I have object/machine code in static library (written and compiled
using C++) that I wish to make difficult to reverse-engineer. I am
told by others that some could reverse-engineer this object/machine
code to generate some or all of the source, and while it may not be a
trivial task, it would not be impossible.
Do tools, processes, or other means exist by which I could do this?
I'm looking for something analogous to code obfuscation (sp?) on the
source-code side, but applied to the object code.
I am told that there may be mechanisms to do this for Java bytecode
objects to make them difficult to reverse engineer. Might there be
something similar for general object code (at least for C++
compilers/linkers)?
Thanks in advance,
-Matt
--
[Decompiling any but the smallest machine code libraries, particularly
in the absence of debugging symbols, is a great deal of work. You can
disassemble them easily enough, but figuring out what the code does is
a slog. Unless your library does something like solving the
travelling salesman problem in O(n^2) time, I wouldn't worry about it.
-John] 11 4086
Matt wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. I am told by others that some could reverse-engineer this object/machine code to generate some or all of the source, and while it may not be a trivial task, it would not be impossible.
Haha, demonstrate it! I give you the cake and you reproduce the eggs,
ok? But seriously, no offense intended, 95% of all C++ code is not
worth to be stolen!
Best wishes,
R.C.
[Someone else pointed out that Java bytecode is a lot higher level and
a lot easier to decompile than machine language, whether from C++ or
any other language. I'd think that C++ would be particularly hard to
decompile because templates and overloading generate really bloated,
messy object code. -John]
Matt wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. ...
I am told that there may be mechanisms to do this for Java bytecode objects to make them difficult to reverse engineer. Might there be something similar for general object code (at least for C++ compilers/linkers)?
There are obfuscators for .NET code (for C++ and other languages), but
I haven't heard anything about native code.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Matt wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. ...
I'm looking for something analogous to code obfuscation (sp?) on the source-code side, but applied to the object code.
I am told that there may be mechanisms to do this for Java bytecode objects to make them difficult to reverse engineer. Might there be something similar for general object code (at least for C++ compilers/linkers)?
[Decompiling any but the smallest machine code libraries, particularly in the absence of debugging symbols, is a great deal of work. You can disassemble them easily enough, but figuring out what the code does is a slog. Unless your library does something like solving the travelling salesman problem in O(n^2) time, I wouldn't worry about it. -John]
Well, you can also make the code hard to disassemble. There are
products for "code compression", and methods for creating executable
binary code that is hard to decode. Look at the book of P. Cerven for
some Win/x86 examples.
The easiest way of binary obfuscation is using inlined functions,
high level of optimization and stripping the code of debug info, as
John wrote. Recall that without at least -O2 or -O3 the compiled code
will be very similar to the source.
Theoretically, any standalone code can be understood - just run it
(and the OS) through simulator and analyze the trace for different
inputs/situations.
The problem in most cases is how much resources your opponents have,
and what is the size and complexity of your code.
For C/C++ you can process pieces of the code on source level, and
this can make code obfuscation much easier. One of my students had got
a small obfuscation project as a part of advanced programming course.
His system creates randomly looking self-modifying code in parts of
the program defined by the user. I think he would be able to publish
his code when he finishes the project.
Michael
[Ah, but if he publishes his code, will we be able to figure out out?
-John]
Rapscallion wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. I am told by others that some could reverse-engineer this object/machine code to generate some or all of the source, and while it may not be a trivial task, it would not be impossible.
Most people seem to consider C and C++ code difficult to reverse
engineer. Recovering source is a lot of work, but generating assembly
code is much less work. For reasonably large programs, it isn't
usually considered worthwhile. If your code contains million dollar
ideas, though, it might be.
Haha, demonstrate it! I give you the cake and you reproduce the eggs, ok? But seriously, no offense intended, 95% of all C++ code is not worth to be stolen!
[Someone else pointed out that Java bytecode is a lot higher level and a lot easier to decompile than machine language, whether from C++ or any other language. I'd think that C++ would be particularly hard to decompile because templates and overloading generate really bloated, messy object code. -John]
It doesn't seem that it is that much higher level, but it does seem to
be much easier to decompile. As I understand it, part of the reason
is that there are more restrictions on executing Java code related to
exceptions, so there aren't as many things that optimizers can do.
One of the better ways to obscure object code is with a good optimizer.
-- glen
"Matt" <ma**@mengland.net> wrote in message news:05*******@comp.compilers... I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. I am told by others that some could reverse-engineer this object/machine code to generate some or all of the source, and while it may not be a trivial task, it would not be impossible.
