hi can someone plz tell me what obfuscation exactly is, and how to obfuscate some code given to u. actually we have an upcoming comptt. in goa college of engg. and there is this even which is called "dubugsy n obfuscy" where we have to obfuscate and debug some code tha'll be gven ot us and do this ON PAPER... SOS aaaaaaaaeee Gurpreet
can someone plz tell me what obfuscation exactly is, and how to obfuscate some code given to u.
Hi gurpreet...
the word "obfuscate" means confuse/complicate in pure english.... :-)
Code obfuscation means complicate ur src codes so that it confuses them who in case reverse engg ur code .... that is just one application of that ..... i mean code protection techniques involve obfuscation of code as one method ....
i mean u can obfuscate AND encrypt the code so that it won't be easily underrstoood by someone else :-)
some quick urls:
http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation... (related to java code protection) http://mini.net/tcl/728 (tcl )
some products: (see the features u'll understand) http://www.instantiations.com/jove/product/obfus1.htm http://sourceguardian.com/
actually we have an upcoming comptt. in goa college of engg. and there is this even which is called "dubugsy n obfuscy" where we have to obfuscate and debug some code tha'll be gven ot us and do this ON PAPER...
BEST OF LUCK :-)
If u have time just look at some cracking site/honepots for how guys from wild have used this technique to encrypt the codes/ packet transfer also so that even if the packets r notices they confuse !
regards, Ranjeet
On Mon, 23 Sep 2002 ranjeet@nttindia.com wrote:
Code obfuscation means complicate ur src codes so that it confuses them who in case reverse engg ur code .... that is just one application of that ..... i mean code protection techniques involve obfuscation of code as one method ....
obfuscation of code does *not* protect against reverse engineering. When you reverse engineer the code, you need not get back the exact original source.
obfuscation is simply an art form.
If u have time just look at some cracking site/honepots for how guys from wild have used this technique to encrypt the codes/ packet transfer also so that even if the packets r notices they confuse !
security through obscurity is worse than no security at all.
At 06:30 even 9/23/02 +0530, you wrote:
Code obfuscation means complicate ur src codes so that it confuses them who in case reverse engg ur code .... that is just one application of that ..... i mean code protection techniques involve obfuscation of code as one method ....
If you have the source code, however obfuscated, it will not be /reverse/ engeneering. It wll still be source code which you will have to decode or decypher, so to speak. Reverse engg is generally when you do /not/ have the source code and you generally work only with the binaries.
i mean u can obfuscate AND encrypt the code so that it won't be easily underrstoood by someone else :-)
I would be better simply /not/ to give away the source code if that is your purpose !!
err.. OK, obfuscation may protect /interpreted/ code or a /script/.
If u have time just look at some cracking site/honepots for how guys from wild have used this technique to encrypt the codes/ packet transfer also so that even if the packets r notices they confuse !
encrypting, will be plain encryption, will it not? Obfuscation is more of an art.
quasi below is one of the best examples of obfuscation I have come across. It is in C - Compiles & runs. Guess what it does ?? :-) I had come across this ~5 years back, so unfortunately I do not have the author's name.
