Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Morphing Code to Prevent Reverse Engineering?

michael posted more than 10 years ago | from the not-as-think-as-you-easy-it-is dept.

Programming 507

ptolemu writes "Cringely's latest article discusses a new obfuscation technique currently being researched called PSCP (Program State Code Protection). An informative read that concludes with some interesting insight on the software giants that heavily depend on this kind of technology."

Sorry! There are no comments related to the filter you selected.

Advice please (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8341322)

Myself [] and my partner [] have for the last 13 years been doing our best to raise our adopted son in the fine traditions [] of GNU/Linux and free software. Imagine my horror when, upon arriving home early from work yesterday, I caught my boy touching himself while looking at pictures [] like this [] !

Further examination of his hard drive (made easy by the numerous exploits [] possible with the Linux kernel) we discovered references to a despicable non-GNU OS [] and other subversive material [] .

What should we do? How can we guide our boy away from filth like this [] and back to the true GNU way [] ?

-- Richard

do what i do (4, Funny)

theMerovingian (722983) | more than 10 years ago | (#8341337)

delete all the white space, and comment in Hungarian

Re:do what i do (5, Funny)

AntiOrganic (650691) | more than 10 years ago | (#8341363)

Just name all of your variables in Hungarian notation like Microsoft. No one will have any idea what the fuck is going on even if your entire source code leaks.

Re:do what i do (3, Funny)

Dark Lord Seth (584963) | more than 10 years ago | (#8341461)


Re:do what i do (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8341471)

Hey, just call me, I'll get what you want.
Your Hungarian friend
(Other famous Hungarians: the founder of Intel, and George Soros, you know, the guy who screwd the British currency and is working hard to get Mr. Bush to the white space out of the White Office.)

Security by obscurity (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8341534)

This is a problem only to closed source systems, GNU/Linux is free software, and thus there is nothing to reverse-engineer.

Another great thing about my GNU/Linux boxen (besides being free as in speach) is that they don't get virii and BSODs all the time like my roommates M$ Windows^H^H^H^Hblows. So its open *and* secure.

Re:do what i do (5, Funny)

kfg (145172) | more than 10 years ago | (#8341557)

Ok, I tried that. It really works.

In fact, it obfuscated my Python code so badly even the interpreter couldn't figure out what the hell it meant.

Maybe I need to improve my Hungarian.


Are folks really using obfuscation for Java? (5, Insightful)

tcopeland (32225) | more than 10 years ago | (#8341349)

I've done mostly server-side work where:

- the jar files were secure because they were on the server and
- bytecode optimization and jar size was the least of our problems

Obfuscation seems to be useful only for client-side Java applications that contains super-secret valuable algorithms. I mean, who cares if somebody decompiles your code to see how you did sortable JTables or whatever?

Re:Are folks really using obfuscation for Java? (2, Interesting)

Dukael_Mikakis (686324) | more than 10 years ago | (#8341446)

I agree. With my experience at a company that develops in Java, those that use Java become lethargic and lazy such that the actual code itself is typically very uninteresting (as Java does all of the "optimizations" that a developer in other languages could tool around with). Beyond that, most of the developers in my company are obsessed with performance because Java crushes our performance.

But then again, our software isn't on 90% of all computers or whatever, so I guess we're less worried about exploits.

Re:Are folks really using obfuscation for Java? (5, Interesting)

Tassach (137772) | more than 10 years ago | (#8341495)

Java works best as a server-side language; it's well suited to that role.

If you need a tamper-resistant client-side binary, don't use Java. It's that simple. A good engineer understands many different tools and selects the best one for the job.

Re:Are folks really using obfuscation for Java? (0)

Jackdaw Rookery (696327) | more than 10 years ago | (#8341538)

Yep, that was my thinking too. Does it matter if it's pretty standard java stuff?

It's not like this will stop anyone anyway, it would make the reverse engineering process longer that's all.

Just keep your uber secret java code server side, use your tools well.

Third Post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8341350)

Yes, I am the FAIL IT

My UK experience (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8341541)

I was recently to the UK and I discovered something startling.

UK negros actually have sort of class over there.

Unlike at home, they don't loiter in the streets drinking malt liquor, selling drugs, "pimping their hos" and settling scores with guns in "gangsta" fashion. In the UK they have jobs, they don't talk ebonics and treat you and each other with respect most of the time.

It was quite amazing. I was impressed. How did you make them so well-behaved?

Reverse engineering is not the problem (5, Insightful)

geoffspear (692508) | more than 10 years ago | (#8341352)

It's not the ability to reverse engineer code that creates security problems; if it was, open source code, which you don't even need to reverse engineer would be much less secure. The problem is just badly written code.

This technique might be interesting for stopping people from stealing your closed source code, but as far as security goes it's pretty much worthless. 99% of the vulnerabilities in MS's code were found before their code was leaked, and if you believe them, even the major exploit found after it was leaked had more to do with bad code than someone finding the existing problem by reading the code.

Re:Reverse engineering is not the problem (1)

chimpo13 (471212) | more than 10 years ago | (#8341415)

Where are you getting the 99%? I think with leaked code, it'll get worse.

Re:Reverse engineering is not the problem (5, Interesting)

meta-monkey (321000) | more than 10 years ago | (#8341435)

There are reasons beyond "theft" for wanting to obfuscate your code.

For instance, consider Quake. Quake is a great deal of fun, so long as everybody is playing fair. However, when somebody cracks the game and develops an aimbot (they're real), it's not fun anymore. Even if Quake were open source, some kind of run-time obfuscation would be great just to help prevent cheaters.

I recall reading about an exploit for Age of Empires (or was it Age of Kings...) where in a networked game, you could run a monitor program that would let you see what resources your opponent had. Then, by watching changes in their resource supply, you could guess what units they were building. That was automated for you, of course. "Ah, they keep spending 45 wood and 25 gold, they must be building archers! I should build cavalry."

Anyway, even when we're not talking about greedy corporations protecting their intellectual property rights, there are still good reasons for keeping what's going on in your program hidden from prying eyes.

Re:Reverse engineering is not the problem (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8341474)

Quake 1 and 2 are open source, dumbass.

Re:Reverse engineering is not the problem (1)

meta-monkey (321000) | more than 10 years ago | (#8341543)

they are now, that nobody plays them. They were most certainly not open source when they were released.

Re:Reverse engineering is not the problem (0)

Anonymous Coward | more than 10 years ago | (#8341546)

Actually, Quake3 is Open as well (Although not under a GPL style licence). All the game logic is available and can be modified (into these things called "Mods').

Re:Reverse engineering is not the problem (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8341436)

Two words:

"trade secrets".

If someone can reverse engineer a software DVD player, then he can reimplement it without paying for the trade secret from the DVD CCA. In addition, the implementation can leave out the no-skip "feature" and region coding, which are part of the deal when you buy the trade secret.

Re:Reverse engineering is not the problem (5, Insightful)

Dukael_Mikakis (686324) | more than 10 years ago | (#8341549)

It's just like the axiom about divorce that goes something like "It's not the fact that divorce is legal that's killing our marriages, it's the bad marriages that are causing so much divorce."

Because of the n millions of lines of code in Redmond it's certainly daunting to actually go through and make good code out of the mess, rather than the obscurity.

The fact that there's an open vulnerable port is a flaw, and the FIX is to make the port secure, rather than to shift its address every five seconds or whatever, which is only a Band-Aid.

MS is just lucky that the bulk of its customers don't truly know what's going on, otherwise the business model they have wouldn't work.

I.e. since I'm not a doctor, my doctor can prescribe whatever for me, or insist that I do whatever, and I'll take it as scripture. If what he recommends is the stupidest thing in the world, or he's blatantly a horrible doctor, I would have no idea and suffer the consequences. If I were also a doctor, though, I'd be able to call shenanigans the very second he did something wrong. That's why educating the consumer is the most crucial point of this whole issue.

Enough (4, Funny)

Tebriel (192168) | more than 10 years ago | (#8341356)

The code I write is obfuscated enough as it is. I'm my own anti-piracy mechanism.

Re:Enough (1)

Mick Ohrberg (744441) | more than 10 years ago | (#8341395)

I agree - I think it's hard enough to write non-obfuscated code, so why try to obfuscate it more [] ?

Re:Enough (5, Funny)

metlin (258108) | more than 10 years ago | (#8341400)

So you code in Perl too, eh?

Re:Enough (1)

Speare (84249) | more than 10 years ago | (#8341466)

My one and only attempt at writing obfuscated Perl: The Pentominos-Solving Quine [] .

Wonder Twins. (5, Funny)

Kenja (541830) | more than 10 years ago | (#8341359)

Wonder Twins power, ACTIVATE!

