archiveren

Tagarchief: gent

In this first part, in a series of posts, I want to talk about obfuscation.

This pretty hard to pronounce word actually means “the art to make things difficult”.
Google translates this word in Dutch as “verduisteren”, to darken/occult or something like that.

In the IT world, it’s a technique to make code or information unreadable by humans, which on its turn makes it almost impossible to analyse…

This can be done because of multiple reasons.

  1. a software developer doesn’t want his code to be read (think of RSA, iTunes’ DRM fairplay, copy protection like StarForce or SecuROM)
  2. virus writers trying to hide malicious code, making it harder detect by anti-virus software
  3. defense contractors making sure not a single terrorist can find a hole in mission control software of a missile

So, any programming language (or even hardware designs!) can be obfuscated (yep, even javascript).
It transforms your initial source code, to something.

A nice example.

void main(){
   string name="mendel";
   int age=24;
}

could make

void main(){
   string a = function1("mendel","24",1);
   int b = convert.toint32(function1("mendel","24",2));
}
string void function1(string a, int b, int c){
   if(c==1)
      return a;
   if(c==2)
      return b
}

(or something like that ^^)
The result is 100% the same, but the first part gives away a lot more information about what this function does.!

An even funnier example:

void function2()
{
   for(int i=0; i<5; i++)
   {
      if(i>3)
         x=4;
      else
         i++;
   }
}

which actually just sets the variable x=4;

The idea behind all this, is when you as a reader, analyse the code, you would not be able to figure out what is does 🙂
It just doesn’t make sense..

These obfuscation translations can go pretty far.
Take a look on the annual IOCCC contest, which results in really crazy stuff!

There are a lot of obfuscators written for IDE’s like visual studio (dotfuscator), java (proguard), and many, many others… All with one reason in mind: protect (or just hide) your code!
If you want to read more code obfuscation, this series is a very good start!
But you’ll find a whoooole lot more on google!

There is no actually reason for this post. But sometimes you come across this kind of code. And I wanted to share this out-of-your-mind subject with you 🙂
I just hope you’re as intrigued with it as I was when I first saw it 🙂

javascript code from the “runforestrun” infection

My first introduction with this subject was at Ghent University.
Next, I stumbled upon more obfuscated code when Stuxnet appeared.
After that,  a virus infected a website of a customer at work (screenshot above), also pretty weird.
And even more recently in a DLL originating from a WP7 app.

More on that dll later! 😉

Advertenties