In software development, obfuscation is the act of creating

source Source may refer to: Research * Historical document * Historical source * Source (intelligence) or sub source, typically a confidential provider of non open-source intelligence * Source (journalism), a person, publication, publishing institute o ...

machine code In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a ve ...

that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (

security through obscurity Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. History An early opponent of security through o ...

) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.

Overview

The architecture and characteristics of some languages may make them easier to obfuscate than others. C,

C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...

, and the

Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offic ...

programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming ...

are some examples of languages easy to obfuscate.

Haskell Haskell () is a general-purpose, statically-typed, purely functional programming language with type inference and lazy evaluation. Designed for teaching, research and industrial applications, Haskell has pioneered a number of programming lan ...

is also quite obfuscatable despite being quite different in structure. The properties that make a language obfuscatable are not immediately obvious.

Recreational obfuscation

Writing and reading obfuscated source code can be a

brain teaser A brain teaser is a form of puzzle that requires thought to solve. It often requires thinking in unconventional ways with given constraints in mind; sometimes it also involves lateral thinking. Logic puzzles and riddles are specific types of ...

. A number of programming contests reward the most creatively obfuscated code, such as the

International Obfuscated C Code Contest The International Obfuscated C Code Contest (abbreviated IOCCC) is a computer programming contest for the most creatively obfuscated C code. Held annually, it is described as "celebrating 'ssyntactical opaqueness". The winning code for the 27t ...

and the Obfuscated Perl Contest. Types of obfuscations include simple keyword substitution, use or non-use of whitespace to create artistic effects, and self-generating or heavily compressed programs. According to Nick Montfort, techniques may include: # naming obfuscation, which includes naming variables in a meaningless or deceptive way; # data/code/comment confusion, which includes making some actual code look like comments or confusing syntax with data; # double coding, which can be displaying code in poetry form or interesting shapes. Short obfuscated

programs may be used in

signatures A signature (; from la, signare, "to sign") is a handwritten (and often stylized) depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and intent. The writer of a ...

of Perl programmers. These are JAPHs (" Just another Perl hacker").

Examples

* Some

Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...

examples can be found in th
official Python programming FAQ
and elsewhere. * The ''movfuscator'' C

compiler In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs tha ...

for the x86_32 ISA uses only the ''mov'' instruction in order to obfuscate

Disadvantages of obfuscation

* While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible. * It adds time and complexity to the build process for the developers. * It can make debugging issues after the software has been obfuscated extremely difficult. * Once code becomes

abandonware Abandonware is a product, typically software, ignored by its owner and manufacturer, and for which no official support is available. Within an intellectual rights contextual background, abandonware is a software (or hardware) sub-case of the ...

and is no longer maintained, hobbyists may want to maintain the program, add mods, or understand it better. Obfuscation makes it hard for end users to do useful things with the code. * Certain kinds of obfuscation (i.e. code that isn't just a local binary and downloads mini binaries from a web server as needed) can degrade performance and/or require Internet.

Decompilers

decompiler A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level l ...

can reverse-engineer source code from an executable or library. Decompilation is sometimes called a man-at-the-end attack, based on the traditional cryptographic attack known as "

man-in-the-middle In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

". It puts source code in the hands of the user, although this source code is often difficult to read. The source code is likely to have random function and variable names, incorrect variable types, and use different logic than the original source code (due to compiler optimizations).

Cryptographic obfuscation

Cryptographers This is a list of cryptographers. Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Pre twentieth century * Al-Khalil ibn Ahmad al-Farahidi: wrote a (now lost) book ...

have explored the idea of obfuscating code so that reverse-engineering the code is ''cryptographically'' hard. This is formalized in the many proposals for

indistinguishability obfuscation In cryptography, indistinguishability obfuscation (abbreviated IO or iO) is a type of software obfuscation with the defining property that obfuscating any two programs that compute the same mathematical function results in programs that cannot b ...

, a cryptographic primitive that, if possible to build securely, would allow one to construct many other kinds of cryptography, including completely novel types that no one knows how to make. (A stronger notion,

black-box obfuscation In cryptography, black-box obfuscation was a proposed cryptographic primitive which would allow a computer program to be obfuscated in a way such that it was impossible to determine anything about it except its input and output behavior. Black-bo ...

, was shown impossible in 2001 when researchers constructed programs that cannot be obfuscated in this notion.)

Notifying users of obfuscated code

Some anti-virus softwares, such as

AVG AntiVirus AVG AntiVirus (previously known as AVG, an abbreviation of Anti-Virus Guard) is a line of antivirus software developed by AVG Technologies, a subsidiary of Avast, a part of Gen Digital. It is available for Windows, macOS and Android. Hist ...

, will also alert their users when they land on a website with code that is manually obfuscated, as one of the purposes of obfuscation can be to hide malicious code. However, some developers may employ code obfuscation for the purpose of reducing file size or increasing security. The average user may not expect their antivirus software to provide alerts about an otherwise harmless piece of code, especially from trusted corporations, so such a feature may actually deter users from using legitimate software. Mozilla and Google disallow browser extensions containing obfuscated code in their add-ons store.

Obfuscating software

A variety of tools exist to perform or assist with code obfuscation. These include experimental research tools created by academics, hobbyist tools, commercial products written by professionals, and

open-source software Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Op ...

. Deobfuscation tools also exist that attempt to perform the reverse transformation. Although the majority of commercial obfuscation solutions work by transforming either program source code, or platform-independent bytecode as used by Java and .NET, there are also some that work directly on compiled binaries.

Obfuscation and copyleft licenses

There has been debate on whether it is illegal to skirt

copyleft Copyleft is the legal technique of granting certain freedoms over copies of copyrighted works with the requirement that the same rights be preserved in derivative works. In this sense, ''freedoms'' refers to the use of the work for any purpose ...

software licenses A software license is a legal instrument (usually by way of contract law, with or without printed material) governing the use or redistribution of software. Under United States copyright law, all software is copyright protected, in both source c ...

by releasing source code in obfuscated form, such as in cases in which the author is less willing to make the source code available. The issue is addressed in the

GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general ...

by requiring the "preferred form for making modifications" to be made available. The GNU website states "Obfuscated 'source code' is not real source code and does not count as source code."

Notes

References

* Seyyedhamzeh, Javad
ABCME: A Novel Metamorphic Engine
17th National Computer Conference, Sharif University of Technology, Tehran, Iran, 2012. *B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang
"On the (Im)possibility of Obfuscating Programs"
''21st Annual International Cryptology Conference'', Santa Barbara, California, USA. Springer Verlag LNCS Volume 2139, 2001. *

External links

The International Obfuscated C Code Contest
ACM Crossroads, Spring 1998 issue

* * c2:BlackBoxComputation {{DEFAULTSORT:Obfuscated Code Anti-patterns Articles with example C code Obfuscation Source code Program transformation es:Ofuscación#Informática