Browse > Article

Implementation of an Obfuscator for Visual C++ Source Code  

Chang, Hye-Young (단국대학교 정보컴퓨터과학)
Cho, Seong-Je (단국대학교 정보컴퓨터과학부)
Abstract
Automatic obfuscation is known to be the most viable method for preventing reverse engineering intentional1y making code more difficult to understand for security purposes. In this paper, we study and implement an obfuscation method for protecting MS Visual C++ programs against attack on the intellectual property in software like reverse engineering attack. That is, the paper describes the implementation of a code obfuscator, a tool which converts a Visual C++ source program into an equivalent one that is much harder to understand. We have used ANTLR parser generator for handling Visual C++ sources, and implemented some obfuscating transformations such as 'Remove comments', 'Scramble identifiers', 'Split variables', 'Fold array', 'Insert class', 'Extend loop condition', 'Add redundant operands', and 'Insert dead code'. We have also evaluated the performance and effectiveness of the obfuscator in terms of potency, resilience, and cost. When the obfuscated source code has been compared with the original source code, it has enough effectiveness for software protection though it incurs some run-time overheads.
Keywords
Obfuscator; Visual C++ Source Program; Reverse Engineering Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Collberg, G. Myles, and A. Huntwork, 'Sandmark - A Tool for Software Protection Research,' IEEE Security & Privacy (Software Protection), pp. 40-49, Jul./Aug. 2003
2 Bin Fu, Golden G. Richard III, Yixin Chen, and Adbo Husseiny, 'Some New Approaches For Preventing Software Tampering,' Proc. of the 44th ACM Southeast Regional Conference (ACM SE'06), pp. 655-660, Mar. 2006
3 P. C. van Oorschot, 'Revisiting Software Protection,' 6th ISC 2003, Springer-Verlag LNCS 2851, pp. 1-13, Oct. 2003
4 M. R. Stytz and J. A. Whitaker, 'Software Protection: Security's Last Stand?,' IEEE Security & Privacy, 1(1), pp. 95-98, Jan. 2003   DOI   ScienceOn
5 C. Collberg, C. Thomborson, and D. Low, 'A Taxonomy of Obfuscating Transformations,' Tech. report 148, Dept. of Computer Science, University of Auckland, New Zealand, 1997; www.cs.arizona. edu/-collberg/Research/Publications/ColbergThomborsonLow97a/
6 .NET Obfuscator (Dotfuscator), http://www.preemptive.com/products/dotfuscator/index.html
7 G. Wroblewski, 'A General Method of Program Code Obfuscation,' Ph.D. Dissertation, Wroclaw University, Proceedings of the International Conference on Software Engineering Research and Practice (SERP), Jun. 2002
8 Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman, 'Compilers: Principles, Techniques, and Tools,' Addision-Wesley Publishing Company, 1998
9 G. Naumovicb and N. Memon, 'Preventing Piracy, Reverse Engineering, and Tampering,' IEEE Computer, pp. 64-71, Jul. 2003
10 C. Collberg and C. Thomborson, 'Software Watermarking: Models and Dynamic Embeddings,' Proceedings of POPL '99 of the 26th ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, pp. 311-324, Mar. 1999
11 C. Collberg and C. Thomborson, 'Watermarking, Tamper-proofing, and Obfuscation-Tools for Software Protection,' IEEE Trans. Software Eng., Vol.28, No.8, pp. 735-746, 2002   DOI   ScienceOn
12 Chenxi Wang, 'A Security Architecture for Survivability Mechanisms,' Ph.D. Dissertation, University of Virginia, Oct. 2000
13 C. Linn and S. Debray, 'Obfuscation of executable code to improve resistance to static disassembly,' Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 290-299, Oct. 2003
14 B. Barak et al., 'On the (Im)possibility of Obfuscating Programs,' Advances in Cryptology?Crypto 2001, Proc. 21st Ann. Int'l Cryptology Conf., LNCS 2139, Springer-Verlag, pp. 1-18, 2001
15 Christopher Kruegel, William Robertson, Fredrik Valeur and Giovanni Vigna, 'Static Disassembly of Obfuscated Binaries,' Proc. of the 13th USENIX Security Symposium, pp. 255-270, Aug. 2004
16 Levent Ertaul, and Suma Venkatesh, 'JHide-A Tool Kit for Code Obfuscation,' Proceedings of the 8th IASTED International Conference Software Engineering and Applications (SEA 2004), Nov. 2004
17 ANTLR, http://www.antlr.org
18 Colin W. Van Dyke, 'Advances in Low-Level Software Protection,' Ph. D. Thesis, Oregon State University, Jun. 2005
19 SUIF Compiler System, http://suif.stanford.edu/suif/ suif2/doc-2.2.0-4/