Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [obfuscation]

Concealing the nature of how things truly function or work.

Obfuscation is the process by which the code is altered so that a reverser find it impossible to read any clear indications of what the intended program does or how it operates. The larger the program the greater the obfuscation, as code becomes intertwined linking different segments through out the program.

While it may be possible to use a disassembler to figure out how certain aspects within a program function, it requires knowledge of assembly. Assembly language by its nature is non-trivial.

Another way to increase obfuscation is to use packers.

160 questions
29
votes
3 answers

What is a "control-flow flattening" obfuscation technique?

I recently heard about the "control-flow flattening" obfuscation which seems to be is used to break the structure of the CFG of the binary program (see Symbolic Execution and CFG Flattening). Can somebody make an explanation of what is its basic…
perror
  • 19,083
  • 29
  • 87
  • 150
19
votes
4 answers

What is an "opaque predicate"?

I saw the term of opaque predicates several times in obfuscation papers. As far as I understand it, it refers to predicates that are hard to evaluate in an automated manner. Placing it at strategical points of the program (jmp, test, ...) can…
perror
  • 19,083
  • 29
  • 87
  • 150
16
votes
3 answers

Are there any metrics for code obfuscation?

Is source code obfuscation quantifiable ? Are there any metrics that measure the degree of obfuscation in a source file ?
asheeshr
  • 2,465
  • 8
  • 28
  • 41
10
votes
2 answers

What is "instruction camouflage" obfuscation?

I have an obfuscated binary which only print a simple Hello World! and exit like this: Hello World! But, when I am looking at the assembly with objdump, I cannot find any call to printf or write, nor find the string Hello World!. 0804840c
: …
perror
  • 19,083
  • 29
  • 87
  • 150
8
votes
3 answers

Writeup of reverse engineering VM based obfuscation

I've seen quite a few crackmes on reverse engineering VM's. I've also come across "Unpacking Virtualization Obfuscators". Are there any other writeups that you could point me to that discuss the RE'ing of a VM based obfuscation from scratch? Also,…
user1743
8
votes
1 answer

Semantics-based obfuscation

I have some (very blurred as usual) thinking about the semantics obfuscation, that come from this question and the excellent answers of @RolfRolles and @Andrew. As far as I understand, the ideas of the authors in this paper about Semantics-based…
Ta Thanh Dinh
  • 1,410
  • 8
  • 12
6
votes
3 answers

How to design opaque predicates?

Opaque predicate are used to disrupt automatic analysis of the binary code by reaching the limits of what can do an analyzer. Can somebody give an example (or a few examples) of an opaque predicate found in a real-life case ? And, what are the…
perror
  • 19,083
  • 29
  • 87
  • 150
5
votes
3 answers

Origin of "Hacker Protection Factor"

Dexguard claims a "hacker protection factor" of 35 without any explanation of where the number comes from or what it means. I figure the actual statement is meaningless, but I'm very curious to see who is assessing these protection factors. A…
Antimony
  • 2,012
  • 11
  • 16
2
votes
1 answer

Obfuscation indirect address

I'm studying a reverse engineering course and here is an example about obfuscation indirect addresses: The course says: The original code moves the content of the CH register to DL and the output will be 'I'. In the obfuscated code, the "BL"…
nerios
  • 21
  • 1
1
vote
1 answer

Large memcpy operation before possible obfuscation

I am currently reversing a binary and I am stuck at understanding what the application is trying to do. There is a memcpy operation which is copying almost 1MB from a .data section to a .bss section. This operation is made in an initialising phase…
allbabel
  • 179
  • 3
  • 13
1
vote
0 answers

Obfuscate JSON file that is served client-side

Through some research I have found that obfuscation won't block hackers from retrieving your .json file, but I'd like to have at least a level of obfuscation that deters some people. I ran into a npm package called bson that creates binaries for a…
Beta
  • 11
  • 2
1
vote
2 answers

Techniques to hide a process (procmon)?

On Windows, how would one go about hiding procmon from another process? What techniques/terms would I be searching for?
user737447
  • 11
  • 2
0
votes
1 answer

unobfuscate Assembly-CSharp.dll?

First: sorry about English, it's not my language. The translation was done by Google Translate. I'm trying to work on a .dll from a Unity game, I managed to decompile the entire game, open the .dll, but it is obfuscated and I can't unobfuscate it in…
Shadwlk
  • 1
0
votes
1 answer

What is the obfuscation method utilised in Playdead's 'LIMBO' video game?

The game uses Unity3D engine, perhaps with a custom render pipeline. Reports have been made, it is not possible to disassemble it. How did they achieve that?
ivan866
  • 109
  • 3
0
votes
0 answers

Encrypting and packing at functional boundaries for obfuscation

I am interested in software obfuscation techniques. I found your excellent summary of obfuscation in order to avoid (as possible) reverse engineering. One of the proposed technique you quoted: Packing and encrypting code segment I will group…
odysseasg
  • 1
1
2