If a machine can execute it, it can be reverse engineered. It all
depends on how much effort it is worth someone to figure it out. It
takes some good assembler skills to do it, which seems to be rare
these days <g>, so just compiling the code with optimization on will
probably be good enough. If it absolutely, positively must be secure,
then you'll need to encrypt the object code with a strong crypto
algorithm, and make sure the key for it is not available to the
crackers.
Walter wrote: "Matt" <ma**@mengland.net> wrote in message I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. ...
... If it absolutely, positively must be secure, then you'll need to encrypt the object code with a strong crypto algorithm, and make sure the key for it is not available to the crackers.
How would you decide whom you may give the key? After all, it appears
that ordinary users would need the key to run the program?
Best
Kai-Uwe Bux
Kai-Uwe Bux wrote: How would you decide whom you may give the key? After all, it appears that ordinary users would need the key to run the program?
Talking about Windows, few days ago I came across an MS online source which explained that
in Windows there are two modes of secure encryption. Using a public and private key, and
using local Windows authentication per user mechanism. The latest is about that a program
can encrypt data by using this API and these data are unencryptable only when the specific
user logs in in the local account (account-oriented encryption).
In this case however, if the account is erased or Windows are reinstalled, data can't be
unencrypted any more.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Matt wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer. I am told by others that some could reverse-engineer this object/machine code to generate some or all of the source, and while it may not be a trivial task, it would not be impossible.
C++ compilers output very descriptive mangled names, and every call to
a library function will reveal parts of your code and data
structures. OO languages in general produce quite well readable binary
code.
DoDi
Ioannis Vranos wrote: Kai-Uwe Bux wrote:
How would you decide whom you may give the key? After all, it appears that ordinary users would need the key to run the program?
Talking about Windows, few days ago I came across an MS online source which explained that in Windows there are two modes of secure encryption. Using a public and private key, and using local Windows authentication per user mechanism. The latest is about that a program can encrypt data by using this API and these data are unencryptable only when the specific user logs in in the local account (account-oriented encryption).
Interesting,
would that be an authentication via internet or are both keys stored
locally (the private meant to be accessible only via a Windows-API)? In
this case, the user would have private and public key on disk and it would
just be a matter of determination to mount a successful attack.
In this case however, if the account is erased or Windows are reinstalled, data can't be unencrypted any more.
Hm, sounds like a very bad deal for the user: so far no computer of mine
served for more than five years. It is pretty unacceptable to loose my data
every time I switch the OS or the hardware. Also, from my friends who have
Windows experience, I hear that reinstalls are not exactly rare.
Best
Kai-Uwe Bux
In comp.compilers Matt <ma**@mengland.net> wrote: I have object/machine code in static library (written and compiled using C++) that I wish to make difficult to reverse-engineer.
I suggest to check the work of Christian Collberg about obfuscating
programs for watermarking: http://www.cs.arizona.edu/~collberg/...h/Obfuscation/
-- Christian This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: mthlv12 |
last post by:
Does the eclipse ide have an obfuscate button ?
|
by: Josef Sachs |
last post by:
Is Andrew Kuchling's regex-to-re HOWTO available anywhere?
I've found the following (dead) links on various Web pages:
http://py-howto.sourceforge.net/regex-to-re/regex-to-re.html...
|
by: Vladimir |
last post by:
Hello,
I have a table in MS Access database. It has one field (with BYTE datatype)
that has several properties set in Lookup tab of table Design View.
Display Control = Combo Box. Row Source...
|
by: ATS |
last post by:
HOWTO Implement LoadLibrary, GetProcAdress, and FreeLibrary.
Below is code that I want to be able to use simple
LoadLibrary\GetProcAddress\FreeLibrary technqiues on. I've used the code that
was...
|
by: Dan Sikorsky |
last post by:
How do you iterate thru a dataset to change money fields to a different
value?
Here's what I have. My dataset is filled directly from a stored procedure.
' Create Instance of Connection and...
|
by: Encapsulin |
last post by:
Hello everybody,
is it possible to hide qtvr <object...> (or even change its size to 1
pixel rectangle)?
I need to hide qtvr from the page dynamically, if .mov source is empty.
For example:
...
|
by: twigster |
last post by:
Hey everyone,
I'm looking for a good way to obfuscate some Javascript code. Does
anyone have a good experience or bad experience with a particular software?
thanks
|
by: Carla Simeoni |
last post by:
As far as I understood intermediate CSharp IC code can be retrieved resp. re-engineered
to a similar source code as the original.
Are there any options to obfuscate the code ?
Carla
|
by: berutti |
last post by:
Hi all, I have this problem. My program should analyze some data and
it features a configuration file in which it's defined the data source
(could be plain text or MYSQL data). To do so I made two...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: Vimpel783 |
last post by:
Hello!
Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |