Presentation is loading. Please wait.

Presentation is loading. Please wait.

26/08/07 1 SHOCK SHaastra Obfuscated Code Contest Sriram K R Vivek S.

Published byIrvin Filby Modified over 10 years ago

Similar presentations

Presentation on theme: "26/08/07 1 SHOCK SHaastra Obfuscated Code Contest Sriram K R Vivek S."— Presentation transcript:

1 26/08/07 1 SHOCK SHaastra Obfuscated Code Contest Sriram K R Vivek S

2 26/08/07 2 What is Obfuscation? Obfuscation is about concealing the meaning of communication by making it more confusing and harder to interpret. One definition of "code obfuscation" is a set of transformations on a program, that preserve the same black box specification while making the internals difficult to reverse-engineer. There turns out to be many such transformations. The job of a good obfuscator is to destroy as much as possible of this structure that lends a program to being human-readable.

3 26/08/07 3 Where it is used ? It is used to deter reverse engineering attempts in languages like Java and the.NET family. Reverse obfuscation helps understand programs better. Obfuscated code is used by spammers to hide malicious JavaScript code in emails etc. Code size can be minimized by Obfuscation. Reducing variable name length Destroying structures and modules. It is done for recreational purposes.

4 26/08/07 4 International Contests There are contests held in the international level every year to test obfuscation skills of the contestants. IOCCC : International Obfuscated C Code Contest IORCC :International Obfuscated Ruby Code Contest Annual Obfuscated Perl Contest

5 26/08/07 5 Some Examples #include int main (int j,char**V){char*R=V[1],i=0,k=48;for(;*R>k;*++R|| puts(R-i))++i;for(;++k<58;*R && main(*R=k,V),*R=1) for(j=81;j --;) *R*=R[j-i]- k||i/9^j/9&&i%9^j%9&&i/27^j/27|i%9/3^j%9/3;} This 176 character C code solves SUDOKU !

6 26/08/07 6 #define _ -F<00||--F-OO--; int F=00,OO=00;main(){F_OO();printf("%1.3f\n",4.*-F/OO/OO);}F_OO() { _-_-_-_ _-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_-_-_-_-_ _-_-_-_-_-_-_-_ _-_-_-_ }

7 26/08/07 7 The Tardy Bus problem Given the following statements as premises: 1) If Bill takes the bus, then Bill misses his appointment, if the bus is late. 2) Bill shouldn't go home, if (a) Bill misses his appointment, and (b) Bill feels downcast. 3) If Bill doesn't get the job, then (a) Bill feels downcast, and (b) Bill should go home. Is it valid to conclude: Q1) that if Bill takes the bus, then Bill does get the job, if the bus is late? True Q2) that Bill does get the job, if (a) Bill misses his appointment, and (b) Bill should go home? True

8 26/08/07 8 Obfuscating Code Obfuscation and reversing it Language specific techniques C provides a lot of scope for obfuscation Learning by studying obfuscated programs Some examples

9 26/08/07 9 Reversing Obfuscation – An Example main( _,__,___,____,_____) {long long ago=741760571427457290; __=2925166600716333;___=++_<<--_+_<<_;____ = _;_____ =( ___ *((___ >_-'>' )+_____;while(_---'_')write(____,&__,____);_=_=_=_=_=_=_=_ =_=_=(_=_>>_-'>') +_____;write(____,&ago,___);_=_=_=_=_=_ =_=_=_=_=(_=_>>_-'>')+_____;while(_---'_')write(____,&__, ____);printf("\n");} Objective of the program is to print SHOCK surrounded by dashed lines.