Form of, illegible code.
Shape of, encrypted executables.

Not sure where the monkey fits into all of this.

Re:Wonder Twins. (1, Funny)

Anonymous Coward | more than 10 years ago | (#8341413)

The monkey wrote the code, I think...

Re:Wonder Twins. (0)

Anonymous Coward | more than 10 years ago | (#8341427)

Not sure where the monkey fits into all of this.

That's the code monkey. He's the poor guy that has to write all that crap rather than something useful.

Re:Wonder Twins. (1)

DreadSpoon (653424) | more than 10 years ago | (#8341432)

Simple. The monkey *watches*. ;-) 06 -12&res=l

Re:Wonder Twins. (1)

Hentai (165906) | more than 10 years ago | (#8341536)

The monkey watches [] .

Mod Parent Redundant (0)

Mateito (746185) | more than 10 years ago | (#8341360)

After all, these nothing that these guys could come up with that ROT13 doesn't already do!

Won't work (4, Insightful)

sosume (680416) | more than 10 years ago | (#8341365)

It just won't work. Any code that can be run can be reverse engineered. So-called sophisticated coding techniques only lead to unreadable code..

Re:Won't work (0)

Anonymous Coward | more than 10 years ago | (#8341464)

How does this work relative to the GPL?

In other words, let's say I download the code to the linux router project, make some additions and enhancements for my proprietary hardware platform, and sell my product commercially.

Now the GPL forces me to release my source code. Fine. I'll release it, but I'll release the obfuscated source code. Is this legal?

Sure, it could be reverse engineered, but isn't the obfuscation a significant barrier to interested parties, and a violation in spirit of the GPL? Does the GPL prevent this tactic?

Re:Won't work (1, Interesting)

Anonymous Coward | more than 10 years ago | (#8341620)

The writers of the GPL anticipated your point and so the GPL specifies that the source must be presented in "the form preferred for making modifications" or something like that.

Re:Won't work (4, Insightful)

Chairboy (88841) | more than 10 years ago | (#8341469)

> So-called sophisticated coding techniques only lead to unreadable code..

That IS the point, I'm sure you realize.

Re:Won't work (1)

supersmike (563905) | more than 10 years ago | (#8341570)

I'm not a low-level guy, so I'm probably missing something here, but douldn't you have encrypted byte-code that get's decrypted on-the-fly or something? Or are you saying that the minute it gets translated into machine-executable code, there are ways to step-in and intercept that code?

Re:Won't work (5, Insightful)

jfengel (409917) | more than 10 years ago | (#8341575)

Sure, you can reverse engineer it. But is it worth the effort?

Most of the time it's not even worth reverse engineering unencrypted code, because it's really hard. There are open source projects that go undone because people don't want to expend the effort.

The trick is not to make it impossible, but to make it hard enough that it isn't done. That level is different for different projects, but it's always finite.

Re:Won't work (1)

Dukael_Mikakis (686324) | more than 10 years ago | (#8341601)

Yeah, it's like adding another lock on a door.

All you need to do is figure out the scheme that the obfuscator uses and reverse engineer that. Ad finitum.

MSFT (0)

Anonymous Coward | more than 10 years ago | (#8341368)

Microsoft doesn't need to do this. Windows source code is obfuscated enough.

Virii (0)

Anonymous Coward | more than 10 years ago | (#8341374)

I can smell the virus from here, and that wont be good.

Re:Virii (1)

Darken_Everseek (681296) | more than 10 years ago | (#8341558)

Thats an excellent point. What happens if someone writes a virus whose code is near-impossible to reverse engineer? Obviously, it'd take more than a script kiddie to pull it off, especially since the technique is patent-pending, but the possibility is interesting.

Reverse Engineering or Cracking? (1)

carlmenezes (204187) | more than 10 years ago | (#8341380)

Seems to me that they're more worried about software being cracked than being reverse engineered. Not sure how successful they'll be there.

Resource Waste (1)

Coaster-Sj (614973) | more than 10 years ago | (#8341386)

I could see this as useful on small sections of code. Doing this to an entire program would be a huge resource waste.

Re:Resource Waste (1)

October_30th (531777) | more than 10 years ago | (#8341412)

Doing this to an entire program would be a huge resource waste

Unless, of course, it gives you and your company that extra competetive edge.

OpenSource (1)

dnoyeb (547705) | more than 10 years ago | (#8341387)

Strikes me that OS does not have this issue.

