|As the sophistication of object oriented languages, like Java, Python and the .NET languages, continue to increase more and more applications are developed in these languages. Java byte code
(which is executed by the Java Virtual Machine) in particular maintains a great deal of code structure similarity with the original source code. .NET languages that include C#, VB.NET, J#)
all compile to MSIL (Microsoft Intermediate Language) which in turn is converted into PE (Portable Executable) files. However, MSIL is very easily understood and Microsoft bundles a tool
called ILDASM (IL Disassembler) that converts PE code into IL code. There are also many decompilers that convert IL code back into one of the .NET languages. As a result, it is extremely hard
for a developer to hide proprietary algorithms, data structures and may be infeasible to prevent reverse engineering of an application.
Encryption, software guards, program fragmentation and obfuscation are all techniques that can be used to protect software. Obfuscation is the process of making software more difficult to
understand and as a result harder to reverse engineer or tamper. In reality, a good obfuscation transformation, should extend the time required to understand the underlying functionality of
the software and make it substantially harder in resources and time for the software to be reverse engineered.
Our work in obfuscation began with the obfuscation of Java Programs utilizing three techniques called Class Coalescing, Class Splitting and Type Hiding. The class coalescing obfuscation
replaces several classes with a single The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality
of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program.
We then proceeded to enhance the above obfuscations by describing techniques to remove other key components of object oriented languages like inheritance and polymorphism. Currently our
research is focusing on determining the key basic elements of any language that are required to reverse engineer a program and developing
obfuscation techniques that would allow us to hide these elements (or prove if this is even feasible). We are currently also attempting to prevent the reverse engineering of programs in order
to bypass license checks by using obfuscation. Finally, we are also working on better ways to evaluate and measure the effectiveness of current and future obfuscations as the techniques
currently provided are not good indicators into the quality of the obfuscations.
Participants:Anandabrata "Pasha" Pal
- N. Memon, M. Sosonkin and G. Naumovich. Obfuscation of Design Intent in Object-Oriented Applications. Digital Rights Management Workshop, Washington DC, October 2003.
Back to Projects