Journal of KIISE:Software and Applications (한국정보과학회논문지:소프트웨어및응용)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Implementation of an Obfuscator for Visual C++ Source Code

비주얼 C++소스 코드를 위한 obfuscator 구현

  • 장혜영 (단국대학교 정보컴퓨터과학) ;
  • 조성제 (단국대학교 정보컴퓨터과학부)
  • Published : 2008.02.15
Download PDF
⟨ Previous Next ⟩

Abstract

Automatic obfuscation is known to be the most viable method for preventing reverse engineering intentional1y making code more difficult to understand for security purposes. In this paper, we study and implement an obfuscation method for protecting MS Visual C++ programs against attack on the intellectual property in software like reverse engineering attack. That is, the paper describes the implementation of a code obfuscator, a tool which converts a Visual C++ source program into an equivalent one that is much harder to understand. We have used ANTLR parser generator for handling Visual C++ sources, and implemented some obfuscating transformations such as 'Remove comments', 'Scramble identifiers', 'Split variables', 'Fold array', 'Insert class', 'Extend loop condition', 'Add redundant operands', and 'Insert dead code'. We have also evaluated the performance and effectiveness of the obfuscator in terms of potency, resilience, and cost. When the obfuscated source code has been compared with the original source code, it has enough effectiveness for software protection though it incurs some run-time overheads.

자동화된 obfuscation은 보안 목적으로 코드를 이해하기 어렵게 만들어 역공학 공격을 방어하는데 가장 효과적인 방식이라고 알려져 있다. 본 논문에서는 역공학 공격과 같은 소프트웨어 지적재산권의 침해로부터 마이크로소프트사의 비주얼 C++ 소스 프로그램을 보호하기 위한 obfuscation 기법을 제안하고 구현하였다. 즉, 원본 비주얼 C++ 소스 프로그램을 기능은 동일하지만 이해하기에는 훨씬 힘든 또 다른 프로그램으로 변환시켜 주는 도구인 코드 obfuscator를 구현하였다. 비주얼 C++ 소스를 다루기 위해 ANTLR이라는 파서 생성기를 도입하여, '주석 제거', '식별자 스크램블', '변수 분할', '배열 중첩', '클래스 삽입', '루프 조건 확장'. '부가 피연산자 삽입', '무의미 코드 삽입' 등의 변환 방식들을 구현하였다. 또한, 복잡도, 복원력, 비용 등의 측면에서 본 obfuscator의 성능과 유효성을 평가하였다. 원본 소스 코드와 비교하여 실험한 결과, 변환된 소스 코드가 실행시간 오버헤드를 일부 유발시키긴 하지만 프로그램 보호에는 효과적임을 알 수 있었다.

Keywords

References

  1. C. Collberg, G. Myles, and A. Huntwork, 'Sandmark - A Tool for Software Protection Research,' IEEE Security & Privacy (Software Protection), pp. 40-49, Jul./Aug. 2003
  2. C. Collberg and C. Thomborson, 'Watermarking, Tamper-proofing, and Obfuscation-Tools for Software Protection,' IEEE Trans. Software Eng., Vol.28, No.8, pp. 735-746, 2002 https://doi.org/10.1109/TSE.2002.1027797
  3. G. Naumovicb and N. Memon, 'Preventing Piracy, Reverse Engineering, and Tampering,' IEEE Computer, pp. 64-71, Jul. 2003
  4. Bin Fu, Golden G. Richard III, Yixin Chen, and Adbo Husseiny, 'Some New Approaches For Preventing Software Tampering,' Proc. of the 44th ACM Southeast Regional Conference (ACM SE'06), pp. 655-660, Mar. 2006
  5. C. Collberg and C. Thomborson, 'Software Watermarking: Models and Dynamic Embeddings,' Proceedings of POPL '99 of the 26th ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, pp. 311-324, Mar. 1999
  6. P. C. van Oorschot, 'Revisiting Software Protection,' 6th ISC 2003, Springer-Verlag LNCS 2851, pp. 1-13, Oct. 2003
  7. M. R. Stytz and J. A. Whitaker, 'Software Protection: Security's Last Stand?,' IEEE Security & Privacy, 1(1), pp. 95-98, Jan. 2003 https://doi.org/10.1109/MSECP.2003.1177004
  8. Christopher Kruegel, William Robertson, Fredrik Valeur and Giovanni Vigna, 'Static Disassembly of Obfuscated Binaries,' Proc. of the 13th USENIX Security Symposium, pp. 255-270, Aug. 2004
  9. Colin W. Van Dyke, 'Advances in Low-Level Software Protection,' Ph. D. Thesis, Oregon State University, Jun. 2005
  10. C. Collberg, C. Thomborson, and D. Low, 'A Taxonomy of Obfuscating Transformations,' Tech. report 148, Dept. of Computer Science, University of Auckland, New Zealand, 1997; www.cs.arizona. edu/-collberg/Research/Publications/ColbergThomborsonLow97a/
  11. B. Barak et al., 'On the (Im)possibility of Obfuscating Programs,' Advances in Cryptology?Crypto 2001, Proc. 21st Ann. Int'l Cryptology Conf., LNCS 2139, Springer-Verlag, pp. 1-18, 2001
  12. Levent Ertaul, and Suma Venkatesh, 'JHide-A Tool Kit for Code Obfuscation,' Proceedings of the 8th IASTED International Conference Software Engineering and Applications (SEA 2004), Nov. 2004
  13. .NET Obfuscator (Dotfuscator), http://www.preemptive.com/products/dotfuscator/index.html
  14. C. Linn and S. Debray, 'Obfuscation of executable code to improve resistance to static disassembly,' Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 290-299, Oct. 2003
  15. G. Wroblewski, 'A General Method of Program Code Obfuscation,' Ph.D. Dissertation, Wroclaw University, Proceedings of the International Conference on Software Engineering Research and Practice (SERP), Jun. 2002
  16. SUIF Compiler System, http://suif.stanford.edu/suif/ suif2/doc-2.2.0-4/
  17. Chenxi Wang, 'A Security Architecture for Survivability Mechanisms,' Ph.D. Dissertation, University of Virginia, Oct. 2000
  18. ANTLR, http://www.antlr.org
  19. Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman, 'Compilers: Principles, Techniques, and Tools,' Addision-Wesley Publishing Company, 1998