Why would you want to prevent reverse engineering anyway? How hard could it be to just create the application from scratch? Likely much easier than reverse engineering.

And if its security, we know you do not get it by hiding the source...

Fail to see the need.

zzzzzzz (3, Insightful)

SparafucileMan (544171) | more than 10 years ago | (#8341391)

*shrug* You still have controll over the computer. Just load something of your own mnaking before your OS loads the obfusicator. Interrupt 13, anyone?

Re:zzzzzzz (0)

Anonymous Coward | more than 10 years ago | (#8341434)

It's not polite to interrupt, unless of course you're dealing with SmallTalk or have a Lisp.

Re:zzzzzzz (1)

BiggsTheCat (460227) | more than 10 years ago | (#8341615)

The obfuscator is not run on the client PC. It is run by the program's author. When the bytecode is shipped to you, it is already obfuscated.

easy to do (3, Funny)

Anonymous Coward | more than 10 years ago | (#8341405)

write really bad code. you don't see anyone reverse engineering Windows, do you?

Not enough eyes to make the bugs shallow... (4, Insightful)

bc90021 (43730) | more than 10 years ago | (#8341408)

The problem with Microsoft's code being readable is that there are only Microsoft people reading it. Half the time they wouldn't see the forest for the trees (since they are so involved with it all the time anyway), and the other half they would miss things that other people might pick up.

With Open Source, *everyone* gets to look at the code, so there any many eyes, and the bugs get shallower.

Re:Not enough eyes to make the bugs shallow... (1)

LordNimon (85072) | more than 10 years ago | (#8341565)

The problem with Microsoft's code being readable is that there are only Microsoft people reading it.

You make it sound as if all Microsoft developers belong to some kind of hive mind. Microsoft has quite a few software people working for them - a lot more than 99% of all open source projects.

Re:Not enough eyes to make the bugs shallow... (1)

El (94934) | more than 10 years ago | (#8341569)

I'm convinced that Microsoft must not practice peer review, so most of their code has only been seen by one pair of eyes. Any Microsofties lurking out their care to correct me on this?

It's ironic (5, Insightful)

Dukael_Mikakis (686324) | more than 10 years ago | (#8341409)

The medical profession deals with viruses by identifying our weaknesses, and exposing them to the viruses (the ultimate "reverse engineering"?). If there were a biological DMCA, developing vaccines would certainly violate it on the illegality of "hacking into the body".

With software, though, people still insist on trying hide and pretend as if there were no viruses out there and that we would be impervious to them.

Can we finally just open all of our code so we can vaccinate it against all these exploits?

Morphing code eh (2, Interesting)

Epyn (589398) | more than 10 years ago | (#8341414)

I seriously doubt this is anything special, just more code and more code to disguise the code that actually does something. I can't imagine you really CAN protect a program for instance, without completely screwing it up, performance loss etc. These companies should provide the kinds of services and support systems that make investing in their product viable. err yeah...

Isn't this just self-modifying code? (5, Insightful)

mveloso (325617) | more than 10 years ago | (#8341418)

This looks vaguely like self-modifying code, like back in the old days of copy protection.

The thing I don't understand about the article (and how it describes the PSCP process) is this: how will this make reverse engineering more difficult?

When you're starting to crack something, you work backwards from system calls, library calls, and known behaviors. "Known behaviors" are, well, patterns of code that people (or compilers) use to do things. Anyone good at low-level stuff can probably identify the compiler used to build the code. Likewise, if you think about something enough, you can probably figure out three or four ways to do something, and look for that pattern in the code.

PSCP prevents By making this process happens as the program runs? How else do you reverse engineer something?

Anyway, it sounds like this thing sits right before the .net runtime engine (or maybe it's loaded and spews bytecode to the runtime), then it can be removed...or the output intercepted. .

What am I not getting here?

Re:Isn't this just self-modifying code? (5, Informative)

pc-0x90 (547757) | more than 10 years ago | (#8341551)

Java (and subsequently .Net) bytecode made a reverse engineer's life a bit easier on a whole, because of the way it could be decompiled into source that was extremely similar to the original. All this seems like it would do, is remove that benefit and cause the reverse engineer to approach it the same old way one would approach a compiled C program (as you described, with a debugger and hooks on syscalls). Or bust out a new type of disassembler to emulate traces, and dump that to an assembly listing. But you're right, it's not really that mind blowing if the reverse engineer has worked on non-java/ binaries before.