---- start ---- #include <stdio.h>
#define l11l 0xFFFF #define ll1 for #define ll111 if #define l1l1 unsigned #define l111 struct #define lll11 short #define ll11l long #define ll1ll putchar #define l1l1l(l) l=malloc(sizeof(l111 llll1));l->lll1l=1-1;l->ll1l1=1-1; #define l1ll1 *lllll++=l1ll%10000;l1ll/=10000; #define l1lll ll111(!l1->lll1l){l1l1l(l1->lll1l);l1->lll1l->ll1l1=l1;}\ lllll=(l1=l1->lll1l)->lll;ll=1-1; #define llll 1000
l111 llll1 { l111 llll1 * lll1l,*ll1l1 ;l1l1 lll11 lll [ llll];};main (){l111 llll1 *ll11,*l1l,* l1, *ll1l, * malloc ( ) ; l1l1 ll11l l1ll ; ll11l l11,ll ,l;l1l1 lll11 *lll1,* lllll; ll1(l =1-1 ;l< 14; ll1ll("\t"8)>l"9!.)>vl" [l]^'L'),++l );scanf("%d",&l);l1l1l(l1l) l1l1l(ll11 ) (l1=l1l)-> lll[l1l->lll[1-1] =1]=l11l;ll1(l11 =1+1;l11<=l; ++l11){l1=ll11; lll1 = (ll1l=( ll11=l1l))-> lll; lllll =( l1l=l1)->lll; ll=(l1ll=1-1 );ll1(;ll1l-> lll1l||l11l!= *lll1;){l1ll +=l11**lll1++ ;l1ll1 ll111 (++ll>llll){ l1lll lll1=( ll1l =ll1l-> lll1l)->lll; }}ll1(;l1ll; ){l1ll1 ll111 (++ll>=llll) { l1lll} } * lllll=l11l;} ll1(l=(ll=1- 1);(l<llll)&& (l1->lll[ l] !=l11l);++l); ll1 (;l1;l1= l1->ll1l1,l= llll){ll1(--l ;l>=1-1;--l, ++ll)printf( (ll)?((ll%19) ?"%04d":(ll= 19,"\n%04d") ):"%4d",l1-> lll[l] ) ; } ll1ll(10); } ---- end ----
While we're at it:
#include <stdio.h>
char *T="IeJKLMaYQCE]jbZRskc[SldU^V\X\|/_<[<:90!"$434-./2>]s", K[3][1000],*F,x,A,*M[2],*J,r[4],*g,N,Y,*Q,W,*k,q,D;X(){r [r [r[3]=M[1-(x&1)][*r=W,1],2]=*Q+2,1]=x+1+Y,*g++=((((x& 7) -1)>>1)-1)?*r:r[x>>3],(++x<*r)&&X();}E(){A||X(x=0,g =J ),x=7&(*T>>A*3),J[(x[F]-W-x)^A*7]=Q[x&3]^A*(*M)[2 +( x&1)],g=J+((x[k]-W)^A*7)-A,g[1]=(*M)[*g=M[T+=A ,1 ][x&1],x&1],(A^=1)&&(E(),J+=W);}l(){E(--q&&l () );}B(){*J&&B((D=*J,Q[2]<D&&D<k[1]&&(*g++=1 ), !(D-W&&D-9&&D-10&&D-13)&&(!*r&&(*g++=0) ,* r=1)||64<D&&D<91&&(*r=0,*g++=D-63)||D >= 97&&D<123&&(*r=0,*g++=D-95)||!(D-k[ 3] )&&(*r=0,*g++=12)||D>k[3]&&D<=k[ 1] -1&&(*r=0,*g++=D-47),J++));}j( ){ putchar(A);}b(){(j(A=(*K)[D* W+ r[2]*Y+x]),++x<Y)&&b();}t () {(j((b(D=q[g],x=0),A=W) ), ++q<(*(r+1)<Y?*(r+1): Y) )&&t();}R(){(A=(t( q= 0),'\n'),j(),++r [2 ]<N)&&R();}O() {( j((r[2]=0,R( )) ),r[1]-=q) && O(g-=-q) ;} C(){( J= gets (K [1]))&&C((B(g=K[2]),*r=!(!*r&&(*g++=0)),(*r)[r]=g-K[2],g=K[2 ],r[ 1]&& O()) );;} main (){C ((l( (J=( A=0) [K], A[M] =(F= (k=( M[!A ]=(Q =T+( q=(Y =(W= 32)- (N=4 )))) +N)+ 2)+7 )+7) ),Y= N<<( *r=! -A)) );;}
Quasi wrote.... If you have the source code, however obfuscated, it will not be /reverse/ engeneering. It wll still be source code which you will have to decode or decypher, so to speak. Reverse engg is generally when you do /not/ have the source code and you generally work only with the binaries.
hmmm agreed ..but what i mean was reverce engg to obtain src codes (sorry my wordings were wrong).,.... what i mean was there r couple of examples of java apps which when u put into decomilers throws some confusing code out .... i mean one method* (just one method) by code obfuscation......
i mean u can obfuscate AND encrypt the code so that it won't be easily underrstoood by someone else :-)
I would be better simply /not/ to give away the source code if that is your purpose !!
err.. OK, obfuscation may protect /interpreted/ code or a /script/.
yeh thanx for correcting ... i shud have mentioned interpreted languages ... i just gave urls for PHP n java ... sorry ...