10 26/08/07 10 Step 1 : Indent the program main( _,__,___,____,_____) { long long ago=741760571427457290; __=2925166600716333; ___=++_<<--_+_<<_;____ = _; _____ =( ___*((___ >_- '>')+_____; while(_---'_') write(____,&__,____);_=_=_=_=_=_=_=_=_=_=(_=_>>_-'>')+_____; write(____,&ago,___);_=_=_=_=_=_=_=_=_=_=(_=_>>_-'>')+_____;while(_--- '_')write(____,&__,____); printf("\n"); }

11 26/08/07 11 Step 2 :Name variables properly main( e,d,c,b,a) { long long ago=741760571427457290; d=2925166600716333; c=++e<<--e+e<<e;b = e; a =( c*((c >e-'>')+a; while(e---'_') write(b,&d,b);e=e=e=e=e=e=e=e=e=e=(e=e>>e-'>')+a; write(b,&ago,c);e=e=e=e=e=e=e=e=e=e=(e=e>>e-'>')+a;while(e---'_')write(b,&d,b); printf("\n"); }

12 26/08/07 12 Step 3 : Fix verbose statements main( e,d,c,b,a) { long long ago=741760571427457290; d=2925166600716333; c=++e<<--e+e<<e;b = e; a =(c*((c<<e) - (e<<e)))+(e<<e)+1; e=(e>>e-'>')+a; while(e---'_') write(b,&d,b); e=(e>>e-'>')+a; write(b,&ago,c); e=(e>>e-'>')+a; while(e---'_') write(b,&d,b); printf("\n");}

13 26/08/07 13 Step 3 : Resolve the constants main( e,d,c,b,a) { char ago[9]="\n\tShock\n"; char f[2]="-"; c=++e<<--e+e<<e;b = e; a =(c*((c<<e) - (e<<e)))+(e<<e)+1; e=(e>>e-'>')+a; while(e---'_') write(b,&f,b); e=(e>>e-'>')+a; write(b,&ago,c); e=(e>>e-'>')+a; while(e---'_') write(b,&f,b); printf("\n");} Resolve these constants by printing them

14 26/08/07 14 Step 3 : Resolve the constants main( e,d,c,b,a) { char ago[9]="\n\tShock\n"; char f[2]="-"; c=++e<<--e+e<<e;b = e; a =(c*((c<<e) - (e<<e)))+(e<<e)+1; e=(e>>e-'>')+a; while(e---'_') write(b,&f,b); e=(e>>e-'>')+a; write(b,&ago,c); e=(e>>e-'>')+a; while(e---'_') write(b,&f,b); printf("\n");} Resolve these constants by printing them e = argc = 1

15 26/08/07 15 The final program main( e,d,c,b,a) { char ago[9]="\n\tShock\n"; char f[2]="-"; c=8; b=1; a=115; e=115; while(e---95) write(1,&f,b); e=209; write(1,&ago,c); e=115; while(e---95) write(1,&f,b); printf("\n");}

16 26/08/07 16 Another example #define _ sum #define __ prod( #define l ~0 #define r return #define ___ ) sum(i){while(!i)r 1;r __ i, ~i, i ^i);}prod(i,j,k){ j = _ (i-1);while (i-- && (j= ~j)) k= (j>>l-(l<< 5)) ?k+((j^~j) -j):k+j;r k;} main(){printf("%d",_(5));}

17 26/08/07 17 Step 1 : Indentation #define _ sum #define __ prod( #define l ~0 #define r return #define ___ ) sum(i) { while(!i) r 1; r __ i, ~i, i^i); } prod(i,j,k) { j = _ (i-1); while (i-- && (j= ~j)) k= (j>>l-(l<< 5))?k+((j^~j)-j):k+j;r k; } main() { printf("%d",_(5)); }

18 26/08/07 18 Step 2 : Resolve the defines #define l ~0 sum(i) { while(!i) return 1; return prod ( i, ~i, i^i); } prod(i,j,k) { j = sum (i-1); while (i-- && (j= ~j)) k= (j>>l-(l<< 5))?k+((j^~j)-j):k+j;return k; } main() { printf("%d",sum(5)); }

19 26/08/07 19 Step 3 : Reduce complicated statements sum(i) { while(!i) return 1; return prod (i,~i,0); } prod(i,j,k) { j = sum (i-1); while (i-- ) k= k+j; return k; } main() { printf("%d",sum(5)); }

20 26/08/07 20 The C Preprocessor Using defines to obfuscate code Macros : Recursion and Precedence The cpp instruction set is Turing Complete Reversing with the help of cpp

21 26/08/07 21 What you need to participate? Experience with programming in C Additional skills that can help : Knowing other languages Some experience with logical puzzles etc Bad programming practices What might not really help: Knowledge of obscure C constructs / functions Formal introduction to logic

22 26/08/07 22 Event Format Prelims –Written –Questions on logic and code obfuscation –Time : 30 – 45 mins

23 26/08/07 23 Event Format Finals : –Two rounds Forward : You will be given a problem statement and some plain code and asked to obfuscate. Judges will award points to the obfuscated code based on certain criteria. Reverse : You will be asked to make sense out of obfuscated code.