Re:Isn't this just self-modifying code? (4, Interesting)

El (94934) | more than 10 years ago | (#8341625)

It makes reverse engineering more difficult because you can't disassemble the whole program at once, only the currently running portion. And you don't know what the boundaries between the currently running portion and the obfuscated byte codes are. However, if you just TRACE the running code, you should get a pretty good idea of how it executes under normal operation -- it's not like the actual algorithm changes every iteration. Granted, you probably won't know how it handles most exceptions and boundary conditions, but who cares?

Just write it Perl. (-1, Troll)

pantherace (165052) | more than 10 years ago | (#8341420)

Or leet, they look equally unintelligible at first glance.

Just need to tap the Analog Out... (5, Insightful)

Speare (84249) | more than 10 years ago | (#8341422)

Just like all the hubbub over proprietary signal encryption to "protect" digital audio streams, all you need here would be the CPU-equivalent of the old Analog Out jack.

Break it down to the Universal Turing Machine and tape analogy. The program code is the tape, and the state of the machine is in the tape-executing device. If the tape were to somehow morph itself dynamically, and yet execute properly by morphing to a well-designed program at the moment it is read for execution, all you have to do is to watch the read/write head of the UTM itself.

If they find ways to monkey around with bytecodes so that they're shifted around between disk and executor, just run it with a special version of the executor. Shouldn't be hard... the standard for what the unencrypted bytecodes are capable of accomplishing are standardized. Execute the code once, and take "notes" of what is being accomplished. Run through a code coverage test suite, even a crude black-box analysis, and you should get an unscrambled bytecode equivalent.

It just doesn't make sense. If obfuscation, i.e. obscurity, is your only security, it is no security at all.

Wow (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8341424)

Cringely has really outdone himself that time. I can't even follow this poorly thought out mess. He seems to totally misunderstand every single concept he touches on.

Compilation to bytecode and an "interpreted language" are NOT THE SAME THING. Both the CLR and a compiled java class are effectively machine code for a machine that doesn't exist. These abstract machines have machine code that reveal *MORE* information to a disassembler/reverse engineer than, say, x86 or PPC assembly, but it is still far, far from being code. This is reaction one that I have. The rest of the article is so confused I don't even know how to respond to it.

Reverse Engineering is Good (4, Insightful)

Jacek Poplawski (223457) | more than 10 years ago | (#8341428)

Reverse engineering is good, and each coder should try it. This is the way to learn how someone else code is working, when that code is closed source. I don't think you can fool experienced assembler code with messing code around.
Think about R.E. like about game. It's like cracking, but it's good. And it's about creating, not about destroying.

the dark side (5, Interesting)

musikit (716987) | more than 10 years ago | (#8341437)

how come for every new technology that comes out that is suppose to "secure" us i can think of a way it can be used "malicously"

ex. I write YourDoom.A and i write it using this new code morphing obfuscator. how exactly are Anti-virus programs 1. suppose to remove this? 2. identify this?

Given the numberous amount of VB/Outlook bugs and considering that .NET is so "young" can't you see this used for creating a perpetual virus that can't be removed? you wouldn't even be able to ID the bug that caused this to virus to run itself.

Bah (1, Interesting)

Anonymous Coward | more than 10 years ago | (#8341595)

It's not like no one's ever written a virus before that included obfuscation through self-modifying binary code. The major virus companies already have techniques for identifying and working with such viruses. Those companies that don't already have such techniques are selling products that don't work. :P

Second off, code obfuscators aren't magic. You can always still tell what's happening. It just takes longer and more effort.

Couldn't this be applied to P2P? (3, Interesting)

Didion Sprague (615213) | more than 10 years ago | (#8341441)

I don't know the answer to what I'm about to ask. I'm a writer, not a programmer, but as I was reading Cringley's column -- especially toward the end when he talks about how PSCP can be used in DRM to really (really, really) obfuscate a watermark -- I got to thinking: couldn't this theory of PSCP be used to further obscure (or encrypt -- whatever you want to call it) P2P networking?