If u have time just look at some cracking site/honepots for how guys from wild have used this technique to encrypt the codes/ packet transfer also so that even if the packets r notices they confuse !
encrypting, will be plain encryption, will it not? Obfuscation is more of an art.
agreed it's n art only .....sorry if i tried to post it as an method for security ... .... i was discussing just one case .... say from wild i've obtained some binaries which r actually a backdoor programs installed on host ..... these programs say binary foo running on port 23 (just an assumption)... when network administrator gets a doubt for suspicious traffic .. he will start lookin into actual content of the packets transferring .... if the backdoor is coded like it can obfuscate and encrypt the packet and then tranfer it..... the client for that backdoor is coded for deobfuscate (don't know whether this term is there in english...i just mean the reverse thing to obfuscate) the packets and decrypt them ..... so as to just make a network admin guessing bout the packet content ....
it is just a POSSIBILITY .....
thanx for clearing doubts quasee and philip.....
yes n indeed the below example is gr8 ....
ranjeet
quasi below is one of the best examples of obfuscation I have come across. It is in C - Compiles & runs. Guess what it does ?? :-) I had come across this ~5 years back, so unfortunately I do not have the author's name.
---- start ---- #include <stdio.h>
#define l11l 0xFFFF #define ll1 for #define ll111 if #define l1l1 unsigned #define l111 struct #define lll11 short #define ll11l long #define ll1ll putchar #define l1l1l(l) l=malloc(sizeof(l111 llll1));l->lll1l=1-1;l->ll1l1=1-1; #define l1ll1 *lllll++=l1ll%10000;l1ll/=10000; #define l1lll ll111(!l1->lll1l){l1l1l(l1->lll1l);l1->lll1l->ll1l1=l1;}\ lllll=(l1=l1->lll1l)->lll;ll=1-1; #define llll 1000
l111 llll1 { l111llll1 * lll1l,*ll1l1 ;l1l1 lll11 lll [ llll];};main (){l111 llll1 *ll11,*l1l,* l1, *ll1l, * malloc ( ) ; l1l1 ll11l l1ll ; ll11l l11,ll ,l;l1l1 lll11 *lll1,* lllll; ll1(l =1-1 ;l< 14; ll1ll("\t"8)>l"9!.)>vl" [l]^'L'),++l );scanf("%d",&l);l1l1l(l1l) l1l1l(ll11 ) (l1=l1l)-> lll[l1l->lll[1-1] =1]=l11l;ll1(l11 =1+1;l11<=l; ++l11){l1=ll11; lll1 = (ll1l=( ll11=l1l))-> lll; lllll =( l1l=l1)->lll; ll=(l1ll=1-1 );ll1(;ll1l-> lll1l||l11l!= *lll1;){l1ll +=l11**lll1++ ;l1ll1 ll111 (++ll>llll){ l1lll lll1=( ll1l =ll1l-> lll1l)->lll; }}ll1(;l1ll; ){l1ll1 ll111 (++ll>=llll) { l1lll} } * lllll=l11l;} ll1(l=(ll=1- 1);(l<llll)&& (l1->lll[ l] !=l11l);++l); ll1 (;l1;l1= l1->ll1l1,l= llll){ll1(--l ;l>=1-1;--l, ++ll)printf( (ll)?((ll%19) ?"%04d":(ll= 19,"\n%04d") ):"%4d",l1-> lll[l] ) ; } ll1ll(10); } ---- end ----
--- ranjeet@nttindia.com wrote:
---- start ---- #include <stdio.h>
#define l11l 0xFFFF #define ll1 for #define ll111 if #define l1l1 unsigned #define l111 struct #define lll11 short #define ll11l long #define ll1ll putchar #define l1l1l(l) l=malloc(sizeof(l111
llll1));l->lll1l=1-1;l->ll1l1=1-1;
#define l1ll1 *lllll++=l1ll%10000;l1ll/=10000; #define l1lll
ll111(!l1->lll1l){l1l1l(l1->lll1l);l1->lll1l->ll1l1=l1;}\
lllll=(l1=l1->lll1l)->lll;ll=1-1; #define llll 1000
[snip] This thread is getting interesting. Can someone highlight me as to what is the above code all about.
