Obfuscation is a mighty technique widely used by hackers as well as security teams all over the globe. They have different motivations to use obfuscation, but their aim is the same – to make the source code unintelligible, difficult to comprehend, and interpret. Let’s have a look at some of the types of obfuscation.
Reasons to use obfuscation
Hackers use obfuscation to hide the behavior of their malicious code and make the job of reverse engineers more challenging.
Security teams use obfuscation to protect intellectual property – they obfuscate the source code of complex algorithms to hide implementation details. Even more importantly, obfuscation prevents attacks that can arise from reverse engineering of a program and finding vulnerabilities in it.
Types of obfuscation
Obfuscation can occur in high-level programming languages, but it can also be found on the assembly level. Some examples of obfuscation techniques are:
1. Variable renaming and String encryption
Obfuscation on higher levels includes variable renaming to hide the true purpose of these variables or string encryption to make all the messages unreadable (strings then have to be decrypted during runtime).
2. Code flow obfuscation
An even more powerful way to scramble the source code is code flow obfuscation. This technique includes adding unnecessary case-switches or rebuilding the structure and conditions of nested if statements in an unintuitive way.
3. Obfuscating debug information
Another method is completely disabling debug information or at least obfuscating them, for example changing line numbers and file names in debug data.
4. Address obfuscation
Obfuscation on lower levels can include address obfuscation. This technique ensures that each time a program runs, it has different code and data addresses. Such an approach prevents exploits in non-memory safe languages.
5. Assembly code obfuscation
Assembly code obfuscation can cause the disassembler to produce incorrect output. Examples of such behavior are combining binary and decimal with assembly instructions, indirect addressing, jump in the middle of instruction, etc.
Conclusion
There are many obfuscation techniques and all of them can be used for good as well as for bad purposes. Security teams encounter obfuscation every day when they either try to protect their code or deobfuscate some malicious code originating from hackers.