And maybe this is already being done -- or maybe this is just pure stupidity on my part for asking the question -- but couldn't this sort of "morph-as-you-go" theory be used to obfuscate -- and essentially hide -- a network path used to get (or put) a piece of data? Kinda like BitTorrent -- but in a much more severe, much more shifty way? You getting the data -- eventually -- and you're both downloading and uploading as you go -- but the paths through which your current bit of data is being retrieved are both unknown until you visit it and obscured once you leave it?

virus writers dream (3, Insightful)

chammel (19734) | more than 10 years ago | (#8341443)

Once the virus writers get a hold of this viruses will be much harder to catch, unless anti-virus writers start looking more for virus-like activity.

The PBS article was bunk (0)

Anonymous Coward | more than 10 years ago | (#8341445)

The author of the PBS article didn't, even remotly, understand what he was talking about. There were several invalid statements, some stupid assumptions, some just wrong. How about some REAL research every once in a while before we go spouting off more garbage into the net.

Recompilers. (1)

xC0000005 (715810) | more than 10 years ago | (#8341451)

As I recall, Sierra games had a recompiler that screwed the code quite badly to make it hard to hack.

performance (5, Insightful)

happyfrogcow (708359) | more than 10 years ago | (#8341452)

When a computer program runs, the computer can follow millions of paths to get the job done. We leverage those millions of paths and transform them into billions of paths instead

Millions of paths implies some sort of jump instruction, whether or not that translates to millions of function calls, i don't know. assume it does. then instead of making millions of function calls, your making billions of function calls. Going from millions to billions is a large step, bigger than just swapping an "m" for a "b" in marketingspeak. So are they planning on passing this performance hit to the legitimate consumer? No thanks, I'll take my Free source code and like it.

Woohoo, Euclid Ohio! (1)

kisrael (134664) | more than 10 years ago | (#8341454)

Went to high school in Euclid. Not hard to find, 'cause it's nestled up to Cleveland. (yeah yeah, 'just follow the river that's on fire' har har)

So basically, this stuff doesn't affect the original source code or, for that matter, the final running binary code, just the intermediate bytecode, which is what actually gets shipped and then JIT compiled to binary? Huh.

Re:Woohoo, Euclid Ohio! (0)

Anonymous Coward | more than 10 years ago | (#8341527)

I actually looked at applying there, but it's too far north == too cold for me. Cleveburg sucks.

Bullshit article (0)

Anonymous Coward | more than 10 years ago | (#8341465)

If the written code is secure, all the .Net manifests in the world aren't going to allow someone to break in. All the open source arguments say having access to source makes code more secure. Having access to .Net manifests should allow the similar things. This obfuscation makes it more likely unsecured code won't be detected.

Right. (1)

El (94934) | more than 10 years ago | (#8341477)

Self-modifying code will be much more reliable, and easier to debug! Cringely may not own PreEmptive stock, but I don't beleive for one second that he isn't getting some sort of renumeration from them. Here's an idea -- why doesn't the EFF or FSF patent security through obscurity, thus forcing all software vendors to implement REAL security?

A few stray thoughts... (0)

Anonymous Coward | more than 10 years ago | (#8341485)

1) We've seen this before. Self-modifying code, code which is encrypted until just before it is run, etc.

2) This should make for some fun viruses, too. They're almost always ahead of the curve, at least in the concept viruses (thankfully, the really evil viruses rarely seem to get released). No, the algorithm being patented would not stop them from using it, sorry.

3) These schemes usually get broken. I simply don't have enough information on this to analyze its weaknesses, but in general, there is probably a way to reverse it.

I wonder if +ORC is still around... ? He might have retired by now, for all I know. May have to ask Fravia or someone...

Is it still Thursday? (0)

Anonymous Coward | more than 10 years ago | (#8341501)

Wasn't there a story about a related technology yesterday [] ?

Program State Code Protection (0)

zz99 (742545) | more than 10 years ago | (#8341506)

I tried googling for Program State Code Protection

*hmm* The closest thing I found was:

West Virginia State Code - Farmland Protection Program []

The govenment use almost the same words already... I guess it will turn out that Al Gore invented this thing too... not just the interweb thingy :)

Anti-virus software and heuristics (5, Interesting)

warlockgs (593818) | more than 10 years ago | (#8341508)

Would code that was changing itself while running (polymorphic) be nailed by a heuristically-scanning anti-virus program? I would hate to de3velop something, and then all of a sudden get seriously bad press for releasing what seems to act like a virus. Just food for thought.

pscp? (0)

Anonymous Coward | more than 10 years ago | (#8341509)

hope they dont go after the programmer of putty for creating a scp program called pscp

Ahhh, it makes sense now... (1) (583077) | more than 10 years ago | (#8341510)

... obfuscation! That's why the Windows 2000 source looked so messed up.