24 26/08/07 24 Event Format Finals - Forward Round : –Broadly, short and creative code will fetch more points –Some of the possible criteria : Size / Number of Statements Flow of control Hiding constants Syntax abuse Legibility of code Code shape etc

25 26/08/07 25 Event Format Finals – Reverse round : –You might be asked to Predict the output Swat bugs Interface with the given code etc

Download ppt "26/08/07 1 SHOCK SHaastra Obfuscated Code Contest Sriram K R Vivek S."

Similar presentations

Chapter 11 Introduction to Programming in C

Chapter 11 Introduction to Programming in C
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 107.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 107.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 75.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 75.
1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler
An Investigation on FPGA Placement Using Mixed Genetic Algorithm with Simulated Annealing Meng Yang Napier University Edinburgh, UK.

An Investigation on FPGA Placement Using Mixed Genetic Algorithm with Simulated Annealing Meng Yang Napier University Edinburgh, UK.
Lecture 10 Flow of Control: Loops (Part 2) COMP1681 / SE15 Introduction to Programming.

Lecture 10 Flow of Control: Loops (Part 2) COMP1681 / SE15 Introduction to Programming.
1 Automating Auto Tuning Jeffrey K. Hollingsworth University of Maryland

1 Automating Auto Tuning Jeffrey K. Hollingsworth University of Maryland
Modern Programming Languages, 2nd ed.

Modern Programming Languages, 2nd ed.
Color Templates Software Engineering Module: Core of Java Topic: Constructors TALENTSPRINT | © Copyright 2012.

Color Templates Software Engineering Module: Core of Java Topic: Constructors TALENTSPRINT | © Copyright 2012.
Social Web Design 1 Darby Chang Social Web Design.

Social Web Design 1 Darby Chang Social Web Design.
Molecular Biomedical Informatics Web Programming 1.

Molecular Biomedical Informatics Web Programming 1.
Made by Mr Haughton Made by Mr S Haughton Show 4 oclock.

Made by Mr Haughton Made by Mr S Haughton Show 4 oclock.
5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! 5.9 + 4.1 = 10 Question 1:

5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! = 10 Question 1:
1.A computer game is an example of A.system software; B.a compiler; C.application software; D.hardware; E.none of the above. 2.JVM stands for: A.Java Virtual.

1.A computer game is an example of A.system software; B.a compiler; C.application software; D.hardware; E.none of the above. 2.JVM stands for: A.Java Virtual.
Overview of programming in C C is a fast, efficient, flexible programming language Paradigm: C is procedural (like Fortran, Pascal), not object oriented.

Overview of programming in C C is a fast, efficient, flexible programming language Paradigm: C is procedural (like Fortran, Pascal), not object oriented.
Programming for GCSE Topic 3.1: If Statements in Python T eaching L ondon C omputing William Marsh School of Electronic Engineering and Computer Science.

Programming for GCSE Topic 3.1: If Statements in Python T eaching L ondon C omputing William Marsh School of Electronic Engineering and Computer Science.
C Language.

C Language.
CS 240 Computer Programming 1

CS 240 Computer Programming 1
CS 141 Computer Programming 1 1 Arrays. Outline  Introduction  Arrays  Declaring Arrays  Examples Using Arrays  Sorting Arrays  Multiple-Subscripted.

CS 141 Computer Programming 1 1 Arrays. Outline  Introduction  Arrays  Declaring Arrays  Examples Using Arrays  Sorting Arrays  Multiple-Subscripted.
ARDUINO CLUB Session 1: C & An Introduction to Linux.

ARDUINO CLUB Session 1: C & An Introduction to Linux.

Similar presentations

Ads by Google