Trevor
l111 llll1 { l111
llll1 * lll1l,*ll1l1 ;l1l1
lll11 lll [
llll];};main (){l111 llll1*ll11,*l1l,* l1,
*ll1l, * malloc ( ) ; l1l1 ll11l
l1ll ; ll11l
l11,ll ,l;l1l1 lll11 *lll1,* lllll;
ll1(l =1-1 ;l<
14; ll1ll("\t"8)>l"9!.)>vl" [l]^'L'),++l );scanf("%d",&l);l1l1l(l1l) l1l1l(ll11 )
(l1=l1l)->
lll[l1l->lll[1-1] =1]=l11l;ll1(l11
=1+1;l11<=l;
++l11){l1=ll11; lll1 = (ll1l=(
ll11=l1l))-> lll;
lllll =( l1l=l1)->lll;
ll=(l1ll=1-1
);ll1(;ll1l-> lll1l||l11l!=
*lll1;){l1ll
+=l11**lll1++ ;l1ll1 ll111
(++ll>llll){ l1lll
lll1=( ll1l =ll1l->
lll1l)->lll;
}}ll1(;l1ll; ){l1ll1 ll111
(++ll>=llll) {
l1lll} } * lllll=l11l;} ll1(l=(ll=1- 1);(l<llll)&& (l1->lll[ l] !=l11l);++l);
ll1 (;l1;l1=
l1->ll1l1,l= llll){ll1(--l
;l>=1-1;--l,
++ll)printf( (ll)?((ll%19)
?"%04d":(ll=
19,"\n%04d") ):"%4d",l1->
lll[l] ) ; }
ll1ll(10); }
---- end ----
http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevor.w@media.mit.edu \ (/ | |_|_ \ Research Asst, MediaLab / _|_| ___________________________________/
__________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com
On Wed, 25 Sep 2002, Trevor Warren wrote:
#define llll 1000
[snip] This thread is getting interesting. Can someone highlight me as to what is the above code all about.
Please trim the original post when replying. You are constantly violating the list guidelines in this respect.
On Sep 25, 2002 at 00:30, Trevor Warren wrote:
--- ranjeet@nttindia.com wrote:
#define l11l 0xFFFF #define ll1 for #define ll111 if
This thread is getting interesting. Can someone highlight me as to what is the above code all about.
I don't want to highlight you, but the code is simple. The preprocessor goes through and replaces the #defined strings first, so you'll see that once that is done, you and up with fairly simple C code. The alignment will be off, but it'll work as the parser won't care about whitespace.
Try it manually.
