespace names while preserving namespace hierarchy (keephierarchy) Rename completely, removing the namespace.(default) Dotfuscator features

This methodology is an excellent way to hide the names of your classes while maintaining namespace hierarchy. An example of this type of renaming is: Renaming Options ( keepnamespace )

It preserves the namespace hierarchy while renaming the namespace and class names. Renaming Options ( keephierarchy )

The default methodology renames the class and namespace name to a new, smaller name. Renaming Options ( default )

Dotfuscator implements patented technology for method renaming called Overload-Induction. The underlying idea being that the algorithm attempts to rename as many methods as possible to exactly the same name. After this deep obfuscation, the logic, while not destroyed, is beyond comprehension. The following simple example illustrates the power of the Overload Induction technique: Original Source Code Before Obfuscation private void CalcPayroll(SpecialList employeeGroup) { while (employeeGroup.HasMore()) { employee = employeeGroup.GetNext(true); employee.UpdateSalary(); DistributeCheck(employee); } Overload Induction Method Renaming

Reverse-Engineered Source Code private void a(a b) { while (b.a()) { a = b.a(true); a.a(); a(a); } } Renaming makes decompiled output difficult to understand. Since overload-induction tends to use the same letter more often, it reaches into longer length names more slowly (e.g. aa, aaa, etc.). This also saves space.

2. String Encryption: Crackers will frequently search for specific strings in an application to locate strategic logic. For example, someone looking to bypass a registration and verification process can search for the string displayed when the program asks the user for a serial number. When the attacker finds the string, he can look for instructions near it and alter the logic. Dotfuscator features ctd..

String Encryption makes this much more difficult to do, because the attacker's search will come up empty. The original string is nowhere to be found in the code. Only its encrypted version is present. No strings are encrypted unless you specifically include a method that uses the string. The intention is that you will only want to encrypt strings in the sensitive parts of your application. String Encryption

3. Control Flow Obfuscation: Traditional control flow obfuscation Introduces false conditions and other misleading constructs in order to confuse and break decompilers. It destroys the code patterns. The end result is semantically equivalent to original. Dotfuscator features ctd..

Original Source Code Before Obfuscation public int CompareTo(Object o) { int n = occurrences – ((WordOccurrence)o).occurrences; if (n == 0) { n = String.Compare(word, ((WordOccurrence)o).word); } return(n); } After Control Flow Obfuscation public virtual int _a(Object A_0) { int local0; int local1; local0 = this.a – (c) A_0.a; if (local0 != 0) goto i0; goto i1; while (true) { return local1; i0: local1 = local0;} i1: local0 = System.String.Compare(this.b, (c) A_0.b); goto i0; } Control flow obfuscation

4. Pruning: Determines unused types, methods and fields. It extracts exactly the pieces you need for any given application. Helps reduce size of the assembly. The static analysis works by traversing your code, starting at a set of methods called “triggers”. (Application Entry Points) In standalone application, the Main method would be defined as a trigger. As it traverse each trigger method’s code, it notes which fields, methods, types are being used. Dotfuscator features ctd..

Conditional Inclusion: It allows you to specify types, methods, and/or fields that you wish to be definitely included (i.e. Not pruned) in your final application. Removal Report: It generates a removal report in XML format that lists all input assemblies and how each was pruned. The report includes pruning status of: types, methods, fields, properties, and managed resources. If a type was pruned, then obviously all its members are pruned. Constructors are named.ctor, while static constructors are named.cctor. Pruning

5. Assembly Linking: Also called merging, Links multiple assemblies into one or more output assemblies. The only rule is that you can't link the same input assembly into multiple output assemblies. The linking feature is fully integrated. Prime Assemblies: When you set up linking, you must specify one of the input assemblies as the prime assembly. Dotfuscator features ctd..

Name Mangling: When the linker is merging assemblies, the linker sometimes encounters situations where a name needs to be changed in order to prevent a naming collision. For example, if two of the input assemblies contain private classes with identical names then the linker must change one of the names in order to merge the assemblies. Assembly Linking

6. Watermarking: Used to Embed data (copyright info/unique nos.) into applications, making them unique. This is one method that can be used to track unauthorized copies of your software back to the source. To watermark an application Select the assemblies to watermark. Select whether the watermark string is to be encrypted and provide a passphrase if so. Provide a string and an encoding that will be the watermark. Select how Dotfuscator will behave if the watermark string is too large to fit in a selected assembly. Dotfuscator features ctd..

Maintaining and Troubleshooting becomes difficult. Can break code that depends on reflection, serialization or remoting. Hampers the debugging process, as obfuscation alters MSIL. Drawbacks

Obfuscation is not 100 percent protection. If a hacker is perseverant enough, they can find the meaning of your code. The goal of obfuscation is to make the reverse engineering process extremely time consuming and painful so that it not worth the effort. Conclusion & References

References Professional Visual Studio 2005 – Andrew Parsons and Nick Randolph us/library/ms227295(VS.80).aspxmsdn2.microsoft.com/en- us/library/ms227295(VS.80

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.