Obfuscation thesis September 5, 2017 - …

Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. ... We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC0). We also rule out several potential applications of obfuscators, by constructing "unobfuscatable" signature schemes, encryption schemes, and pseudorandom function families.

The International Obfuscated C Code Contest

It is therefore interesting to see which techniques that are implemented in the .NET obfuscators.

International Obfuscated C Code Contest ..

He also wrote a floating point package for the apple. At the time not all 6502's had an unconditional branch which meant that Woz used conditional branches even when one was not needed. This single "feature" obfuscated the sources almost to the point of almost being unreadable.

The Obfuscation Executive | SpringerLink

> That said, unobfuscation can never be perfect: Equivalence of programs > is undecidable, so it is in theory possible to make a program so > obfuscated that no automatic process can recover the original.


Thesis : Java based obfuscation tool for Java programs

A classification of the different obfuscation techniques is therefore given to sort out which techniques that can be viewed as reversible and which are one-way.One thing that is lacking in numerous papers about obfuscation is the actual process of reversing obfuscation techniques.

Code Obfuscation using Code Splitting with Self …

Another issue in this thesis is therefore to look at the techniques used by the obfuscators and investigate if there are techniques which are vulnerable to reverse engineering.

Code (De)Obfuscation (PDF Download Available)

Also nice are vararg-type subroutine parameters inlined after the call statement, so that the location of the next statement after the call is unknown. Even worse when multiple possible return adresses (jump tables) are part of these parameters. Such obfuscation requires to decode and emulate the called subroutine, before the location of the next statement is known.

This thesis focuses on a technique known as obfuscation

>> In practice such interruptions of the control flow make automatic
>> disassembling almost impossible. Instead a good *interactive*
>> disassembler is required (as I was writing when I came across above
>> tricks), and time consuming manual intervention and analysis is
>> required with almost every break in the control flow. The mix of data
>> and instructions not only makes it impossible to generate an assembler
>> listing, but also hides the use of memory locations (variables or
>> constants), with pointers embedded in the inlined parameter
>> blocks. Now tell me how a decompiler or other analysis tool should
>> deal with such constructs, when already the automatic separation of
>> code and data is impossible.
>
> Using jump tables and the like is, indeed, going to make unobfuscation
> hard. Especially if the tables change dynamically.

Attacks on the Fiat-Shamir Paradigm and Program Obfuscation ..

But what if you know the obfuscation method? Assuming that the obfuscation method is polynomic, deobfuscation is at worst NP-hard, so it is decidable. But it can be so intractable that it doesn't matter.

Clarifying Obfuscation: Improving the Security of White-Box DES.

That said, unobfuscation can never be perfect: Equivalence of programs is undecidable, so it is in theory possible to make a program so obfuscated that no automatic process can recover the original.