hi
you can compile and execute for yourself,
$./a.out
Enter number: 5 120
$./a.out
Enter number: 4 24
On Wed, 25 Sep 2002, Trevor Warren wrote:
trevor > trevor > --- ranjeet@nttindia.com wrote: trevor > > > ---- start ---- trevor > > > #include <stdio.h> trevor > > > trevor > > > #define l11l 0xFFFF trevor > > > #define ll1 for trevor > > > #define ll111 if trevor > > > #define l1l1 unsigned trevor > > > #define l111 struct trevor > > > #define lll11 short trevor > > > #define ll11l long trevor > > > #define ll1ll putchar trevor > > > #define l1l1l(l) l=malloc(sizeof(l111 trevor > > llll1));l->lll1l=1-1;l->ll1l1=1-1; trevor > > > #define l1ll1 *lllll++=l1ll%10000;l1ll/=10000; trevor > > > #define l1lll trevor > > trevor > ll111(!l1->lll1l){l1l1l(l1->lll1l);l1->lll1l->ll1l1=l1;}\ trevor > > > lllll=(l1=l1->lll1l)->lll;ll=1-1; trevor > > > #define llll 1000 trevor > [snip] trevor > This thread is getting interesting. Can someone trevor > highlight me as to what is the above code all about. trevor > trevor > trevor > Trevor trevor > trevor > > > trevor > > > trevor > > > trevor > > > trevor > > > trevor > > l111 llll1 { l111 trevor > > > llll1 * trevor > > > lll1l,*ll1l1 ;l1l1 trevor > > lll11 lll [ trevor > > > llll];};main (){l111 llll1 trevor > > *ll11,*l1l,* l1, trevor > > > *ll1l, * malloc ( ) ; l1l1 ll11l trevor > > l1ll ; ll11l trevor > > > l11,ll ,l;l1l1 lll11 *lll1,* lllll; trevor > > ll1(l =1-1 ;l< trevor > > > 14; ll1ll("\t"8)>l"9!.)>vl" [l]^'L'),++l trevor > > > );scanf("%d",&l);l1l1l(l1l) l1l1l(ll11 ) trevor > > (l1=l1l)-> trevor > > > lll[l1l->lll[1-1] =1]=l11l;ll1(l11 trevor > > =1+1;l11<=l; trevor > > > ++l11){l1=ll11; lll1 = (ll1l=( trevor > > ll11=l1l))-> lll; trevor > > > lllll =( l1l=l1)->lll; trevor > > ll=(l1ll=1-1 trevor > > > );ll1(;ll1l-> lll1l||l11l!= trevor > > *lll1;){l1ll trevor > > > +=l11**lll1++ ;l1ll1 ll111 trevor > > (++ll>llll){ l1lll trevor > > > lll1=( ll1l =ll1l-> trevor > > lll1l)->lll; trevor > > > }}ll1(;l1ll; ){l1ll1 ll111 trevor > > (++ll>=llll) { trevor > > > l1lll} } * lllll=l11l;} trevor > > > ll1(l=(ll=1- 1);(l<llll)&& trevor > > > (l1->lll[ l] !=l11l);++l); trevor > > ll1 (;l1;l1= trevor > > > l1->ll1l1,l= llll){ll1(--l trevor > > ;l>=1-1;--l, trevor > > > ++ll)printf( (ll)?((ll%19) trevor > > ?"%04d":(ll= trevor > > > 19,"\n%04d") ):"%4d",l1-> trevor > > lll[l] ) ; } trevor > > > trevor > > ll1ll(10); } trevor > > > ---- end ---- trevor > > > trevor > > > trevor > > > _______________________________________________ trevor > > > trevor > > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers trevor > > trevor > > trevor > > trevor > > trevor > > _______________________________________________ trevor > > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers trevor > > trevor > trevor > trevor > ===== trevor > ( >- GNU/LINUX, It's all about CHOICE -< ) trevor > /~\ __ http://www.qmailtheeasyway.com __ /~\ trevor > | ) / mailto: trevor.w@media.mit.edu \ (/ | trevor > |_|_ \ Research Asst, MediaLab / _|_| trevor > ___________________________________/ trevor > trevor > __________________________________________________ trevor > Do you Yahoo!? trevor > New DSL Internet Access from SBC & Yahoo! trevor > http://sbc.yahoo.com trevor > trevor > _______________________________________________ trevor > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers trevor > trevor >
At 12:30 morn 9/25/02 -0700, Trevor wrote:
[snip] This thread is getting interesting. Can someone highlight me as to what is the above code all about.
If viewed with a fixed font display the code would have formed a large "n!". The code [when compiled] is capable of calculating factorials of arbitrarily large numbers.
-
Gurpreet Singh -
Manish Jethani -
Philip S Tellis -
q u a s i -
ranjeet@nttindia.com -
Sanjeev -
Satya -
Trevor Warren