Very flawed article.. (1)

CharAznable (702598) | more than 10 years ago | (#8341512)

His whole premise is flawed.. he implies that recent security issues with Microsoft software are due to the fact that you can read the source code of .NET programs... as if Windows and IE were written in .NET... What about open source then?

And he's humble, too! (0)

Anonymous Coward | more than 10 years ago | (#8341514)

This seems obvious to me, but I'm usually two years ahead of events. Hey Cringely, time distortion and delusions of grandeur are usually symptoms of drug abuse... what are you on? Crack?

More bloat. (1)

walkerIV (754681) | more than 10 years ago | (#8341518)

Here it is, the killer-app of the 21st century. Need a reason to make people upgrade? Just built a run time morpher in the code. Use that Hyper threading for something useful. And then we can just layer them on top of one another, right. Add another morpher on a morpher and a new version of windows is ready. Like it can't already confuse itself to death.

Virtual Machine? (0)

Anonymous Coward | more than 10 years ago | (#8341521)

So the code is hard to figure out until it's actually executed?

So you run it in a virtual machine and trace its execution, right?

Then it's just a 'simple' matter of disassembling it (If you're good with assembly :)

Or am I missing something?

Re:Virtual Machine? (1, Informative)

Anonymous Coward | more than 10 years ago | (#8341584)

There's an already excellent virtual machine debugger used for exactly this purpose by a few crackers.

Self-modifying code is ENTIRELY obsolete. Has been for ten years. Sorry.

Great. (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8341535)

So legitimate software is going to take on the functionality that virus software has been using for years? And companies are patenting these techniques as if they are somehow new? Virus writers are the true innovators here. They pioneered the infamous Mutation Engine. I would consider off the shelf software that used those techniques innovative, in fact I find it creepy. Honestly, if the time wasted trying to protect so-called intellectual property was used instead to invent things to simplify our lives, we (as in humanity) would be better off.

Renaming all the variables `a' (1)

R.Caley (126968) | more than 10 years ago | (#8341537)

Er, yeah. Given that the writer seems to think that makes sense, I wouldn't trust anything he writes. Ever.

Top 12 Things A Klingon Programmer Would Say (3, Funny)

dnahelix (598670) | more than 10 years ago | (#8341544)

Top 12 Things A Klingon Programmer Would Say

  1. 12. Specifications are for the weak and timid!

  2. 11. This machine is a piece of GAGH! I need dual
    processors if I am to do battle with this code!

    10. You cannot really appreciate Dilbert unless you've read
    it in the original Klingon.

    9. Indentation?! -- I will show you how to indent
    when I indent your skull!

    8. What is this talk of 'release'? Klingons do not make
    software 'releases'. Our software 'escapes' leaving a bloody
    trail of designers and quality assurance people in its wake.

    7. Klingon function calls do not have 'parameters' -- they
    have 'arguments' -- and they ALWAYS WIN THEM.

    6. Debugging? Klingons do not debug. Our software
    does not coddle the weak.

    5. I have challenged the entire quality assurance
    team to a Bat-Leth contest. They will not concern us again.

    4. A TRUE Klingon Warrior does not comment his code!

    3. By filing this SPR you have challenged the honor
    of my family. Prepare to die!

    2. You question the worthiness of my code? I should
    kill you where you stand!

    1. Our users will know fear and cower before our software.
    Ship it! Ship it, and let them flee like the dogs they are!

pah! (2, Funny)

openSoar (89599) | more than 10 years ago | (#8341553)

i always write obfuscated code by default - goddamit! if it was hard to write, it should be hard to read

"Objective review?" (1, Interesting)

Homology (639438) | more than 10 years ago | (#8341567)

What a glowing article of a product from PreEmptive!

It is, of course, very reassuring to know that :

Understand that, as always, I have no stock in PreEmptive, I just like these people.

Beeing a bit cynical, I find the article more like a sales plug than a journalistic piece.

I can see a market for this. (5, Insightful)

nicophonica (660859) | more than 10 years ago | (#8341572)

I have worked on a couple of projects where the 'higher ups' (COO, CEO) were obsessed with the value of the intellectual property that their code represented. Woe be to the developer that tried to explain to them that their code was crap, written by team of programmers obviously just learning learning VB and trying to write it like a dumbed down version of Java. Most of programming was developing solutions to straight forward programming problems, which they still implemented in nearly the worst possible way.

