Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Obfuscating C-based binaries to avoid decompilation

Tags:

Is there some way to obfuscate C-based executables or libraries to prevent decompilation?

like image 275
Jay Avatar asked Feb 16 '10 14:02

Jay


People also ask

What is binary obfuscation?

Binary obfuscation is a technique that aims to shadow the real application code to make it difficult for an external person, who does not have access to your sources, to understand what your program has to do.

Can you obfuscate obfuscated code?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.

What techniques can attackers use to obfuscate their traffic?

The process of how attackers are able to bypass security measures such as input filters, output encoding routines, Web application firewalls (WAFs), Web-based intrusion detection and prevention systems, and so forth are introduced.

Can you reverse obfuscation?

Press F12 to open Developer Tools inside Chrome. Now switch to the Scripts tab, right-click and choose De-obfuscate source. That's it!


2 Answers

No. You can make it more difficult to decompile but you cannot prevent it. My advice is to stop wasting your time and instead concentrate on delivering a fantastic product with ever-improving features.

Then people will be willing to pay for it.

Your main problem is that the only way to make your code un-decipherable is to make it un-runnable. Anything that can be loaded into a PC can be cracked. The people that do reverse engineering for fun, profit or fame are generally very good at it and will really not be the least bit phased by anything you do to try and stop them.

They have access to tools that make the job of deciphering your code far easier than the job you will have obfuscating it :-) Far better to convince the world at large that your software is worth buying, and seeing piracy as an opportunity to possibly convert "thieves" to genuine users.

For example, find out why they're not paying for your software and try to fix that. You'll never convert 100% of the people, some will pirate your code just for the fun of it.

Check out the series of articles running over on techdirt concerning CwF+RtB (connect with fans plus reason to buy). I've found many of the points raised there could be applicable to the software industry.

like image 150
paxdiablo Avatar answered Sep 21 '22 13:09

paxdiablo


The easy way: Buy a packer/cryptor/obfuscator product. Some are expensive and used in games, some are not. Google for them by buzzwords like "copy protection", etc.

The fast way: pack with UPX and then mangle the header somewhere so it will still be loaded in memory and run fine, but the upx utility will fail with an error (try the version field). 95% will give up if the upx utility fails.

The hard way: Write your own packer.

oh, I forgot:

The real easy way: Just ship it as it is. No really - whatever you do people can still reverse engineer your code. The amount of effort you put it in just restricts how many can reverse it.

like image 25
joveha Avatar answered Sep 19 '22 13:09

joveha