Suggestions for Code Obfuscator and/or Encrypter
-
Hi Coders I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++. Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at? Regards Jeremy
Insert the lines like "temp = temp++ - foo(temp++) - temp++;" throughout your code. Not only people, even compilers will get obfuscated by that! :laugh:
-
Hi Coders I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++. Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at? Regards Jeremy
JSadleir wrote:
I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++.
Just use Boost libraries. Then your code is obfuscated automatically. :laugh:
JSadleir wrote:
Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at?
When you compile your C++ source code it cannot be reconstruced like in Java and C#. In case you deliver the source code you may use a (commercial) obfuscator - especially when you need to hide poor code quality. ;) -- modified at 7:08 Saturday 22nd April, 2006 Here is one commercial offering: http://www.semanticdesigns.com/Products/Obfuscators/CppObfuscator.html?Home=CppTools[^]
-
JSadleir wrote:
I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++.
Just use Boost libraries. Then your code is obfuscated automatically. :laugh:
JSadleir wrote:
Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at?
When you compile your C++ source code it cannot be reconstruced like in Java and C#. In case you deliver the source code you may use a (commercial) obfuscator - especially when you need to hide poor code quality. ;) -- modified at 7:08 Saturday 22nd April, 2006 Here is one commercial offering: http://www.semanticdesigns.com/Products/Obfuscators/CppObfuscator.html?Home=CppTools[^]
-
Hi Coders I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++. Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at? Regards Jeremy
You seem to be confused about what obfuscation means. Obfuscating your C++ code will not change the machine code that is generated by the compiler, only the source code used to create the program. The person reverse engineering your code would not know if you obfuscated the original code or not. There have been methods used to attempt to defeat reverse engineering of code (at the machine code level), but the ultimate result is that your program is slower and more difficult to debug. Any one who is determined to reverse engineer your code will be able to do it, because the best you can do is make it more difficult to do it. The reason for that is that nothing is hidden at the machine level. A sophisticated decompiler may be able to take the machine code and produce a source code file from it. The resulting code will look nothing like the original code and may not even be in the same language as the original code. It will generate variable names like 'var1' or 'intVar1', because it will not know what the variables are intended to represent, that is also true of function names. You have no choice but to depend on people to obey the law. That does not mean that it is always illegal to reverse engineer someone else’s code (regardless of what the licenses say), it just means that you can only do it for legal reasons. To figure out how it works so you can duplicate it and make a profit is not one of the legal reasons for reverse engineering code. INTP Every thing is relative...
-
You seem to be confused about what obfuscation means. Obfuscating your C++ code will not change the machine code that is generated by the compiler, only the source code used to create the program. The person reverse engineering your code would not know if you obfuscated the original code or not. There have been methods used to attempt to defeat reverse engineering of code (at the machine code level), but the ultimate result is that your program is slower and more difficult to debug. Any one who is determined to reverse engineer your code will be able to do it, because the best you can do is make it more difficult to do it. The reason for that is that nothing is hidden at the machine level. A sophisticated decompiler may be able to take the machine code and produce a source code file from it. The resulting code will look nothing like the original code and may not even be in the same language as the original code. It will generate variable names like 'var1' or 'intVar1', because it will not know what the variables are intended to represent, that is also true of function names. You have no choice but to depend on people to obey the law. That does not mean that it is always illegal to reverse engineer someone else’s code (regardless of what the licenses say), it just means that you can only do it for legal reasons. To figure out how it works so you can duplicate it and make a profit is not one of the legal reasons for reverse engineering code. INTP Every thing is relative...
-
You are welcome! Normally I would not comment further, it is just that I am surprised that no one pointed it out before me. What I said about attempts to obfuscate code at the machine level was true. Why they even bothered mystifies me, because it is impossible on the face of it. Now doing obfuscation for entertainment is another thing, some years ago a programming publication had a regular contest and the best one I read was a love letter. That is when you read it, you where reading a love letter. I do not remember the actual output (something to do with love), but it worked perfectly. INTP “Testing can show the presence of errors, but not their absence.” Edsger Dijkstra
-
Speaking seriously, you can build your application with multiple dll files and call functions across different dlls. If I remember correctly, Microsoft used a similar technique in their Win95/98 to hide undocumented functionality of their OS (some kind of dll stubs). It is usually pain in the place to reverse engineer code that makes calls to other binaries. I am not 100% sure but I remember reading somewhere that there are ways of calling a function in dll without exporting its name, just by its binary address (offset) in the file if you know the function signature. This way a person hacking your code can't get much information from dumpbin utility and can't call your function unless he/she can guess all parameter types correctly. Which is not an easy task. Another way is to write a code that overwrites its own binary, but then your antivirus software may start complaining about your program. As a bottom line though, I would think that it'll create more trouble for you than to a person hacking your code. Think twice if it is worth your time.
-
You are welcome! Normally I would not comment further, it is just that I am surprised that no one pointed it out before me. What I said about attempts to obfuscate code at the machine level was true. Why they even bothered mystifies me, because it is impossible on the face of it. Now doing obfuscation for entertainment is another thing, some years ago a programming publication had a regular contest and the best one I read was a love letter. That is when you read it, you where reading a love letter. I do not remember the actual output (something to do with love), but it worked perfectly. INTP “Testing can show the presence of errors, but not their absence.” Edsger Dijkstra
-
Speaking seriously, you can build your application with multiple dll files and call functions across different dlls. If I remember correctly, Microsoft used a similar technique in their Win95/98 to hide undocumented functionality of their OS (some kind of dll stubs). It is usually pain in the place to reverse engineer code that makes calls to other binaries. I am not 100% sure but I remember reading somewhere that there are ways of calling a function in dll without exporting its name, just by its binary address (offset) in the file if you know the function signature. This way a person hacking your code can't get much information from dumpbin utility and can't call your function unless he/she can guess all parameter types correctly. Which is not an easy task. Another way is to write a code that overwrites its own binary, but then your antivirus software may start complaining about your program. As a bottom line though, I would think that it'll create more trouble for you than to a person hacking your code. Think twice if it is worth your time.
-
You are welcome! Normally I would not comment further, it is just that I am surprised that no one pointed it out before me. What I said about attempts to obfuscate code at the machine level was true. Why they even bothered mystifies me, because it is impossible on the face of it. Now doing obfuscation for entertainment is another thing, some years ago a programming publication had a regular contest and the best one I read was a love letter. That is when you read it, you where reading a love letter. I do not remember the actual output (something to do with love), but it worked perfectly. INTP “Testing can show the presence of errors, but not their absence.” Edsger Dijkstra
Okay, so for recent contests look here: http://www0.us.ioccc.org/main.html[^] People that start writing code immediately are programmers (or hackers), people that ask questions first are Software Engineers - Graham Shanks