Yet, I have no doubt that if someone came up to them and warned them about the dangers of IP theft and showed them this solution, they would bite.

If they really wanted to do maximum damage to their competition they should have just released the source code and hoped their competitors tried to used that as guidance.

There are probably some rare instances when a specialized software technique is developed and you want to keep its implementation specifics secret. I have yet to run into a single instance of this after many years in the industry.

Prior art? (1)

Zakabog (603757) | more than 10 years ago | (#8341573)

Isn't their a site that focuses on writing obfuscated code? It's just humor but wouldn't that count as prior art to any patents?

And how would those "Watermarks" help in open source. If you have this change all the variables to some names that don't make sense unless you're looking for the watermark. But wouldn't that make the code so much harder to read? And wouldn't that be VERY BAD for open source?

The software arms race. (5, Insightful)

kyz (225372) | more than 10 years ago | (#8341580)

There is nothing new under the sun. These Java and .NET obfuscators are just the same old anti-SoftICE sections, which were just the same old Amiga/Atari copylocks, which were just the same Spectrum/C64 turboloaders, and so on.

Every single one of these is broken. Almost all good programmers are capable of deciphering the standardised, retail-boxed algorithm used for the obfuscation, and can easily un-obfuscate it. Are all the Java variables named "a"? Diddums! You don't have a Java decompiler with the option to ignore that simple tweak.

All that matters is:

1) How important is the code behind the obfuscation?

2) How much time and effort is the reverse engineer willing to spend?

If you use a company's retail-box obfuscator, anyone with the "'Brand X obfuscator' deobfuscator v1.0" can get straight at your code. It's a technological arms race, nothing more.

Reproducing Production Bugs... (2, Interesting)

joekampf (715059) | more than 10 years ago | (#8341586)

This is gonna make reproducing production bugs a bitch. Well which path did they take. What will this do to multithread debuging? UG! Besides Security by Obscurity is no Security at all.

Disagreements with the Premise (5, Insightful)

no soup for you (607826) | more than 10 years ago | (#8341592)

I don't love microsoft, but I think this article makes several claims without backing them up or offering any explanation as to their merits. Such as:

  1. .NET, on the other hand, is Microsoft's chosen successor to Visual BASIC, and effectively exposes source code at the very heart of Microsoft consumer and enterprise applications.
  2. If .NET is Such a Security Nightmare (It Is)...

And "You can write a program in C# or Visual Basic.NET." while factually accurate, ignores Delphi.NET, C++ managed code using the CRL, and other implementations of the CRL (COBOL, etc).

I think the basic premise of the article, where if someone is using your objects it is obviously a bad thing/security breach, is flawed. If you need to secure your objects, SECURE them! Seal them, see who is calling you, etc.

Lastly, As shown by previous posts, Obfuscation is not the end-all panacea to security. In my opinion, it's barely a detour. Otherwise, Open Source literally could not be secure.

Just one question (4, Insightful)

carlmenezes (204187) | more than 10 years ago | (#8341593)

Seems to me that stuff like this would make it quite difficult to debug once an application has been released - also, how would things like a memory dump on application crash help to debug anything here?

Obscurity generation... (3, Informative)

zz99 (742545) | more than 10 years ago | (#8341604)

I have found that most code generation tools (the kind you program boubles and arrows in, like this one [] ) will give you C code that looks like it's been obscurified on purpose.
E.g. all states and variables are in an array called n[][] and the program is basically a big loop.

Quite impossible to know whats going on

Two completely different issues (4, Insightful)

BlueFall (141123) | more than 10 years ago | (#8341612)

It sounds to me like the author of the article is talking about two completely different issues. The first is code decompilation and static obfuscation. The second is about runtime obfuscation.

In theory, if you don't run the binary you have, you don't need to worry about it modifying itself. The same techniques that work on obfuscated byte code now should work on the the binary. Now if you were trying to reverse engineer a program by running it and tracing it, that's where PSCP seems like it would help.

Finally... (1)

gmaestro (316742) | more than 10 years ago | (#8341622)

Now I can distribute my patented "Hello, World" application (note the comma) without fear of infringement.

Just hire that guy from the movie Paycheck (1)

wmt (670536) | more than 10 years ago | (#8341623)

Nothin can stop Ben Affleck as Michael Jennings, the "best reverse engineer there is."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?