SlideShare a Scribd company logo

IRJET- Obfuscation: Maze of Code

โ€ข
โ€ข
IRJET Journal
IRJET Journal

The document describes a proposed system called Code-a-Maze that aims to obfuscate source code through various transformations to deter software reverse engineering. Code-a-Maze works by taking source code as input and applying different obfuscation techniques depending on the path taken through an abstract "maze" represented by the code. The transformations include pointless allocation and deallocation of memory, insertion of dummy method calls, addition of bogus code and trampoline functions, flipping of conditional branches, and modification of variable and function names. The goal is to complicate the code and transfer control flow in unpredictable ways, making it difficult for attackers to analyze the code without affecting its functionality or performance.

Engineering
1 of 6
Download to read offline
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3529 OBFUSCATION: MAZE OF CODE Brijesh Patel1, Vishal Patil2, Karan Lohar3, Yogita Mane4 1,2,3Student, Dept. Of I.T Engineering, Universal College of Engineering, Maharashtra, India 4Professor, Dept. Of I.T Engineering, Universal College of Engineering, Maharashtra, India ----------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Software Reverse Engineering scenario would involve software that has been worked upon for years and carries several modules of a business in its lines of code. Unfortunately, the source code of the application or software cannot be recovered easily; what remains is โ€œnativeโ€ or โ€œbinaryโ€ code. Traditional obfuscators work on binary code, but they are tedious and do not provide us with a specific obfuscation depending upon the code. We provide a way in which the code can be obfuscateddependinguponlinesofcode and variables. We propose the application of this data confers additional information developers need for better understanding or knowing, maintaining and developing software in large team settings. This solution is proposed in order to discourage software piracy and impede malware analysis. This book introduces Code-a- Maze, reveals the results of our evaluation and proposes directions for future research in this area. Code-a-Maze will increase size of code and compilation time is also satisfactory. Key Words: obfuscation, reverse engineering, de- compilers, allocation and deallocation, dummy calls, bogus code, trampolines, byte code. 1. INTRODUCTION Reverse engineering commonly calledasback engineeringis a way of obtaining knowledge regarding a code or an algorithm (in case of a particular computer program). The reasons to obtain such information may either be good or bad depending upon a particular situation. People belie saying reverse engineering process in itself is notconcerned with creating a copy or changing the artifact in some way; it is only an analysis in order to deduce design features from products with little or no additional knowledge about the procedures involved in their original production. There are three types of Reverse Engineering software, hardware and producing 3-D images. In this book, our focal point is on software reverse engineering. The actual purpose of software reverse engineering is done to retrieve the source code of a program because of various reasons which are the source code was lost,tostudyhowthe program performs certain operations or tasks, to enhance the performance of a program, to fix a issuesorbugs(correct an error in the program when the source code is not available), to identify malicious contentina programsuchas malware or virus. Summarizing, the main aspect of software reverse engineering is to see how code functions to enhance or protect it from harm. To retrieve source code (java file) when lost or to enhance the functionality we use de- compilers to convert the .class file to java code and make improvements. The normal Java compilers consideringJVM, does not particularly obfuscate the code while making a .class file. Hence, it becomes easy for the intruder to add malicious content or copy the source code by using de- compilers. Although clearly stated Reverse engineering for the purpose of copying or duplicating programs may constitute a copyright violation, but people still back track the code for various social benefits. In order to prevent these various obfuscators wherecreated to ensure security of various softwareโ€™s. These obfuscators generally confuse the intruder about the main functionality of the code and do not provide the initial source code which is optimal. The obfuscators increase a lot of overhead, but they are still used to protect the integrity of the code. However, these obfuscators change the code flow and some of those changes make it impossible for the JVMtoefficiently optimize the code. In effect it will actually degrade the performance of your application. And hence our approachis to work on the efficiency by providing a MAZE in which only the required obfuscation occurs depending on various factors of code. Intermediate-level obfuscation, which obfuscates a program at intermediate representation (IR) level, which is typically used forinterpretation-basedlanguagesuchasJavaistheone which we are trying to focus on. This book covers the software reverseengineeringproblemscope,ourapproachto raising awarenessaboutvariousfaultsintheexcitingsystems and finally the approach to tackle Software Reverse Engineering in java codes in a simple way. 1.1 Aim and Scope Reverse Engineering explains the process or ways of determining the inner workings or set of rules followed by an engineered piece of kit (hardware or software) in the absence of design plans. Sometimes, reverse engineering is essential or unavoidable. For example, when the working or data about a certain product has been lost, reverse engineering could be done so as to recover the lost data so that product maintenance may continue and proceed further. Another example of reverse engineering is used in spying, espionage and scientific
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3530 research related to warfare that is military purpose; countries or parties involved in a war (or potentially involved in a war) typically wish to understand or gain information about the inner workings of the enemy's weapons or communication methodstoimprovedefensesor prepare efficient means of attack. Today, however, reverse engineering is most commonly associated or understood as the cause of theft of intellectual property, hacking. Someone might purchase an engineered kit (Software or Hardware) from the original manufacturer, take it apart and analyzing itor understanding its workingto re-build clones or copies of the original device without investing into development and research. Hence Reverse engineering has its own pros and cons and it could be both beneficial or hazardous as it could have quiet an effect on a companyโ€™s growth as well as its downfall, hence this cons must have some countermeasures and one of it is in form of code obfuscation. 1.2 Software Reverse Engineering (SRE) Having many of its advantages can be exploited for injecting malicious code, viruses, malware e.g. Code Red worm. Now to mitigate security problems and softwareprivacysaved by SRE, we will devise a technique to deter control flow by making information flow obscure. This is achieved through flipping conditional branches, obfuscating control transfer and inserting bogus code. The code injection will be done using branched functions, data pointers and structures, pointer allocation- deallocation, dummy calls, trampolines and start-up routines. This can be achieved at intermediate level. To achieve the above goal, we intend to design a UNIVERSAL Code-a-Maze which will be suited for multiple languages and dynamically generated. The maze will have multiple entry-points and the entry to the code will be transferred to a different point after a specified time. The design of the maze will have modest compilation time and maximum efficiency. We will do a detailed analysis of performance of our system. 2. Existing System The one featurethat distinguishes Java from other high-level programming languages is its platform independence. This characteristic is possible because of Java Virtual Machine (JVM). The Java compiler coverts the human-readable java code to an intermediary byte code. This byte-code is then read by JVM to generate machine specific codes. The intermediary byte-code, generated by the javac compiler, is stored in a .class file. However, if any attacker gets holdofthe .class file, he/she can use ready-made de-compilers and directly get access to the source code, hence compromising security. This is where obfuscators come into the picture. Followingarethecommonlyusedobfuscatorsavailableinthe market: 2.1 ProGuard [8] ProGuard is one of the few open source obfuscators which is also integrated in Android SDK. Along with obfuscation it also provides other options like shrinking, optimizing and pre-verifying your Java class file. It is basically a java obfuscator and can also be used for Android applications. ProGuard includes identifier obfuscation for packages, classes, methods, and fields. Without proper naming of classes and methods it is muchharderto reverseengineer an application, because in most cases the identifier enables an attacker to directly guess the purpose of the particular part. It is being used by developers at companies and organizations like IBM, HP,Siemens,Nokia,Google,Intel,and NATO. Although it is used so widely, ProGuard can only be described as a modest deterrent. Theobfuscationtechniques used by ProGuard are not enough to stop attackers, but enough just to give them another hurdle to cross. The program code itself will not be changed heavily, so the obfuscation by this tool is very limited. Hence the overall level of security provided by ProGuard is deficient. 2.2 Allatori [6] Allatori is a commercial obfuscator from Smartdec. Besides the same obfuscation techniques like ProGuard, it also provides methods to modify the program code. In order to thwart reverse engineering, loop constructs are segregated and merged, thereby achieving obfuscation. The less readable code and incremented length further augment complexity. Additionally,stringsareobfuscatedanddecoded at runtime. This includes messages and names that are normally human readable and would give good suggestions to attackers. The obfuscation methods used in Allatori are a superset of ProGuardโ€™s so it is more powerful but does not prevent an attacker from disassembling an application. However, with increase in complexity of the code, thecost of the application also increases considerably. Also,itspotency score mediocre compared to other obfuscators after code transformation. 2.3 GuardIT [7] GuardIT is a proprietary obfuscator by Arxan whichnotonly performs code obfuscation, name obfuscation and string encryption but also goes above and beyond to wrap the application code into an active protection system capable of detecting tamperingin real-time.Theseadvancedtechniques operate on bytecode thus making it for Java non- interoperable with AOT compilers. Sophisticated code obfuscation transformations move, split, insert, and create functionally equivalent code sequences which thwart de- compilation and reverse engineering of the underlying byte code itself.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3531 3. Proposed System Our approach for obfuscation is not to alter the class file (byte code) but to provide an obfuscated code before compilation. We are mainly focusing on Java code using JVM for compilation. In the below figure 4.1 we show how our obfuscation method would be suitable. In this approach: 1. First, we generate or retrieve a java file considered as source code which we pass it through MAZE obfuscator. 2. The output of the obfuscator is an obfuscated code which is our new source file and it can be in .txt format, .java format or any other format which can be later converted to .java file. 3. The obfuscated code passes throughJAVAVIRTUAL MACHINE (JVM) along with the previous source code. On compiling, we receive .class files of both the source code and obfuscated code as the output. Fig -1: Flowchart Obfuscator 4. When the intruder or a person who wants to retrieve the functionality of code and manages to get access over the compiled file, he can use a De- compiler. 5. The De-compiler provides the source .java file which helps the intruder to know the functionality and working of code. 6. However, in our case the intruder receives the obfuscated code which is also difficult to understand and traps the user eventually. 7. In this way we can stymie understanding of our code even if the intruder has access to .class file. Further, we are explaining the functioning of MAZE obfuscator. 3.1 System Architecture Fig -2: Maze of Code In order to hinder analysis of the source code and enhance obfuscation, we have designed a Code-a-Maze that can be integrated with the source code available and thus the complete structure is metamorphosed. The working of the MAZE is as follows: 1. First, we evaluate the given source code based on parameters like thousand lines of code (KLOC), number of methods and variables, etc. If it surpasses the minimumthreshold,thenit entersthe MAZE depending upon the condition satisfied and proceeds further in the MAZE. 2. Next it is subjected to various transformations explained below, which modifies the code depending upon the entry of thepathanalogoustoa maze. 3. After the application of the proposed variationsand modifications, the flowofthe codeproceedsfurther, ultimately reaching the final state or goal state. Thus, the aim of the MAZE is to complicate the code, thereby preventing its analysis without obstructing the natural flow of the source code. The various transformations or modifications for different paths in the MAZE are as follows: 1. Path 1: In this path, the code is subjected to pointless allocation and deallocation.Inthismethod, the memory allocated for various classes and variables in the code is changed. This is done dynamically where the stack changes using copy constructors,assignmentoperatorsanddestructors. (Refer to the below reference). 2. Path 2: In this path, the code is subjected to dummy calls. Dummy calling involves unnecessary use of class definitions in a method. It simply calls functions and methods defined in the main class,
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3532 whose function is analogous to a round-about, wherein no new changes are made, just shifts the control to a temporary state and returns back to normal state. Fig -3: Dummy calls 3. Path 3: Through this path, the code is subjected to startup routines. We can write our own startup routine codes, which makes it difficult for debuggers to bind. The sole purpose of startup routines is to transfer control flow form one function to another, making it difficult for any intruder to understand flow of data. Fig โ€“ 4: Startup routines 4. Path 4: This path is a combination of two techniques namely, bogus code and trampoline. Some specious lines of code are added having no significance, wherein the condition is always satisfied. It is intentional distortion of code through fabrication of program statements. Secondly, the trampoline function makes the control jump to different temporary state and returns. if (x*x >= 0) {s1; } else { s2;//bogus code } 5. Path 5: This path describes about the flipping conditional branches. In this approach certain pre- defined conditions are executed, and it results in shift of program control. The net effect is that the code executes certain extraneous conditions to get the same result as the natural flow of the code. 6. Path 6: As mentioned earlier, this path introducesa trampoline, where the function control is jumpedto a higher state and brought back acting like a trampoline. Once thegivenconditionissatisfied,the code shift takes place andultimatelyisbroughtback to the same initial state with little or no modifications. Fig โ€“ 5: Trampolines 7. Path 7: It is the final or goal state of the MAZE. Every transformation ultimately desires to reach this state throughvariouspathsdependinguponthe conditions and parameters. Once the control is in this state, it output is same as the output of the source code. Thus the designed Code-a-Maze achieves the aim of obfuscating the given source code, applying various transformations and modifications to hinder easy analysis of code and in turn prevent SRE. 3.2 Module wise algorithm / Pseudo code I) Switch on NetBeans and Run Java program II) Accept the Input File. III) Check for the 2 conditions<lines of code, number of methods>. III) Retrieve all function names from the code. IV) Generate random string for each function name while forming Key-Value Pair. V) Replace all function names and function calls with corresponding random strings. VI) If numbers of functions are more than 50:
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3533 A. Select one from dummy calls and start-up routines at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the trampoline function. D. Insert the string returnedfromthe function at appropriatepositionin the code. VII) If lines of code are more than 1000: A. Select one from pointless alloc- dealloc and start-up routines at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the bogus code function. D. Insert the string returnedfromthe function at appropriatepositionin the code. VIII) If numbers of functions are lessthan50andlinesof code are less than 1000: A. Select one from pointless alloc- dealloc and dummy calls at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the trampoline function. D. Insert the string returnedfromthe function at appropriatepositionin the code. 4. Benefits of the Proposed System 1. Platform Independence-thetransformationsperformedon the code are independent ofthenatureofapplicationand are applied on high-level code. 2. Diversity- because of wide range of techniques available for obfuscation, different instances of the sameoriginal code can be created thereby making it difficult for attackers to intrude. 3. Protection- obfuscation provides protection against static and dynamic attacks, in turn raising the bar for the attacker, as the attacker requires extra time and resources to crack the obfuscated code. 4. Low cost- with the automation of various transformations and compatibility with the existing systems, the obfuscated code involves low maintenance cost and efficient use of resources. 5. Simple- the obfuscationtechniquesarecomparativelyeasy to apply and achieve security of confidential code. 4.1 Future Scope ๏‚ท Extending the idea to dynamically generate the maze: The algorithm that we have developed can be further used to generate the maze dynamically based on the level of complexity required by the code. ๏‚ท Using the Maze to obfuscate any kind of application/code: With our proposed approachweintendtoconvoluteany kind of web and/or android application and even made it compatible across multiple platforms. ๏‚ท Developing software for Digital Rights Management (DRM): Since the algorithm can be extended to implement access control by integrating various encryption techniques, our Maze can prevent piracy and be used in DRM. Thus, trying to control the usage, doing any modification, and distributing the copyrighted works (such as software and multimedia content), and also systems within devices that enforce such policies. ๏‚ท Extending the idea to be used in Intellectual Property (IP): It is prominent that the protection of intellectual properties is a critical issue for the vendors while capturing customers with new technologies, with new software is the aim of every software vendors, but to protect their new ideas they need copyright or patent. 5. CONCLUSION Our project successfully used the maze of code technique to implement obfuscation and hinder code analysis. Our proposed system processes any kind of java executablecode within the constraints convoluting it with considerable increment in compile time. Thus, our maze reduces the computational time making it cost and time efficient for it to be implemented in wide range of sectors, by any organization. REFERENCES [1] Patrick Schulz โ€“ Code Protection in Android. University of Bonn, Germany. 2012 [2] Marius Popa - Techniques of Program Code Obfuscation for Secure Software. Journal of Mobile, Embedded and Distributed Systems, vol. III, no. 4, 2011. [3] Matthew Karnik, Jefferey MacBride, SeanMcGinnis, Ying Tang, Ravi Ramachandran โ€“ A Qualitative analysis of Java Obfuscation. Proceedings of the 10th IASTED International Conference Software Engineering and Applications, Dallas, Texas,USA,November13-15,2006.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3534 [4] Kirti Mathur, Saroj Hiranwal - A Survey on Techniques in Detection and Analyzing Malware Executables - http://www.ijarscsse.com/docs/papers/Volume_3/4_A pril2013/V3I4-0288.pdf [5] Jan Cappaert-Code Obfuscation Techniques forSoftware Protection - www.cosic.esat.kuleuven.be/publications/thesis- 199.pdf [6] Douglas Low โ€“ Java Control Flow Obfuscation http://www.cs.auckland.ac.nz/cthombor/Pubs/dlowthe sis.pdf [7] Arxan obfuscator system - https://www.arxan.com/resources/technology/app- code-obfuscation [8] Proguard Obfuscator system - https://www.guardsquare.com/en/products/proguar d [9] Allatori Obfuscator system -

Recommended

IRJET- Development of Uncrackable Software
IRJET- Development of Uncrackable SoftwareIRJET- Development of Uncrackable Software
IRJET- Development of Uncrackable Software
IRJET Journal
ย 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSoftware Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Swati Patel
ย 
Online java compiler with security editor
Online java compiler with security editorOnline java compiler with security editor
Online java compiler with security editor
IRJET Journal
ย 
Zafar abbasprofile
Zafar abbasprofileZafar abbasprofile
Zafar abbasprofile
Zafar Abbas
ย 
COVERT app
COVERT appCOVERT app
COVERT app
itba9
ย 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
CSCJournals
ย 
HEENA ARORA
HEENA ARORAHEENA ARORA
HEENA ARORA
Heena Arora
ย 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code Analysis
Checkmarx
ย 

Recommended

IRJET- Development of Uncrackable Software
IRJET- Development of Uncrackable SoftwareIRJET- Development of Uncrackable Software
IRJET- Development of Uncrackable Software
IRJET Journal
ย 
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSoftware Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs
Swati Patel
ย 
Online java compiler with security editor
Online java compiler with security editorOnline java compiler with security editor
Online java compiler with security editor
IRJET Journal
ย 
Zafar abbasprofile
Zafar abbasprofileZafar abbasprofile
Zafar abbasprofile
Zafar Abbas
ย 
COVERT app
COVERT appCOVERT app
COVERT app
itba9
ย 
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
Dynamic Multi Levels Java Code Obfuscation Technique (DMLJCOT)
CSCJournals
ย 
HEENA ARORA
HEENA ARORAHEENA ARORA
HEENA ARORA
Heena Arora
ย 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code Analysis
Checkmarx
ย 
Deepak_28feb16_mix
Deepak_28feb16_mixDeepak_28feb16_mix
Deepak_28feb16_mix
Deepak Punia
ย 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure Coding
JPCERT Coordination Center
ย 
Resume_raviprakash singh
Resume_raviprakash singhResume_raviprakash singh
Resume_raviprakash singh
Raviprakash singh
ย 
DishitJoshi_CV
DishitJoshi_CVDishitJoshi_CV
DishitJoshi_CV
Dishit Joshi
ย 
Gnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 yearsGnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 years
Gnana Bocha
ย 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
ย 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
ย 
GOKUL_CV_2016
GOKUL_CV_2016GOKUL_CV_2016
GOKUL_CV_2016
Gokul Choudhary(Dhangar)
ย 
Resume_Vishvnath
Resume_VishvnathResume_Vishvnath
Resume_Vishvnath
Vishvnath Pratap Singh
ย 
Atmik soni resume
Atmik soni resumeAtmik soni resume
Atmik soni resume
Atmik Soni
ย 
CV_Prathap (1)
CV_Prathap (1)CV_Prathap (1)
CV_Prathap (1)
prathap reddy
ย 
Resume
ResumeResume
Resume
Pappu Kumar
ย 
Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...
IJCSIS Research Publications
ย 
Hemanth_CV
Hemanth_CVHemanth_CV
Hemanth_CV
D Hemanth Kumar
ย 
SANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUMESANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUME
Santosh Mahto
ย 
HAREESH KUMAR P
HAREESH KUMAR P HAREESH KUMAR P
HAREESH KUMAR P
Hareesh kumar P
ย 
smpef
smpefsmpef
smpef
rsharmam
ย 
Secure development of code
Secure development of codeSecure development of code
Secure development of code
SalomeVictor
ย 
Career Choice for Graduates
Career Choice for GraduatesCareer Choice for Graduates
Career Choice for Graduates
CleanSoft Academy
ย 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
ย 
A taxonomy of obfuscating transformations
A taxonomy of obfuscating transformationsA taxonomy of obfuscating transformations
A taxonomy of obfuscating transformations
emanuele_nl
ย 
Introduction to Software Reverse Engineering
Introduction to Software Reverse EngineeringIntroduction to Software Reverse Engineering
Introduction to Software Reverse Engineering
Teodoro Cipresso
ย 

More Related Content

What's hot

Deepak_28feb16_mix
Deepak_28feb16_mixDeepak_28feb16_mix
Deepak_28feb16_mix
Deepak Punia
ย 
Resume_raviprakash singh
Resume_raviprakash singhResume_raviprakash singh
Resume_raviprakash singh
Raviprakash singh
ย 
DishitJoshi_CV
DishitJoshi_CVDishitJoshi_CV
DishitJoshi_CV
Dishit Joshi
ย 
Gnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 yearsGnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 years
Gnana Bocha
ย 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
ย 
CV_Prathap (1)
CV_Prathap (1)CV_Prathap (1)
CV_Prathap (1)
prathap reddy
ย 
Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...
IJCSIS Research Publications
ย 
SANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUMESANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUME
Santosh Mahto
ย 
HAREESH KUMAR P
HAREESH KUMAR P HAREESH KUMAR P
HAREESH KUMAR P
Hareesh kumar P
ย 
Secure development of code
Secure development of codeSecure development of code
Secure development of code
SalomeVictor
ย 

What's hot (20)

Deepak_28feb16_mix
Deepak_28feb16_mixDeepak_28feb16_mix
Deepak_28feb16_mix
ย 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure Coding
ย 
Resume_raviprakash singh
Resume_raviprakash singhResume_raviprakash singh
Resume_raviprakash singh
ย 
DishitJoshi_CV
DishitJoshi_CVDishitJoshi_CV
DishitJoshi_CV
ย 
Gnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 yearsGnana Prasuna B_5.5 years
Gnana Prasuna B_5.5 years
ย 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
ย 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
ย 
GOKUL_CV_2016
GOKUL_CV_2016GOKUL_CV_2016
GOKUL_CV_2016
ย 
Resume_Vishvnath
Resume_VishvnathResume_Vishvnath
Resume_Vishvnath
ย 
Atmik soni resume
Atmik soni resumeAtmik soni resume
Atmik soni resume
ย 
CV_Prathap (1)
CV_Prathap (1)CV_Prathap (1)
CV_Prathap (1)
ย 
Resume
ResumeResume
Resume
ย 
Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...Gene Based Software Refactoring Location Identification and Rectification For...
Gene Based Software Refactoring Location Identification and Rectification For...
ย 
Hemanth_CV
Hemanth_CVHemanth_CV
Hemanth_CV
ย 
SANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUMESANTOSH MAHATO_RESUME
SANTOSH MAHATO_RESUME
ย 
HAREESH KUMAR P
HAREESH KUMAR P HAREESH KUMAR P
HAREESH KUMAR P
ย 
smpef
smpefsmpef
smpef
ย 
Secure development of code
Secure development of codeSecure development of code
Secure development of code
ย 
Career Choice for Graduates
Career Choice for GraduatesCareer Choice for Graduates
Career Choice for Graduates
ย 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
ย 

Similar to IRJET- Obfuscation: Maze of Code

A taxonomy of obfuscating transformations
A taxonomy of obfuscating transformationsA taxonomy of obfuscating transformations
A taxonomy of obfuscating transformations
emanuele_nl
ย 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
DevOps.com
ย 
Software potential code protector
Software potential code protector Software potential code protector
Software potential code protector
InishTech
ย 
V4I5201571
V4I5201571V4I5201571
V4I5201571
krishan8018
ย 
A Survey of Keylogger in Cybersecurity Education
A Survey of Keylogger in Cybersecurity EducationA Survey of Keylogger in Cybersecurity Education
A Survey of Keylogger in Cybersecurity Education
ijtsrd
ย 

Similar to IRJET- Obfuscation: Maze of Code (20)

A taxonomy of obfuscating transformations
A taxonomy of obfuscating transformationsA taxonomy of obfuscating transformations
A taxonomy of obfuscating transformations
ย 
Introduction to Software Reverse Engineering
Introduction to Software Reverse EngineeringIntroduction to Software Reverse Engineering
Introduction to Software Reverse Engineering
ย 
Vulnerability Management in IT Infrastructure
Vulnerability Management in IT InfrastructureVulnerability Management in IT Infrastructure
Vulnerability Management in IT Infrastructure
ย 
Software Reverse Engineering in a Security Context
Software Reverse Engineering in a Security ContextSoftware Reverse Engineering in a Security Context
Software Reverse Engineering in a Security Context
ย 
A035401010
A035401010A035401010
A035401010
ย 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
ย 
A Study on Vulnerability Management
A Study on Vulnerability ManagementA Study on Vulnerability Management
A Study on Vulnerability Management
ย 
IRJET- Online Compiler for Computer Languages with Security Editor
IRJET- Online Compiler for Computer Languages with Security EditorIRJET- Online Compiler for Computer Languages with Security Editor
IRJET- Online Compiler for Computer Languages with Security Editor
ย 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
ย 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
ย 
IRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing SuiteIRJET- Cross Platform Penetration Testing Suite
IRJET- Cross Platform Penetration Testing Suite
ย 
Moxa white paper---Using Sample Code to Develop Embedded Applications
Moxa white paper---Using Sample Code to Develop Embedded ApplicationsMoxa white paper---Using Sample Code to Develop Embedded Applications
Moxa white paper---Using Sample Code to Develop Embedded Applications
ย 
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case StudyFinding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
Finding Zero-Days Before The Attackers: A Fortune 500 Red Team Case Study
ย 
FuzzyDbg_Report.pdf
FuzzyDbg_Report.pdfFuzzyDbg_Report.pdf
FuzzyDbg_Report.pdf
ย 
IRJET- How Artificial Intelligence Accelerates Software Development
IRJET- How Artificial Intelligence Accelerates Software DevelopmentIRJET- How Artificial Intelligence Accelerates Software Development
IRJET- How Artificial Intelligence Accelerates Software Development
ย 
Software potential code protector
Software potential code protector Software potential code protector
Software potential code protector
ย 
V4I5201571
V4I5201571V4I5201571
V4I5201571
ย 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
ย 
Design and Monitoring Performance of Digital Properties
Design and Monitoring Performance of Digital PropertiesDesign and Monitoring Performance of Digital Properties
Design and Monitoring Performance of Digital Properties
ย 
A Survey of Keylogger in Cybersecurity Education
A Survey of Keylogger in Cybersecurity EducationA Survey of Keylogger in Cybersecurity Education
A Survey of Keylogger in Cybersecurity Education
ย 

More from IRJET Journal

More from IRJET Journal (20)

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
ย 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
ย 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
ย 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
ย 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
ย 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
ย 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
ย 
A Review of โ€œSeismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of โ€œSeismic Response of RC Structures Having Plan and Vertical Irreg...A Review of โ€œSeismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of โ€œSeismic Response of RC Structures Having Plan and Vertical Irreg...
ย 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
ย 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
ย 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
ย 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
ย 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
ย 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
ย 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web application
ย 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
ย 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
ย 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
ย 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
ย 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
ย 

Recently uploaded

Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
ย 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
ย 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
ย 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
ย 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
ย 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
sivaprakash250
ย 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
ย 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
ย 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
ย 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
ย 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
ย 

Recently uploaded (20)

Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort ServiceCall Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
Call Girls in Ramesh Nagar Delhi ๐Ÿ’ฏ Call Us ๐Ÿ”9953056974 ๐Ÿ” Escort Service
ย 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
ย 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
ย 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
ย 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
ย 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
ย 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
ย 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
ย 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
ย 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
ย 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ย 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
ย 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
ย 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
ย 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
ย 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ย 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
ย 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
ย 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
ย 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
ย 

IRJET- Obfuscation: Maze of Code

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3529 OBFUSCATION: MAZE OF CODE Brijesh Patel1, Vishal Patil2, Karan Lohar3, Yogita Mane4 1,2,3Student, Dept. Of I.T Engineering, Universal College of Engineering, Maharashtra, India 4Professor, Dept. Of I.T Engineering, Universal College of Engineering, Maharashtra, India ----------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Software Reverse Engineering scenario would involve software that has been worked upon for years and carries several modules of a business in its lines of code. Unfortunately, the source code of the application or software cannot be recovered easily; what remains is โ€œnativeโ€ or โ€œbinaryโ€ code. Traditional obfuscators work on binary code, but they are tedious and do not provide us with a specific obfuscation depending upon the code. We provide a way in which the code can be obfuscateddependinguponlinesofcode and variables. We propose the application of this data confers additional information developers need for better understanding or knowing, maintaining and developing software in large team settings. This solution is proposed in order to discourage software piracy and impede malware analysis. This book introduces Code-a- Maze, reveals the results of our evaluation and proposes directions for future research in this area. Code-a-Maze will increase size of code and compilation time is also satisfactory. Key Words: obfuscation, reverse engineering, de- compilers, allocation and deallocation, dummy calls, bogus code, trampolines, byte code. 1. INTRODUCTION Reverse engineering commonly calledasback engineeringis a way of obtaining knowledge regarding a code or an algorithm (in case of a particular computer program). The reasons to obtain such information may either be good or bad depending upon a particular situation. People belie saying reverse engineering process in itself is notconcerned with creating a copy or changing the artifact in some way; it is only an analysis in order to deduce design features from products with little or no additional knowledge about the procedures involved in their original production. There are three types of Reverse Engineering software, hardware and producing 3-D images. In this book, our focal point is on software reverse engineering. The actual purpose of software reverse engineering is done to retrieve the source code of a program because of various reasons which are the source code was lost,tostudyhowthe program performs certain operations or tasks, to enhance the performance of a program, to fix a issuesorbugs(correct an error in the program when the source code is not available), to identify malicious contentina programsuchas malware or virus. Summarizing, the main aspect of software reverse engineering is to see how code functions to enhance or protect it from harm. To retrieve source code (java file) when lost or to enhance the functionality we use de- compilers to convert the .class file to java code and make improvements. The normal Java compilers consideringJVM, does not particularly obfuscate the code while making a .class file. Hence, it becomes easy for the intruder to add malicious content or copy the source code by using de- compilers. Although clearly stated Reverse engineering for the purpose of copying or duplicating programs may constitute a copyright violation, but people still back track the code for various social benefits. In order to prevent these various obfuscators wherecreated to ensure security of various softwareโ€™s. These obfuscators generally confuse the intruder about the main functionality of the code and do not provide the initial source code which is optimal. The obfuscators increase a lot of overhead, but they are still used to protect the integrity of the code. However, these obfuscators change the code flow and some of those changes make it impossible for the JVMtoefficiently optimize the code. In effect it will actually degrade the performance of your application. And hence our approachis to work on the efficiency by providing a MAZE in which only the required obfuscation occurs depending on various factors of code. Intermediate-level obfuscation, which obfuscates a program at intermediate representation (IR) level, which is typically used forinterpretation-basedlanguagesuchasJavaistheone which we are trying to focus on. This book covers the software reverseengineeringproblemscope,ourapproachto raising awarenessaboutvariousfaultsintheexcitingsystems and finally the approach to tackle Software Reverse Engineering in java codes in a simple way. 1.1 Aim and Scope Reverse Engineering explains the process or ways of determining the inner workings or set of rules followed by an engineered piece of kit (hardware or software) in the absence of design plans. Sometimes, reverse engineering is essential or unavoidable. For example, when the working or data about a certain product has been lost, reverse engineering could be done so as to recover the lost data so that product maintenance may continue and proceed further. Another example of reverse engineering is used in spying, espionage and scientific
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3530 research related to warfare that is military purpose; countries or parties involved in a war (or potentially involved in a war) typically wish to understand or gain information about the inner workings of the enemy's weapons or communication methodstoimprovedefensesor prepare efficient means of attack. Today, however, reverse engineering is most commonly associated or understood as the cause of theft of intellectual property, hacking. Someone might purchase an engineered kit (Software or Hardware) from the original manufacturer, take it apart and analyzing itor understanding its workingto re-build clones or copies of the original device without investing into development and research. Hence Reverse engineering has its own pros and cons and it could be both beneficial or hazardous as it could have quiet an effect on a companyโ€™s growth as well as its downfall, hence this cons must have some countermeasures and one of it is in form of code obfuscation. 1.2 Software Reverse Engineering (SRE) Having many of its advantages can be exploited for injecting malicious code, viruses, malware e.g. Code Red worm. Now to mitigate security problems and softwareprivacysaved by SRE, we will devise a technique to deter control flow by making information flow obscure. This is achieved through flipping conditional branches, obfuscating control transfer and inserting bogus code. The code injection will be done using branched functions, data pointers and structures, pointer allocation- deallocation, dummy calls, trampolines and start-up routines. This can be achieved at intermediate level. To achieve the above goal, we intend to design a UNIVERSAL Code-a-Maze which will be suited for multiple languages and dynamically generated. The maze will have multiple entry-points and the entry to the code will be transferred to a different point after a specified time. The design of the maze will have modest compilation time and maximum efficiency. We will do a detailed analysis of performance of our system. 2. Existing System The one featurethat distinguishes Java from other high-level programming languages is its platform independence. This characteristic is possible because of Java Virtual Machine (JVM). The Java compiler coverts the human-readable java code to an intermediary byte code. This byte-code is then read by JVM to generate machine specific codes. The intermediary byte-code, generated by the javac compiler, is stored in a .class file. However, if any attacker gets holdofthe .class file, he/she can use ready-made de-compilers and directly get access to the source code, hence compromising security. This is where obfuscators come into the picture. Followingarethecommonlyusedobfuscatorsavailableinthe market: 2.1 ProGuard [8] ProGuard is one of the few open source obfuscators which is also integrated in Android SDK. Along with obfuscation it also provides other options like shrinking, optimizing and pre-verifying your Java class file. It is basically a java obfuscator and can also be used for Android applications. ProGuard includes identifier obfuscation for packages, classes, methods, and fields. Without proper naming of classes and methods it is muchharderto reverseengineer an application, because in most cases the identifier enables an attacker to directly guess the purpose of the particular part. It is being used by developers at companies and organizations like IBM, HP,Siemens,Nokia,Google,Intel,and NATO. Although it is used so widely, ProGuard can only be described as a modest deterrent. Theobfuscationtechniques used by ProGuard are not enough to stop attackers, but enough just to give them another hurdle to cross. The program code itself will not be changed heavily, so the obfuscation by this tool is very limited. Hence the overall level of security provided by ProGuard is deficient. 2.2 Allatori [6] Allatori is a commercial obfuscator from Smartdec. Besides the same obfuscation techniques like ProGuard, it also provides methods to modify the program code. In order to thwart reverse engineering, loop constructs are segregated and merged, thereby achieving obfuscation. The less readable code and incremented length further augment complexity. Additionally,stringsareobfuscatedanddecoded at runtime. This includes messages and names that are normally human readable and would give good suggestions to attackers. The obfuscation methods used in Allatori are a superset of ProGuardโ€™s so it is more powerful but does not prevent an attacker from disassembling an application. However, with increase in complexity of the code, thecost of the application also increases considerably. Also,itspotency score mediocre compared to other obfuscators after code transformation. 2.3 GuardIT [7] GuardIT is a proprietary obfuscator by Arxan whichnotonly performs code obfuscation, name obfuscation and string encryption but also goes above and beyond to wrap the application code into an active protection system capable of detecting tamperingin real-time.Theseadvancedtechniques operate on bytecode thus making it for Java non- interoperable with AOT compilers. Sophisticated code obfuscation transformations move, split, insert, and create functionally equivalent code sequences which thwart de- compilation and reverse engineering of the underlying byte code itself.
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3531 3. Proposed System Our approach for obfuscation is not to alter the class file (byte code) but to provide an obfuscated code before compilation. We are mainly focusing on Java code using JVM for compilation. In the below figure 4.1 we show how our obfuscation method would be suitable. In this approach: 1. First, we generate or retrieve a java file considered as source code which we pass it through MAZE obfuscator. 2. The output of the obfuscator is an obfuscated code which is our new source file and it can be in .txt format, .java format or any other format which can be later converted to .java file. 3. The obfuscated code passes throughJAVAVIRTUAL MACHINE (JVM) along with the previous source code. On compiling, we receive .class files of both the source code and obfuscated code as the output. Fig -1: Flowchart Obfuscator 4. When the intruder or a person who wants to retrieve the functionality of code and manages to get access over the compiled file, he can use a De- compiler. 5. The De-compiler provides the source .java file which helps the intruder to know the functionality and working of code. 6. However, in our case the intruder receives the obfuscated code which is also difficult to understand and traps the user eventually. 7. In this way we can stymie understanding of our code even if the intruder has access to .class file. Further, we are explaining the functioning of MAZE obfuscator. 3.1 System Architecture Fig -2: Maze of Code In order to hinder analysis of the source code and enhance obfuscation, we have designed a Code-a-Maze that can be integrated with the source code available and thus the complete structure is metamorphosed. The working of the MAZE is as follows: 1. First, we evaluate the given source code based on parameters like thousand lines of code (KLOC), number of methods and variables, etc. If it surpasses the minimumthreshold,thenit entersthe MAZE depending upon the condition satisfied and proceeds further in the MAZE. 2. Next it is subjected to various transformations explained below, which modifies the code depending upon the entry of thepathanalogoustoa maze. 3. After the application of the proposed variationsand modifications, the flowofthe codeproceedsfurther, ultimately reaching the final state or goal state. Thus, the aim of the MAZE is to complicate the code, thereby preventing its analysis without obstructing the natural flow of the source code. The various transformations or modifications for different paths in the MAZE are as follows: 1. Path 1: In this path, the code is subjected to pointless allocation and deallocation.Inthismethod, the memory allocated for various classes and variables in the code is changed. This is done dynamically where the stack changes using copy constructors,assignmentoperatorsanddestructors. (Refer to the below reference). 2. Path 2: In this path, the code is subjected to dummy calls. Dummy calling involves unnecessary use of class definitions in a method. It simply calls functions and methods defined in the main class,
  • 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3532 whose function is analogous to a round-about, wherein no new changes are made, just shifts the control to a temporary state and returns back to normal state. Fig -3: Dummy calls 3. Path 3: Through this path, the code is subjected to startup routines. We can write our own startup routine codes, which makes it difficult for debuggers to bind. The sole purpose of startup routines is to transfer control flow form one function to another, making it difficult for any intruder to understand flow of data. Fig โ€“ 4: Startup routines 4. Path 4: This path is a combination of two techniques namely, bogus code and trampoline. Some specious lines of code are added having no significance, wherein the condition is always satisfied. It is intentional distortion of code through fabrication of program statements. Secondly, the trampoline function makes the control jump to different temporary state and returns. if (x*x >= 0) {s1; } else { s2;//bogus code } 5. Path 5: This path describes about the flipping conditional branches. In this approach certain pre- defined conditions are executed, and it results in shift of program control. The net effect is that the code executes certain extraneous conditions to get the same result as the natural flow of the code. 6. Path 6: As mentioned earlier, this path introducesa trampoline, where the function control is jumpedto a higher state and brought back acting like a trampoline. Once thegivenconditionissatisfied,the code shift takes place andultimatelyisbroughtback to the same initial state with little or no modifications. Fig โ€“ 5: Trampolines 7. Path 7: It is the final or goal state of the MAZE. Every transformation ultimately desires to reach this state throughvariouspathsdependinguponthe conditions and parameters. Once the control is in this state, it output is same as the output of the source code. Thus the designed Code-a-Maze achieves the aim of obfuscating the given source code, applying various transformations and modifications to hinder easy analysis of code and in turn prevent SRE. 3.2 Module wise algorithm / Pseudo code I) Switch on NetBeans and Run Java program II) Accept the Input File. III) Check for the 2 conditions<lines of code, number of methods>. III) Retrieve all function names from the code. IV) Generate random string for each function name while forming Key-Value Pair. V) Replace all function names and function calls with corresponding random strings. VI) If numbers of functions are more than 50:
  • 5. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3533 A. Select one from dummy calls and start-up routines at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the trampoline function. D. Insert the string returnedfromthe function at appropriatepositionin the code. VII) If lines of code are more than 1000: A. Select one from pointless alloc- dealloc and start-up routines at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the bogus code function. D. Insert the string returnedfromthe function at appropriatepositionin the code. VIII) If numbers of functions are lessthan50andlinesof code are less than 1000: A. Select one from pointless alloc- dealloc and dummy calls at random and make the function call. B. Insert the string returnedfromthe function at appropriatepositionin the code. C. Call the trampoline function. D. Insert the string returnedfromthe function at appropriatepositionin the code. 4. Benefits of the Proposed System 1. Platform Independence-thetransformationsperformedon the code are independent ofthenatureofapplicationand are applied on high-level code. 2. Diversity- because of wide range of techniques available for obfuscation, different instances of the sameoriginal code can be created thereby making it difficult for attackers to intrude. 3. Protection- obfuscation provides protection against static and dynamic attacks, in turn raising the bar for the attacker, as the attacker requires extra time and resources to crack the obfuscated code. 4. Low cost- with the automation of various transformations and compatibility with the existing systems, the obfuscated code involves low maintenance cost and efficient use of resources. 5. Simple- the obfuscationtechniquesarecomparativelyeasy to apply and achieve security of confidential code. 4.1 Future Scope ๏‚ท Extending the idea to dynamically generate the maze: The algorithm that we have developed can be further used to generate the maze dynamically based on the level of complexity required by the code. ๏‚ท Using the Maze to obfuscate any kind of application/code: With our proposed approachweintendtoconvoluteany kind of web and/or android application and even made it compatible across multiple platforms. ๏‚ท Developing software for Digital Rights Management (DRM): Since the algorithm can be extended to implement access control by integrating various encryption techniques, our Maze can prevent piracy and be used in DRM. Thus, trying to control the usage, doing any modification, and distributing the copyrighted works (such as software and multimedia content), and also systems within devices that enforce such policies. ๏‚ท Extending the idea to be used in Intellectual Property (IP): It is prominent that the protection of intellectual properties is a critical issue for the vendors while capturing customers with new technologies, with new software is the aim of every software vendors, but to protect their new ideas they need copyright or patent. 5. CONCLUSION Our project successfully used the maze of code technique to implement obfuscation and hinder code analysis. Our proposed system processes any kind of java executablecode within the constraints convoluting it with considerable increment in compile time. Thus, our maze reduces the computational time making it cost and time efficient for it to be implemented in wide range of sectors, by any organization. REFERENCES [1] Patrick Schulz โ€“ Code Protection in Android. University of Bonn, Germany. 2012 [2] Marius Popa - Techniques of Program Code Obfuscation for Secure Software. Journal of Mobile, Embedded and Distributed Systems, vol. III, no. 4, 2011. [3] Matthew Karnik, Jefferey MacBride, SeanMcGinnis, Ying Tang, Ravi Ramachandran โ€“ A Qualitative analysis of Java Obfuscation. Proceedings of the 10th IASTED International Conference Software Engineering and Applications, Dallas, Texas,USA,November13-15,2006.
  • 6. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 04 | Apr 2019 www.irjet.net p-ISSN: 2395-0072 ยฉ 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3534 [4] Kirti Mathur, Saroj Hiranwal - A Survey on Techniques in Detection and Analyzing Malware Executables - http://www.ijarscsse.com/docs/papers/Volume_3/4_A pril2013/V3I4-0288.pdf [5] Jan Cappaert-Code Obfuscation Techniques forSoftware Protection - www.cosic.esat.kuleuven.be/publications/thesis- 199.pdf [6] Douglas Low โ€“ Java Control Flow Obfuscation http://www.cs.auckland.ac.nz/cthombor/Pubs/dlowthe sis.pdf [7] Arxan obfuscator system - https://www.arxan.com/resources/technology/app- code-obfuscation [8] Proguard Obfuscator system - https://www.guardsquare.com/en/products/proguar d [9] Allatori Obfuscator system -