- 6 Further Reading
- Execution can be prevented within a debugger. This may stop easy inspection and probing.
- Execution can be prevented if the app is tampered with in any way. This may hinder probing and theft.
- Execution can be limited to a certain time range. This may be useful for demos.
- Execution can be limited to running from a specified domain. This may prevent someone from easily copying and reusing it.
Obfuscators typically perform standard minification techniques, but might also apply additional renaming techniques that can further reduce the size of the app. If an obfuscator stopped there, it would match or beat a minifier in size reduction. However, many of its other protection and self-defending transforms add code, so overall it may or may not reduce the size of your original app depending on your configuration options.
Java or .NET -> Compiler -> Executable -> Obfuscator & Protector -> Protected Executable
- Does it contain code you don't want competitors to copy or steal?
- Would an attacker want to bypass some of your checks or actively look for vulnerabilities?
- Is there a risk that the code might be modified to serve malware, enable phishing, etc.?
For a more comprehensive look at these attack vectors see:
- Renaming changes the name of identifiers making them much harder for a human to read. The new names can follow different schemes like "a", "b", "c", or unprintable characters. Names may be used multiple times in a scope by using function overloading. Renaming is a basic technique used by almost every obfuscator.
- Control Flow Obfuscationcreates conditional, branching, and iterative constructs that produce valid executable logic, but are much harder for humans to understand.
- String Encryption encodes string literals in the source code, and adds logic to decode them when needed. This removes clues that attackers and tools use to understand the code when performing static analysis.
- Integer and Boolean Transformations transforms integer and Boolean literals into equivalent expressions that are harder to statically analyze and understand.
- Dummy Code Insertion inserts code that does not affect the program’s logic, but makes the code much harder to analyze.
- PropertyIndirection changes direct property access to indirect property access making it harder to follow code execution. This also allows property names to be encoded.
- DateLock allows the code to only run in a certain date range. If the current date is not in that range the code will fail to execute properly.
- Self-Defending Functions wraps code to observe if a function’s body has been altered in any way. If it has, then the code will fail to execute properly.
- Debugger Detection prevents the code from running when a debugger is active. If the code detects that it is running inside a debugger, it will stop running.